Windows
Analysis Report
Drawing specification and June PO #07329.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
Drawing specification and June PO #07329.exe (PID: 1372 cmdline:
"C:\Users\ user\Deskt op\Drawing specifica tion and J une PO #07 329.exe" MD5: D9B0EE244191E7FCE879415F619E88C5) cmd.exe (PID: 6704 cmdline:
"cmd" /c p ing 127.0. 0.1 -n 38 > nul && c opy "C:\Us ers\user\D esktop\Dra wing speci fication a nd June PO #07329.ex e" "C:\Use rs\user\Ap pData\Roam ing\Micros oft\Window s\Start Me nu\Program s\Startup\ file.exe" && ping 12 7.0.0.1 -n 38 > nul && "C:\Use rs\user\Ap pData\Roam ing\Micros oft\Window s\Start Me nu\Program s\Startup\ file.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) conhost.exe (PID: 5588 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) PING.EXE (PID: 3200 cmdline:
ping 127.0 .0.1 -n 38 MD5: B3624DD758CCECF93A1226CEF252CA12) PING.EXE (PID: 6996 cmdline:
ping 127.0 .0.1 -n 38 MD5: B3624DD758CCECF93A1226CEF252CA12) file.exe (PID: 6524 cmdline:
"C:\Users\ user\AppDa ta\Roaming \Microsoft \Windows\S tart Menu\ Programs\S tartup\fil e.exe" MD5: D9B0EE244191E7FCE879415F619E88C5) InstallUtil.exe (PID: 5248 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Ins tallUtil.e xe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57) InstallUtil.exe (PID: 1404 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Ins tallUtil.e xe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
file.exe (PID: 4052 cmdline:
"C:\Users\ user\AppDa ta\Roaming \Microsoft \Windows\S tart Menu\ Programs\S tartup\fil e.exe" MD5: D9B0EE244191E7FCE879415F619E88C5) InstallUtil.exe (PID: 5928 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Ins tallUtil.e xe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Agent Tesla, AgentTesla | A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel. |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
DarkTortilla | DarkTortilla is a complex and highly configurable .NET-based crypter that has possibly been active since at least August 2015. It typically delivers popular information stealers and remote access trojans (RATs) such as AgentTesla, AsyncRat, NanoCore, and RedLine. While it appears to primarily deliver commodity malware, Secureworks Counter Threat Unit (CTU) researchers identified DarkTortilla samples delivering targeted payloads such as Cobalt Strike and Metasploit. It can also deliver "addon packages" such as additional malicious payloads, benign decoy documents, and executables. It features robust anti-analysis and anti-tamper controls that can make detection, analysis, and eradication challenging.From January 2021 through May 2022, an average of 93 unique DarkTortilla samples per week were uploaded to the VirusTotal analysis service. Code similarities suggest possible links between DarkTortilla and other malware: a crypter operated by the RATs Crew threat group, which was active between 2008 and 2012, and the Gameloader malware that emerged in 2021. | No Attribution |
{"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.privateemail.com", "Username": "pin@hm-heating-de.icu", "Password": "mGr{)g5TVG3j"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_DarkTortilla | Yara detected DarkTortilla Crypter | Joe Security | ||
JoeSecurity_DarkTortilla | Yara detected DarkTortilla Crypter | Joe Security | ||
JoeSecurity_DarkTortilla | Yara detected DarkTortilla Crypter | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 31 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_DarkTortilla | Yara detected DarkTortilla Crypter | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID | Detects executables referencing Windows vault credential objects. Observed in infostealers | ditekSHen |
| |
JoeSecurity_DarkTortilla | Yara detected DarkTortilla Crypter | Joe Security | ||
Click to see the 40 entries |
System Summary |
---|
Source: | Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): |
Source: | Author: frack113: |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Code function: | 0_2_01444769 | |
Source: | Code function: | 0_2_0144AEC0 | |
Source: | Code function: | 0_2_0144AF11 | |
Source: | Code function: | 12_2_00B84774 | |
Source: | Code function: | 12_2_00B8AEC0 | |
Source: | Code function: | 12_2_00B8AF11 | |
Source: | Code function: | 13_2_00DB4769 | |
Source: | Code function: | 13_2_00DBAEC0 | |
Source: | Code function: | 13_2_00DBAF11 |
Networking |
---|
Source: | HTTP traffic: | ||
Source: | HTTP traffic: | ||
Source: | HTTP traffic: |
Source: | Process created: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process Stats: |
Source: | Code function: | 12_2_0910A848 |
Source: | Code function: | 0_2_01444769 | |
Source: | Code function: | 0_2_01448819 | |
Source: | Code function: | 0_2_0144AEC0 | |
Source: | Code function: | 0_2_01447AD8 | |
Source: | Code function: | 0_2_066F10AC | |
Source: | Code function: | 0_2_066FD4A8 | |
Source: | Code function: | 0_2_066FD498 | |
Source: | Code function: | 0_2_066FAB24 | |
Source: | Code function: | 0_2_07D6E3F0 | |
Source: | Code function: | 0_2_07D61140 | |
Source: | Code function: | 0_2_07D6C144 | |
Source: | Code function: | 0_2_07D96AB8 | |
Source: | Code function: | 0_2_07D9C210 | |
Source: | Code function: | 0_2_08702388 | |
Source: | Code function: | 0_2_0870A6B0 | |
Source: | Code function: | 0_2_087069B0 | |
Source: | Code function: | 0_2_0870C2B0 | |
Source: | Code function: | 0_2_0870C29F | |
Source: | Code function: | 0_2_08702363 | |
Source: | Code function: | 0_2_08711408 | |
Source: | Code function: | 0_2_0871B13F | |
Source: | Code function: | 0_2_0871C6E0 | |
Source: | Code function: | 0_2_0871C6D2 | |
Source: | Code function: | 0_2_07D61127 | |
Source: | Code function: | 12_2_00B8823C | |
Source: | Code function: | 12_2_00B84774 | |
Source: | Code function: | 12_2_00B8AEC0 | |
Source: | Code function: | 12_2_00B87B08 | |
Source: | Code function: | 12_2_06310B84 | |
Source: | Code function: | 12_2_0632F050 | |
Source: | Code function: | 12_2_063210AC | |
Source: | Code function: | 12_2_0632D4A8 | |
Source: | Code function: | 12_2_0632D498 | |
Source: | Code function: | 12_2_06320006 | |
Source: | Code function: | 12_2_0632AB24 | |
Source: | Code function: | 12_2_0674A6B0 | |
Source: | Code function: | 12_2_06742388 | |
Source: | Code function: | 12_2_0674C2B0 | |
Source: | Code function: | 12_2_06742362 | |
Source: | Code function: | 12_2_06751408 | |
Source: | Code function: | 12_2_0675B153 | |
Source: | Code function: | 12_2_0675C6E0 | |
Source: | Code function: | 12_2_0675C6DF | |
Source: | Code function: | 12_2_079CD788 | |
Source: | Code function: | 12_2_079C1140 | |
Source: | Code function: | 12_2_079CE666 | |
Source: | Code function: | 12_2_079CF530 | |
Source: | Code function: | 12_2_079CF520 | |
Source: | Code function: | 12_2_079CD778 | |
Source: | Code function: | 12_2_07A4E328 | |
Source: | Code function: | 12_2_07A4C718 | |
Source: | Code function: | 12_2_07A4EA51 | |
Source: | Code function: | 12_2_07A4F720 | |
Source: | Code function: | 12_2_07A4FAA0 | |
Source: | Code function: | 12_2_07A4FA91 | |
Source: | Code function: | 12_2_07A4D6E9 | |
Source: | Code function: | 12_2_07A4E2DF | |
Source: | Code function: | 12_2_07A42E78 | |
Source: | Code function: | 12_2_07A42E45 | |
Source: | Code function: | 12_2_07A4FCC8 | |
Source: | Code function: | 12_2_07A4FCD8 | |
Source: | Code function: | 12_2_07A4F420 | |
Source: | Code function: | 12_2_07A4F430 | |
Source: | Code function: | 12_2_09104D28 | |
Source: | Code function: | 12_2_09108978 | |
Source: | Code function: | 12_2_091035C0 | |
Source: | Code function: | 12_2_0910AF28 | |
Source: | Code function: | 12_2_091056F5 | |
Source: | Code function: | 12_2_09104D18 | |
Source: | Code function: | 12_2_09100D1F | |
Source: | Code function: | 12_2_09100D20 | |
Source: | Code function: | 12_2_09104558 | |
Source: | Code function: | 12_2_09109178 | |
Source: | Code function: | 12_2_091035B0 | |
Source: | Code function: | 12_2_091001D8 | |
Source: | Code function: | 12_2_091001CB | |
Source: | Code function: | 12_2_09100013 | |
Source: | Code function: | 12_2_09103860 | |
Source: | Code function: | 12_2_091074D0 | |
Source: | Code function: | 12_2_091074E0 | |
Source: | Code function: | 12_2_09103EF0 | |
Source: | Code function: | 12_2_09103EE0 | |
Source: | Code function: | 12_2_079C1127 | |
Source: | Code function: | 13_2_00B501F0 | |
Source: | Code function: | 13_2_00B51AB0 | |
Source: | Code function: | 13_2_00DB4769 | |
Source: | Code function: | 13_2_00DB8819 | |
Source: | Code function: | 13_2_00DBAEC0 | |
Source: | Code function: | 13_2_00DB76B8 | |
Source: | Code function: | 13_2_00DB7AD8 | |
Source: | Code function: | 13_2_064A10AC | |
Source: | Code function: | 13_2_064AD10C | |
Source: | Code function: | 13_2_064AD498 | |
Source: | Code function: | 13_2_064AD4A8 | |
Source: | Code function: | 13_2_064AF053 | |
Source: | Code function: | 13_2_064AAB24 | |
Source: | Code function: | 13_2_07D0D788 | |
Source: | Code function: | 13_2_07D0E637 | |
Source: | Code function: | 13_2_07D01140 | |
Source: | Code function: | 13_2_07D0D778 | |
Source: | Code function: | 13_2_07D0F530 | |
Source: | Code function: | 13_2_07D0F520 | |
Source: | Code function: | 13_2_07D78B88 | |
Source: | Code function: | 13_2_07D7AF20 | |
Source: | Code function: | 13_2_07D735C0 | |
Source: | Code function: | 13_2_07D74D28 | |
Source: | Code function: | 13_2_07D75CC0 | |
Source: | Code function: | 13_2_07D73EF0 | |
Source: | Code function: | 13_2_07D73EE0 | |
Source: | Code function: | 13_2_07D792B8 | |
Source: | Code function: | 13_2_07D701D8 | |
Source: | Code function: | 13_2_07D701CB | |
Source: | Code function: | 13_2_07D779C8 | |
Source: | Code function: | 13_2_07D735B0 | |
Source: | Code function: | 13_2_07D74558 | |
Source: | Code function: | 13_2_07D70D1F | |
Source: | Code function: | 13_2_07D74D18 | |
Source: | Code function: | 13_2_07D70D20 | |
Source: | Code function: | 13_2_07D73851 | |
Source: | Code function: | 13_2_07D73860 | |
Source: | Code function: | 13_2_07D70016 | |
Source: | Code function: | 13_2_07D8C718 | |
Source: | Code function: | 13_2_07D8E328 | |
Source: | Code function: | 13_2_07D8EA51 | |
Source: | Code function: | 13_2_07D8E307 | |
Source: | Code function: | 13_2_07D8F720 | |
Source: | Code function: | 13_2_07D8D6E9 | |
Source: | Code function: | 13_2_07D8FA91 | |
Source: | Code function: | 13_2_07D8FAA0 | |
Source: | Code function: | 13_2_07D8FCD8 | |
Source: | Code function: | 13_2_07D8FCC8 | |
Source: | Code function: | 13_2_07D8F430 | |
Source: | Code function: | 13_2_07D8F420 | |
Source: | Code function: | 13_2_07FDA6B0 | |
Source: | Code function: | 13_2_07FD2388 | |
Source: | Code function: | 13_2_07FD2362 | |
Source: | Code function: | 13_2_07FDC2B0 | |
Source: | Code function: | 13_2_07FEB13E | |
Source: | Code function: | 13_2_07FE1408 | |
Source: | Code function: | 13_2_07FEC6E0 | |
Source: | Code function: | 13_2_07FEC6D1 | |
Source: | Code function: | 13_2_07D01127 | |
Source: | Code function: | 14_2_02724A98 | |
Source: | Code function: | 14_2_0272DBE0 | |
Source: | Code function: | 14_2_0272A960 | |
Source: | Code function: | 14_2_02723E80 | |
Source: | Code function: | 14_2_027241C8 | |
Source: | Code function: | 14_2_0272AF6F | |
Source: | Code function: | 14_2_06480FE0 | |
Source: | Code function: | 14_2_06483C6B | |
Source: | Code function: | 14_2_06484570 | |
Source: | Code function: | 14_2_06485D08 | |
Source: | Code function: | 14_2_06483520 | |
Source: | Code function: | 14_2_0648E328 | |
Source: | Code function: | 14_2_0648A108 | |
Source: | Code function: | 14_2_064891B2 | |
Source: | Code function: | 14_2_06485628 | |
Source: | Code function: | 14_2_0648C328 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 0_2_0144B145 | |
Source: | Code function: | 0_2_0144B3B9 | |
Source: | Code function: | 0_2_07D6039F | |
Source: | Code function: | 0_2_07D600C1 | |
Source: | Code function: | 0_2_07D99F42 | |
Source: | Code function: | 0_2_07D9CCB7 | |
Source: | Code function: | 0_2_08706961 | |
Source: | Code function: | 0_2_08706321 | |
Source: | Code function: | 12_2_00B8476A | |
Source: | Code function: | 12_2_00B8B145 | |
Source: | Code function: | 12_2_00B8B3B9 | |
Source: | Code function: | 12_2_06746321 | |
Source: | Code function: | 12_2_0674CDE5 | |
Source: | Code function: | 12_2_06746961 | |
Source: | Code function: | 12_2_079C039F | |
Source: | Code function: | 12_2_079CB3F5 | |
Source: | Code function: | 12_2_079C00C1 | |
Source: | Code function: | 12_2_079CC4DB | |
Source: | Code function: | 12_2_079CBA63 | |
Source: | Code function: | 12_2_07A49D65 | |
Source: | Code function: | 12_2_07A48420 | |
Source: | Code function: | 13_2_00DBB145 | |
Source: | Code function: | 13_2_00DBB3B9 | |
Source: | Code function: | 13_2_07D0039F | |
Source: | Code function: | 13_2_07D0BA63 | |
Source: | Code function: | 13_2_07D0C4DB | |
Source: | Code function: | 13_2_07D000C1 | |
Source: | Code function: | 13_2_07D88420 | |
Source: | Code function: | 13_2_07FDC78E | |
Source: | Code function: | 13_2_07FD6321 | |
Source: | Code function: | 13_2_07FD2F5E |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | File created: | |||
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | WMI Queries: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Valid Accounts | 121 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | 2 OS Credential Dumping | 2 File and Directory Discovery | Remote Services | 11 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Command and Scripting Interpreter | 1 Valid Accounts | 1 Valid Accounts | 1 Deobfuscate/Decode Files or Information | 1 Input Capture | 24 System Information Discovery | Remote Desktop Protocol | 2 Data from Local System | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | 12 Registry Run Keys / Startup Folder | 1 Access Token Manipulation | 2 Obfuscated Files or Information | 1 Credentials in Registry | 211 Security Software Discovery | SMB/Windows Admin Shares | 1 Email Collection | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 311 Process Injection | 1 Software Packing | NTDS | 1 Process Discovery | Distributed Component Object Model | 1 Input Capture | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 12 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | LSA Secrets | 141 Virtualization/Sandbox Evasion | SSH | Keylogging | 23 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Masquerading | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Valid Accounts | DCSync | 1 Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 Access Token Manipulation | Proc Filesystem | 11 System Network Configuration Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 141 Virtualization/Sandbox Evasion | /etc/passwd and /etc/shadow | Network Sniffing | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | 311 Process Injection | Network Sniffing | Network Service Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
Network Security Appliances | Domains | Compromise Software Dependencies and Development Tools | AppleScript | Launchd | Launchd | 1 Hidden Files and Directories | Input Capture | System Network Connections Discovery | Software Deployment Tools | Remote Data Staging | Mail Protocols | Exfiltration Over Unencrypted Non-C2 Protocol | Firmware Corruption |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
32% | ReversingLabs | Win32.Trojan.Generic | ||
100% | Avira | HEUR/AGEN.1311110 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1311110 | ||
100% | Joe Sandbox ML | |||
32% | ReversingLabs | Win32.Trojan.Generic |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
mail.privateemail.com | 198.54.122.135 | true | true | unknown | |
www.google.com | 142.250.74.196 | true | false | unknown | |
api.ipify.org | 104.26.12.205 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.26.12.205 | api.ipify.org | United States | 13335 | CLOUDFLARENETUS | false | |
198.54.122.135 | mail.privateemail.com | United States | 22612 | NAMECHEAP-NETUS | true | |
142.250.74.196 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
127.0.0.1 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1466179 |
Start date and time: | 2024-07-02 16:38:08 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 11m 6s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 18 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Drawing specification and June PO #07329.exe |
Detection: | MAL |
Classification: | mal100.troj.adwa.spyw.evad.winEXE@17/7@3/4 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe, svchost.exe
- Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: Drawing specification and June PO #07329.exe
Time | Type | Description |
---|---|---|
10:39:14 | API Interceptor | |
10:40:17 | API Interceptor | |
10:40:39 | API Interceptor | |
10:41:53 | API Interceptor | |
16:39:16 | Autostart | |
16:40:24 | Autostart |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.26.12.205 | Get hash | malicious | Conti, PureLog Stealer, Targeted Ransomware | Browse |
| |
Get hash | malicious | Stealit | Browse |
| ||
Get hash | malicious | Stealit | Browse |
| ||
Get hash | malicious | Stealit | Browse |
| ||
Get hash | malicious | Stealit | Browse |
| ||
Get hash | malicious | Bunny Loader | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
198.54.122.135 | Get hash | malicious | AgentTesla, DarkTortilla | Browse | ||
Get hash | malicious | AgentTesla, DarkTortilla | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
mail.privateemail.com | Get hash | malicious | AgentTesla, DarkTortilla | Browse |
| |
Get hash | malicious | AgentTesla, DarkTortilla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
api.ipify.org | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
| ||
Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
NAMECHEAP-NETUS | Get hash | malicious | FormBook | Browse |
| |
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | AgentTesla, DarkTortilla | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos, PureLog Stealer | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | AgentTesla, DarkTortilla | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Drawing specification and June PO #07329.exe.log ![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAXCAYAAAARIY8tAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyFpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTQyIDc5LjE2MDkyNCwgMjAxNy8wNy8xMy0wMTowNjozOSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIChXaW5kb3dzKSIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDo1MURGMTcxMEUwMTExMUU3ODcwNkQzRUEzRDEzQkU2NSIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDo1MURGMTcxMUUwMTExMUU3ODcwNkQzRUEzRDEzQkU2NSI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOjUxREYxNzBFRTAxMTExRTc4NzA2RDNFQTNEMTNCRTY1IiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOjUxREYxNzBGRTAxMTExRTc4NzA2RDNFQTNEMTNCRTY1Ii8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+ndzG2gAAA2JJREFUeNq0VVtIlEEU/nZXaTc1txbLMkrFxAuolA+Z3dQgqIdE0dSy1gclezJt1VWrh9TSBzUqKCorMs1L0ENJqV0helBMxTCSykUSzby77pKX7czorr/r6mLggcPMf/453zdz5pwzIoPBgNUUMVZZRJaM0evlUTRUrRArpmpouNIqAYFLaeggdV0hgYbUm0h01kJ0zhK4o9NGwdzJEsF20tRl74B270xDltC2RiZDpEqFTa7bTbbNHh6ISEvj/8xETRhbljtBPqm90JBV8xTa4WF8a2w02b5++oSJ0VGoq2vMCezmMBYTEPNOGpTmHjIHBwz09CyKB7OtXbfOUqhOEVagpROULJVVTCS2tjiafJYrm1vJzBIi4Vg2grTct5THjl2BiM5UQz8xwb8PxsXhc339ciTBDJa0UjyXloWWVsns7XmIjqWk8H29vH0Lz2/eoLmI29g/pktIAWHLJL4yqYo+IheckQAOxMZCVV4BhYuLKU19gvfCOygILp6eszcqlyPk5AmMDQ5C095uTiAn1TECVrGmbbj6+UFVVoag8HA8K7mGvzodnN3dIRaLURgXi8baFzxEM9PTNK9F3b27iL14CbvDj+FHSwuG+/qEJL4iOoZamFqn869AameHJ7mXMdLfj/tdGlxPSsSeiEhMjIxgemoKDooNeFv2GOdpIwlUHyyUx7NzwBrnwyy1kCCHZVExaZfRohsbw920VA5uFL1Wi5E//TicmIgjyckY6u0lsBnTf934OB5dyOG1YdY6iiRf9PopChNLdJZJ3PG3RjMPTs5JxSWccJu3z2wN/OrhlVyZl4vvzc3cZpiZYc7o7+42up6hvtQiEhTaB5aqIoo1XywQB4UCUekZ/ARMXt25g+rCAowNDCwsgHnfjwyLCAwS023IpK00JNEuRHaOjvwS2WIGHpOdjdD4eNSVlqKzqQmHlErYr5fzOUsCiY0NmA+bs8OwrCTwnkXtmk5RSkMCq9SQuBPw3b8P/qFh+NnaigfqTHR3dPB1W728kHDlKtwCAtD65jXa33/Au4pyTE9Ost8PCVxp8T2Y66adxobHct/N3w8tDQ0WKykgjMjb2oQJoSX1NO5+qQdHbd4RVyA5BJ5n7cFZkLYrfNGKrD76tAM9Den/QZBh/lwy+SfAAK5qO2iUYLhmAAAAAElFTkSuQmCC)
Download File
Process: | C:\Users\user\Desktop\Drawing specification and June PO #07329.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1216 |
Entropy (8bit): | 5.34331486778365 |
Encrypted: | false |
SSDEEP: | 24:MLU84jE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MgvjHK5HKH1qHiYHKh3oPtHo6hAHKzea |
MD5: | EA88ED5AF7CAEBFBCF0F4B4AE0AB2721 |
SHA1: | B2A052ACB64FC7173E568E1520AA4D713C5E90A3 |
SHA-256: | 50FD579DC293CFBE1CF6E5C62E0B4F879B72500000B971CE690F39FA716A3B53 |
SHA-512: | D1B6E5D67808E19A92A2C8BD4C708D13170D1AFD5C3CDFDA873F1C093D80B24D4101325EF20285EEEE8501239F2F1F7FA96C4571390A5B7916DCD3B461B66EC6 |
Malicious: | true |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1216 |
Entropy (8bit): | 5.34331486778365 |
Encrypted: | false |
SSDEEP: | 24:MLU84jE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MgvjHK5HKH1qHiYHKh3oPtHo6hAHKzea |
MD5: | EA88ED5AF7CAEBFBCF0F4B4AE0AB2721 |
SHA1: | B2A052ACB64FC7173E568E1520AA4D713C5E90A3 |
SHA-256: | 50FD579DC293CFBE1CF6E5C62E0B4F879B72500000B971CE690F39FA716A3B53 |
SHA-512: | D1B6E5D67808E19A92A2C8BD4C708D13170D1AFD5C3CDFDA873F1C093D80B24D4101325EF20285EEEE8501239F2F1F7FA96C4571390A5B7916DCD3B461B66EC6 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 731136 |
Entropy (8bit): | 6.442029626022208 |
Encrypted: | false |
SSDEEP: | 12288:nd3LiIq/N5sKqxB6PzNm0E7UHPk8dDTVVZ+Aplb:d3LTqbsuzNm0EG8UxD |
MD5: | D9B0EE244191E7FCE879415F619E88C5 |
SHA1: | 6095D064C3E5EDFB7669AB435A89296946CE720A |
SHA-256: | 323AC60AB28AEB551DA47309CB6B5E9A7B23D669A983B51E7FD09E706596B97E |
SHA-512: | E031062ABB5C96BBC2CDC1D8EB8ECEB7E2F6D300035850E23A3447530DAADBC904F52A97C6865EC9D7FF5493B4748F22FBC11B724B324E2B2407C90BAD602765 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\file.exe:Zone.Identifier ![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAXCAYAAAARIY8tAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyFpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTQyIDc5LjE2MDkyNCwgMjAxNy8wNy8xMy0wMTowNjozOSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIChXaW5kb3dzKSIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDo1MURGMTcxMEUwMTExMUU3ODcwNkQzRUEzRDEzQkU2NSIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDo1MURGMTcxMUUwMTExMUU3ODcwNkQzRUEzRDEzQkU2NSI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOjUxREYxNzBFRTAxMTExRTc4NzA2RDNFQTNEMTNCRTY1IiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOjUxREYxNzBGRTAxMTExRTc4NzA2RDNFQTNEMTNCRTY1Ii8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+ndzG2gAAA2JJREFUeNq0VVtIlEEU/nZXaTc1txbLMkrFxAuolA+Z3dQgqIdE0dSy1gclezJt1VWrh9TSBzUqKCorMs1L0ENJqV0helBMxTCSykUSzby77pKX7czorr/r6mLggcPMf/453zdz5pwzIoPBgNUUMVZZRJaM0evlUTRUrRArpmpouNIqAYFLaeggdV0hgYbUm0h01kJ0zhK4o9NGwdzJEsF20tRl74B270xDltC2RiZDpEqFTa7bTbbNHh6ISEvj/8xETRhbljtBPqm90JBV8xTa4WF8a2w02b5++oSJ0VGoq2vMCezmMBYTEPNOGpTmHjIHBwz09CyKB7OtXbfOUqhOEVagpROULJVVTCS2tjiafJYrm1vJzBIi4Vg2grTct5THjl2BiM5UQz8xwb8PxsXhc339ciTBDJa0UjyXloWWVsns7XmIjqWk8H29vH0Lz2/eoLmI29g/pktIAWHLJL4yqYo+IheckQAOxMZCVV4BhYuLKU19gvfCOygILp6eszcqlyPk5AmMDQ5C095uTiAn1TECVrGmbbj6+UFVVoag8HA8K7mGvzodnN3dIRaLURgXi8baFzxEM9PTNK9F3b27iL14CbvDj+FHSwuG+/qEJL4iOoZamFqn869AameHJ7mXMdLfj/tdGlxPSsSeiEhMjIxgemoKDooNeFv2GOdpIwlUHyyUx7NzwBrnwyy1kCCHZVExaZfRohsbw920VA5uFL1Wi5E//TicmIgjyckY6u0lsBnTf934OB5dyOG1YdY6iiRf9PopChNLdJZJ3PG3RjMPTs5JxSWccJu3z2wN/OrhlVyZl4vvzc3cZpiZYc7o7+42up6hvtQiEhTaB5aqIoo1XywQB4UCUekZ/ARMXt25g+rCAowNDCwsgHnfjwyLCAwS023IpK00JNEuRHaOjvwS2WIGHpOdjdD4eNSVlqKzqQmHlErYr5fzOUsCiY0NmA+bs8OwrCTwnkXtmk5RSkMCq9SQuBPw3b8P/qFh+NnaigfqTHR3dPB1W728kHDlKtwCAtD65jXa33/Au4pyTE9Ost8PCVxp8T2Y66adxobHct/N3w8tDQ0WKykgjMjb2oQJoSX1NO5+qQdHbd4RVyA5BJ5n7cFZkLYrfNGKrD76tAM9Den/QZBh/lwy+SfAAK5qO2iUYLhmAAAAAElFTkSuQmCC)
Download File
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\Drawing specification and June PO #07329.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1408 |
Entropy (8bit): | 3.000298736296846 |
Encrypted: | false |
SSDEEP: | 24:8dUTWLgD4/BOmRC87q8MT3GmyjCyjMRHgd0kqy:8dRgDsvRC87tMT3GHCyjMRHly |
MD5: | 3B149719BDB6E8F4EF9E336B4B2E10CB |
SHA1: | 2F9466594A2A67552B74173509C611C88F9C82B2 |
SHA-256: | 6CBB88974C65F1C67995AD61C5E1A5919BFFF3876D6E89DD1E5A2B31F6D89CE7 |
SHA-512: | 8ABCB01B095A3A83226CC94032D6C45DD1E4174FD52DDEDAAB8D2E64D1DEF3C0EC5604B239FE5B9A7D56B07DC46B882D2D22E552B90AA7FABDCAEC6ABBCAB141 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\PING.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2097 |
Entropy (8bit): | 4.731610293213597 |
Encrypted: | false |
SSDEEP: | 12:PKMRJpTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeT4:/HRAokItULVDv |
MD5: | 02EA50BC6E96E97640FF521E841087B6 |
SHA1: | 39ABCD3BFCF6CBFBAF32422F997F1F9FBA727F3A |
SHA-256: | 8A8F910EDD1FD2C18E0A31ABBF11F1BD60760A7789EF7B91061EDC8CF35D232A |
SHA-512: | FF3F3CB250BD9E5128949B0A42D2E2C210FAEEF1C8C74979C4B4AE8AAABAD07E20B5227ADA467205ABAC0E82422DC0C61E9020BFED05FA92E332A141FA64D305 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.442029626022208 |
TrID: |
|
File name: | Drawing specification and June PO #07329.exe |
File size: | 731'136 bytes |
MD5: | d9b0ee244191e7fce879415f619e88c5 |
SHA1: | 6095d064c3e5edfb7669ab435a89296946ce720a |
SHA256: | 323ac60ab28aeb551da47309cb6b5e9a7b23d669a983b51e7fd09e706596b97e |
SHA512: | e031062abb5c96bbc2cdc1d8eb8eceb7e2f6d300035850e23a3447530daadbc904f52a97c6865ec9d7ff5493b4748f22fbc11b724b324e2b2407c90bad602765 |
SSDEEP: | 12288:nd3LiIq/N5sKqxB6PzNm0E7UHPk8dDTVVZ+Aplb:d3LTqbsuzNm0EG8UxD |
TLSH: | B8F4AF898E937116C8DB03355F9351B8AFA64D732E89989A04431392FA3F3D7BC658D3 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......!.........."...P.. ...........>... ...@....@.. ....................................`................................ |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x4b3e0e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x2186159D [Wed Oct 28 16:04:45 1987 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xb3dbc | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xb4000 | 0x3e8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xb6000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0xb1e14 | 0xb2000 | e06e94155162bc82a2bcc5f6c29a5036 | False | 0.6135418495435393 | SysEx File - | 6.449928655421317 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0xb4000 | 0x3e8 | 0x400 | 1da576551cfeb02595a2acd9b202c4d7 | False | 0.4306640625 | data | 3.436617538765956 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xb6000 | 0xc | 0x200 | eb5e75a19d683016c0082cf462ae0dd8 | False | 0.044921875 | data | 0.10191042566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0xb4058 | 0x390 | data | 0.44956140350877194 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 2, 2024 16:39:08.207855940 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:08.212719917 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:08.212794065 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:08.213855982 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:08.218633890 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:08.915752888 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:08.915832996 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:08.915843964 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:08.915895939 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:08.915935040 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:08.915946960 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:08.915986061 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:08.916136980 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:08.916150093 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:08.916162014 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:08.916172028 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:08.916184902 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:08.916202068 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:08.916232109 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:08.920730114 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:08.920793056 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:08.920804024 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:08.920841932 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:08.920922041 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:08.920974016 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:09.010292053 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.010324955 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.010338068 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.010382891 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:09.010499001 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.010513067 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.010560989 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:09.010723114 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.010766983 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:09.010862112 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.010874033 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.010915041 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:09.016748905 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.016844034 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.016855001 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.016890049 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:09.023320913 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.023377895 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:09.023400068 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.023411036 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.023454905 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:09.028971910 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.029053926 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.029064894 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.029099941 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:09.034771919 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.034838915 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:09.034873962 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.034887075 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.034940958 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:09.041064024 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.041147947 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.041162014 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.041223049 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:09.047132969 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.047189951 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.047202110 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.047204971 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:09.047247887 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:09.052875042 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.052886009 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.052897930 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.052936077 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:09.052990913 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.053050041 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:09.109183073 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.109214067 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.109226942 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.109239101 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.109251022 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.109263897 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.109277964 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.109286070 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:09.109349966 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:09.109683990 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.109697104 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.109708071 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.109744072 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:09.109761953 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:09.109903097 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.109962940 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.109973907 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.110012054 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:09.116036892 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.116085052 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:09.116166115 CEST | 80 | 49711 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:39:09.164786100 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:39:45.883554935 CEST | 49711 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:33.694600105 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:33.699575901 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:33.703977108 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:33.704265118 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:33.709098101 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.369432926 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.369458914 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.369469881 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.369523048 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.369527102 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.369535923 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.369548082 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.369560003 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.369577885 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.369597912 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.369735003 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.369777918 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.369792938 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.369805098 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.369851112 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.374361992 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.374402046 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.374419928 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.374454021 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.414891958 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.457667112 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.457771063 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.457782984 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.457813978 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.458254099 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.458297968 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.458317995 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.458329916 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.458359957 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.464256048 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.464320898 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.464330912 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.464366913 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.470391989 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.470439911 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.470443964 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.470455885 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.470503092 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.476370096 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.476385117 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.476407051 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.476439953 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.476459026 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.476511955 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.482419014 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.482450962 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.482461929 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.482491970 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.488444090 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.488462925 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.488495111 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.488589048 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.488631010 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.488701105 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.494440079 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.494455099 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.494482040 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.494518042 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.494528055 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.494560957 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.500536919 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.500569105 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.500581026 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.500600100 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.500627995 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.506462097 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.506494045 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.506509066 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.506534100 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.545874119 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.545924902 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.545923948 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.545936108 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.545989037 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.546061993 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.546127081 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.546138048 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.546159029 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.550359011 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.550407887 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.550431967 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.550442934 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.550455093 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.550493956 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.556262016 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.556298971 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.556308985 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.556340933 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.556376934 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.557550907 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.562314987 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.562370062 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.562378883 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.562428951 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.562438965 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.562462091 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.568335056 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.568375111 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:40:34.568392038 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:40:34.617990017 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:00.370852947 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:00.376362085 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:00.376463890 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:00.376938105 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:00.381768942 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.047502995 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.047563076 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.047601938 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.047662973 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:01.047683001 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.047719955 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.047754049 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.047774076 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:01.047792912 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.047807932 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:01.047828913 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.047862053 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.047897100 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.047898054 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:01.047946930 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:01.052807093 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.052877903 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.052910089 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.052943945 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:01.102457047 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:01.133960009 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.136341095 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.136369944 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.136503935 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:01.136970043 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.137044907 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.137058020 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.137101889 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:01.137101889 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:01.142952919 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.143049955 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.143060923 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.143071890 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.143100023 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:01.143234015 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:01.149132967 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.149418116 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.149430037 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.149548054 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:01.155165911 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.155221939 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.155224085 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:01.155235052 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.155710936 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:01.161309958 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.161369085 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.161381006 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.161443949 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:01.187203884 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.187221050 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.187350035 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.187361956 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.187374115 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.187422037 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:01.187422037 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:01.187422037 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:01.187586069 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.187665939 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.187678099 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.187756062 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.187787056 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:01.187939882 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:01.225209951 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.225235939 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.225246906 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.225392103 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.225444078 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.225456953 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.225547075 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.225594044 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:01.225594044 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:01.229748964 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.229773998 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.229784966 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.229806900 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:01.229896069 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:01.235908985 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.236038923 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.236051083 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.236378908 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:01.244400024 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.244427919 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.244440079 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.244508028 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:01.244508028 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:01.254745960 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.254776955 CEST | 80 | 49730 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:41:01.254913092 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:41:44.002779007 CEST | 49731 | 443 | 192.168.2.6 | 104.26.12.205 |
Jul 2, 2024 16:41:44.002883911 CEST | 443 | 49731 | 104.26.12.205 | 192.168.2.6 |
Jul 2, 2024 16:41:44.002981901 CEST | 49731 | 443 | 192.168.2.6 | 104.26.12.205 |
Jul 2, 2024 16:41:44.041951895 CEST | 49731 | 443 | 192.168.2.6 | 104.26.12.205 |
Jul 2, 2024 16:41:44.041971922 CEST | 443 | 49731 | 104.26.12.205 | 192.168.2.6 |
Jul 2, 2024 16:41:44.523844957 CEST | 443 | 49731 | 104.26.12.205 | 192.168.2.6 |
Jul 2, 2024 16:41:44.524032116 CEST | 49731 | 443 | 192.168.2.6 | 104.26.12.205 |
Jul 2, 2024 16:41:44.526310921 CEST | 49731 | 443 | 192.168.2.6 | 104.26.12.205 |
Jul 2, 2024 16:41:44.526345015 CEST | 443 | 49731 | 104.26.12.205 | 192.168.2.6 |
Jul 2, 2024 16:41:44.526782036 CEST | 443 | 49731 | 104.26.12.205 | 192.168.2.6 |
Jul 2, 2024 16:41:44.571187973 CEST | 49731 | 443 | 192.168.2.6 | 104.26.12.205 |
Jul 2, 2024 16:41:44.632301092 CEST | 49731 | 443 | 192.168.2.6 | 104.26.12.205 |
Jul 2, 2024 16:41:44.672509909 CEST | 443 | 49731 | 104.26.12.205 | 192.168.2.6 |
Jul 2, 2024 16:41:53.972701073 CEST | 49731 | 443 | 192.168.2.6 | 104.26.12.205 |
Jul 2, 2024 16:41:53.972846985 CEST | 443 | 49731 | 104.26.12.205 | 192.168.2.6 |
Jul 2, 2024 16:41:53.972976923 CEST | 49731 | 443 | 192.168.2.6 | 104.26.12.205 |
Jul 2, 2024 16:41:54.504041910 CEST | 49732 | 587 | 192.168.2.6 | 198.54.122.135 |
Jul 2, 2024 16:41:54.509613991 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:54.511722088 CEST | 49732 | 587 | 192.168.2.6 | 198.54.122.135 |
Jul 2, 2024 16:41:55.216917992 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:55.217344999 CEST | 49732 | 587 | 192.168.2.6 | 198.54.122.135 |
Jul 2, 2024 16:41:55.222189903 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:55.377623081 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:55.378021955 CEST | 49732 | 587 | 192.168.2.6 | 198.54.122.135 |
Jul 2, 2024 16:41:55.383440971 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:55.538207054 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:55.538845062 CEST | 49732 | 587 | 192.168.2.6 | 198.54.122.135 |
Jul 2, 2024 16:41:55.543876886 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:55.700376987 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:55.700396061 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:55.700407982 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:55.700474024 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:55.700474977 CEST | 49732 | 587 | 192.168.2.6 | 198.54.122.135 |
Jul 2, 2024 16:41:55.700491905 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:55.700546026 CEST | 49732 | 587 | 192.168.2.6 | 198.54.122.135 |
Jul 2, 2024 16:41:55.723404884 CEST | 49732 | 587 | 192.168.2.6 | 198.54.122.135 |
Jul 2, 2024 16:41:55.728251934 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:55.886351109 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:55.892951965 CEST | 49732 | 587 | 192.168.2.6 | 198.54.122.135 |
Jul 2, 2024 16:41:55.897854090 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:56.053464890 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:56.054642916 CEST | 49732 | 587 | 192.168.2.6 | 198.54.122.135 |
Jul 2, 2024 16:41:56.059586048 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:56.216249943 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:56.258723974 CEST | 49732 | 587 | 192.168.2.6 | 198.54.122.135 |
Jul 2, 2024 16:41:56.275254965 CEST | 49732 | 587 | 192.168.2.6 | 198.54.122.135 |
Jul 2, 2024 16:41:56.280076027 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:56.437946081 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:56.438287020 CEST | 49732 | 587 | 192.168.2.6 | 198.54.122.135 |
Jul 2, 2024 16:41:56.443109035 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:56.600809097 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:56.601164103 CEST | 49732 | 587 | 192.168.2.6 | 198.54.122.135 |
Jul 2, 2024 16:41:56.605933905 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:56.793632030 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:56.793930054 CEST | 49732 | 587 | 192.168.2.6 | 198.54.122.135 |
Jul 2, 2024 16:41:56.798711061 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:56.954091072 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:56.955044031 CEST | 49732 | 587 | 192.168.2.6 | 198.54.122.135 |
Jul 2, 2024 16:41:56.955080986 CEST | 49732 | 587 | 192.168.2.6 | 198.54.122.135 |
Jul 2, 2024 16:41:56.955100060 CEST | 49732 | 587 | 192.168.2.6 | 198.54.122.135 |
Jul 2, 2024 16:41:56.955135107 CEST | 49732 | 587 | 192.168.2.6 | 198.54.122.135 |
Jul 2, 2024 16:41:56.960074902 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:56.960088015 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:56.960539103 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:56.960550070 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:57.346035004 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 |
Jul 2, 2024 16:41:57.399338961 CEST | 49732 | 587 | 192.168.2.6 | 198.54.122.135 |
Jul 2, 2024 16:42:14.611192942 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:42:14.619270086 CEST | 80 | 49728 | 142.250.74.196 | 192.168.2.6 |
Jul 2, 2024 16:42:14.619378090 CEST | 49728 | 80 | 192.168.2.6 | 142.250.74.196 |
Jul 2, 2024 16:42:15.575212002 CEST | 49730 | 80 | 192.168.2.6 | 142.250.74.196 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 2, 2024 16:39:08.193532944 CEST | 60018 | 53 | 192.168.2.6 | 1.1.1.1 |
Jul 2, 2024 16:39:08.200876951 CEST | 53 | 60018 | 1.1.1.1 | 192.168.2.6 |
Jul 2, 2024 16:41:43.987811089 CEST | 59351 | 53 | 192.168.2.6 | 1.1.1.1 |
Jul 2, 2024 16:41:43.996845007 CEST | 53 | 59351 | 1.1.1.1 | 192.168.2.6 |
Jul 2, 2024 16:41:54.495397091 CEST | 60667 | 53 | 192.168.2.6 | 1.1.1.1 |
Jul 2, 2024 16:41:54.503184080 CEST | 53 | 60667 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jul 2, 2024 16:39:08.193532944 CEST | 192.168.2.6 | 1.1.1.1 | 0xdb8a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 2, 2024 16:41:43.987811089 CEST | 192.168.2.6 | 1.1.1.1 | 0xfb36 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 2, 2024 16:41:54.495397091 CEST | 192.168.2.6 | 1.1.1.1 | 0x787f | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 2, 2024 16:39:08.200876951 CEST | 1.1.1.1 | 192.168.2.6 | 0xdb8a | No error (0) | 142.250.74.196 | A (IP address) | IN (0x0001) | false | ||
Jul 2, 2024 16:41:43.996845007 CEST | 1.1.1.1 | 192.168.2.6 | 0xfb36 | No error (0) | 104.26.12.205 | A (IP address) | IN (0x0001) | false | ||
Jul 2, 2024 16:41:43.996845007 CEST | 1.1.1.1 | 192.168.2.6 | 0xfb36 | No error (0) | 172.67.74.152 | A (IP address) | IN (0x0001) | false | ||
Jul 2, 2024 16:41:43.996845007 CEST | 1.1.1.1 | 192.168.2.6 | 0xfb36 | No error (0) | 104.26.13.205 | A (IP address) | IN (0x0001) | false | ||
Jul 2, 2024 16:41:54.503184080 CEST | 1.1.1.1 | 192.168.2.6 | 0x787f | No error (0) | 198.54.122.135 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49711 | 142.250.74.196 | 80 | 1372 | C:\Users\user\Desktop\Drawing specification and June PO #07329.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 2, 2024 16:39:08.213855982 CEST | 64 | OUT | |
Jul 2, 2024 16:39:08.915752888 CEST | 1236 | IN | |
Jul 2, 2024 16:39:08.915832996 CEST | 224 | IN | |
Jul 2, 2024 16:39:08.915843964 CEST | 1236 | IN | |
Jul 2, 2024 16:39:08.915935040 CEST | 1236 | IN | |
Jul 2, 2024 16:39:08.915946960 CEST | 448 | IN | |
Jul 2, 2024 16:39:08.916136980 CEST | 1236 | IN | |
Jul 2, 2024 16:39:08.916150093 CEST | 1236 | IN | |
Jul 2, 2024 16:39:08.916162014 CEST | 1236 | IN | |
Jul 2, 2024 16:39:08.916172028 CEST | 104 | IN | |
Jul 2, 2024 16:39:08.916184902 CEST | 1236 | IN | |
Jul 2, 2024 16:39:08.920730114 CEST | 1236 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.6 | 49728 | 142.250.74.196 | 80 | 4052 | C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 2, 2024 16:40:33.704265118 CEST | 64 | OUT | |
Jul 2, 2024 16:40:34.369432926 CEST | 1236 | IN | |
Jul 2, 2024 16:40:34.369458914 CEST | 224 | IN | |
Jul 2, 2024 16:40:34.369469881 CEST | 1236 | IN | |
Jul 2, 2024 16:40:34.369523048 CEST | 1236 | IN | |
Jul 2, 2024 16:40:34.369535923 CEST | 1236 | IN | |
Jul 2, 2024 16:40:34.369548082 CEST | 1236 | IN | |
Jul 2, 2024 16:40:34.369560003 CEST | 1236 | IN | |
Jul 2, 2024 16:40:34.369735003 CEST | 552 | IN | |
Jul 2, 2024 16:40:34.369792938 CEST | 1236 | IN | |
Jul 2, 2024 16:40:34.369805098 CEST | 1236 | IN | |
Jul 2, 2024 16:40:34.374361992 CEST | 1236 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.6 | 49730 | 142.250.74.196 | 80 | 6524 | C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 2, 2024 16:41:00.376938105 CEST | 64 | OUT | |
Jul 2, 2024 16:41:01.047502995 CEST | 1236 | IN | |
Jul 2, 2024 16:41:01.047563076 CEST | 1236 | IN | |
Jul 2, 2024 16:41:01.047601938 CEST | 1236 | IN | |
Jul 2, 2024 16:41:01.047683001 CEST | 672 | IN | |
Jul 2, 2024 16:41:01.047719955 CEST | 1236 | IN | |
Jul 2, 2024 16:41:01.047754049 CEST | 1236 | IN | |
Jul 2, 2024 16:41:01.047792912 CEST | 1236 | IN | |
Jul 2, 2024 16:41:01.047828913 CEST | 1236 | IN | |
Jul 2, 2024 16:41:01.047862053 CEST | 704 | IN | |
Jul 2, 2024 16:41:01.047897100 CEST | 1236 | IN | |
Jul 2, 2024 16:41:01.052807093 CEST | 1236 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49731 | 104.26.12.205 | 443 | 5928 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 14:41:44 UTC | 155 | OUT |
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Commands |
---|---|---|---|---|---|
Jul 2, 2024 16:41:55.216917992 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 | 220 PrivateEmail.com prod Mail Node |
Jul 2, 2024 16:41:55.217344999 CEST | 49732 | 587 | 192.168.2.6 | 198.54.122.135 | EHLO 088753 |
Jul 2, 2024 16:41:55.377623081 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 | 250-mta-11.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-CHUNKING 250 STARTTLS |
Jul 2, 2024 16:41:55.378021955 CEST | 49732 | 587 | 192.168.2.6 | 198.54.122.135 | STARTTLS |
Jul 2, 2024 16:41:55.538207054 CEST | 587 | 49732 | 198.54.122.135 | 192.168.2.6 | 220 Ready to start TLS |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 10:39:06 |
Start date: | 02/07/2024 |
Path: | C:\Users\user\Desktop\Drawing specification and June PO #07329.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x940000 |
File size: | 731'136 bytes |
MD5 hash: | D9B0EE244191E7FCE879415F619E88C5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 7 |
Start time: | 10:39:44 |
Start date: | 02/07/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1c0000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 8 |
Start time: | 10:39:44 |
Start date: | 02/07/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 10:39:44 |
Start date: | 02/07/2024 |
Path: | C:\Windows\SysWOW64\PING.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1e0000 |
File size: | 18'944 bytes |
MD5 hash: | B3624DD758CCECF93A1226CEF252CA12 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 11 |
Start time: | 10:40:21 |
Start date: | 02/07/2024 |
Path: | C:\Windows\SysWOW64\PING.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1e0000 |
File size: | 18'944 bytes |
MD5 hash: | B3624DD758CCECF93A1226CEF252CA12 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 12 |
Start time: | 10:40:32 |
Start date: | 02/07/2024 |
Path: | C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\file.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xba0000 |
File size: | 731'136 bytes |
MD5 hash: | D9B0EE244191E7FCE879415F619E88C5 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | false |
Target ID: | 13 |
Start time: | 10:40:59 |
Start date: | 02/07/2024 |
Path: | C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\file.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xba0000 |
File size: | 731'136 bytes |
MD5 hash: | D9B0EE244191E7FCE879415F619E88C5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 14 |
Start time: | 10:41:09 |
Start date: | 02/07/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x490000 |
File size: | 42'064 bytes |
MD5 hash: | 5D4073B2EB6D217C19F2B22F21BF8D57 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
Has exited: | false |
Target ID: | 15 |
Start time: | 10:41:35 |
Start date: | 02/07/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x410000 |
File size: | 42'064 bytes |
MD5 hash: | 5D4073B2EB6D217C19F2B22F21BF8D57 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
Has exited: | true |
Target ID: | 16 |
Start time: | 10:41:38 |
Start date: | 02/07/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xfd0000 |
File size: | 42'064 bytes |
MD5 hash: | 5D4073B2EB6D217C19F2B22F21BF8D57 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Execution Graph
Execution Coverage: | 18.2% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 55 |
Total number of Limit Nodes: | 9 |
Graph
Function 07D61127 Relevance: 5.6, Instructions: 5649COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D61140 Relevance: 5.6, Instructions: 5633COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 08711408 Relevance: 5.2, Instructions: 5170COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D6E3F0 Relevance: 2.2, Strings: 1, Instructions: 932COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066F10AC Relevance: 1.3, Instructions: 1264COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0870A6B0 Relevance: 1.0, Instructions: 976COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D6C144 Relevance: 1.0, Instructions: 961COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01448819 Relevance: .9, Instructions: 918COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01447AD8 Relevance: .9, Instructions: 912COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 08702388 Relevance: .6, Instructions: 596COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 08702363 Relevance: .6, Instructions: 592COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0871B13F Relevance: .4, Instructions: 362COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01444769 Relevance: .3, Instructions: 330COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0144AEC0 Relevance: .2, Instructions: 175COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0144AF11 Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066F8450 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066FED44 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066FED50 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066E0C70 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066FAD28 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D9AA38 Relevance: 1.6, APIs: 1, Instructions: 65windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066FAD30 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 087190A0 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066F7808 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066F88C0 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066F8640 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D9AA40 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D60DD3 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D6C170 Relevance: 1.0, Instructions: 952COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 014498F0 Relevance: .8, Instructions: 826COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D6F588 Relevance: .6, Instructions: 650COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D6BB0D Relevance: .5, Instructions: 472COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D6A191 Relevance: .5, Instructions: 470COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D6B528 Relevance: .4, Instructions: 438COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D69BD8 Relevance: .4, Instructions: 366COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01446FB9 Relevance: .3, Instructions: 291COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D69BAC Relevance: .3, Instructions: 283COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D6AE98 Relevance: .3, Instructions: 275COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D6DF88 Relevance: .3, Instructions: 271COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D6A7E6 Relevance: .2, Instructions: 242COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 014476B8 Relevance: .2, Instructions: 231COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 014472C0 Relevance: .2, Instructions: 204COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 014495A0 Relevance: .2, Instructions: 184COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D6A854 Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D6A897 Relevance: .2, Instructions: 160COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D6A8C0 Relevance: .1, Instructions: 144COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D6DAC0 Relevance: .1, Instructions: 141COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0144FBB0 Relevance: .1, Instructions: 135COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D6ABBE Relevance: .1, Instructions: 128COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D6E3E0 Relevance: .1, Instructions: 120COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D6F46F Relevance: .1, Instructions: 120COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 014493A0 Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D6ABE8 Relevance: .1, Instructions: 111COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D6AA9E Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01446090 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 014497CF Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 014496E8 Relevance: .1, Instructions: 86COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0144750F Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D6DAB0 Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01440848 Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0109D01C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0109D1D4 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01446081 Relevance: .1, Instructions: 67COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01444DC0 Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 014494E9 Relevance: .1, Instructions: 65COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01444F3C Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01440838 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0109D1CF Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0109D017 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0144FD68 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0108D80D Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D6E378 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D60E7E Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0144FE08 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01444D40 Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01444D31 Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0108D80C Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D6D5D8 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D6D5E8 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D60EF0 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D68AF1 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D6D586 Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01447957 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D6D590 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D6D682 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D60EB8 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0144A525 Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01447968 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D96AB8 Relevance: 3.3, Instructions: 3307COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0870C2B0 Relevance: .3, Instructions: 349COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0870C29F Relevance: .3, Instructions: 325COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066FD4A8 Relevance: .3, Instructions: 315COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D9C210 Relevance: .3, Instructions: 298COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 087069B0 Relevance: .3, Instructions: 270COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0871C6D2 Relevance: .3, Instructions: 269COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066FAB24 Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0871C6E0 Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066FD498 Relevance: .2, Instructions: 222COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 18.6% |
Dynamic/Decrypted Code Coverage: | 93.9% |
Signature Coverage: | 1.7% |
Total number of Nodes: | 180 |
Total number of Limit Nodes: | 6 |
Graph
Function 079C1127 Relevance: 5.6, Instructions: 5650COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079C1140 Relevance: 5.6, Instructions: 5633COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B87B08 Relevance: .4, Instructions: 430COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8823C Relevance: .3, Instructions: 330COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B84774 Relevance: .3, Instructions: 323COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079CE666 Relevance: .3, Instructions: 294COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8AEC0 Relevance: .2, Instructions: 175COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8AF11 Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079CD788 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079CD778 Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079CEC61 Relevance: 3.8, Strings: 3, Instructions: 66COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079CEC70 Relevance: 3.8, Strings: 3, Instructions: 63COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06328450 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079CB508 Relevance: 1.7, Strings: 1, Instructions: 437COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0632ED44 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0632ED50 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07A4D5EF Relevance: 1.6, APIs: 1, Instructions: 100memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06310C70 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0632AD28 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0910D628 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0910C460 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0632AD30 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0910D3A0 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 091034B3 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067590A0 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07A4D638 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06327808 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 091034B8 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 063288C0 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0910CB30 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0910D8B0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06328640 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079C0DD3 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079CA191 Relevance: .5, Instructions: 471COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B88828 Relevance: .4, Instructions: 445COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B88DA8 Relevance: .4, Instructions: 436COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079CBA73 Relevance: .4, Instructions: 434COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079CAE6C Relevance: .4, Instructions: 368COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079C9BD8 Relevance: .4, Instructions: 366COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079CB4FB Relevance: .3, Instructions: 348COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B86FB9 Relevance: .3, Instructions: 291COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079C9BAC Relevance: .3, Instructions: 284COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B88823 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079CD368 Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079CA7E6 Relevance: .2, Instructions: 245COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079CD02C Relevance: .2, Instructions: 220COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B876B8 Relevance: .2, Instructions: 198COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079CA854 Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8A34F Relevance: .2, Instructions: 165COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079CA897 Relevance: .2, Instructions: 160COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B872C0 Relevance: .1, Instructions: 144COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079CA8C0 Relevance: .1, Instructions: 144COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8FBB0 Relevance: .1, Instructions: 135COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8A478 Relevance: .1, Instructions: 130COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079CABBE Relevance: .1, Instructions: 127COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079CABE8 Relevance: .1, Instructions: 111COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B893B0 Relevance: .1, Instructions: 110COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B880F0 Relevance: .1, Instructions: 109COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079CAA9E Relevance: .1, Instructions: 106COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B86090 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B896E0 Relevance: .1, Instructions: 88COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B897E0 Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B897DD Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079CCF30 Relevance: .1, Instructions: 83COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8750F Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079CCEF3 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B2D4A0 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079CCF40 Relevance: .1, Instructions: 74COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B80848 Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B3D1D4 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B3D01C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B3D006 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B86089 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079CED59 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079CCEEF Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B84DCC Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B880ED Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B80838 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B2D49B Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B3D1CF Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8FD68 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B2D80D Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8FE08 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079C0E7E Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B84D40 Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B84D3C Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B2D80C Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079C0EF0 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079C8AF1 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079CDD25 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079C0EB8 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8A525 Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B87964 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 079CDBD1 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B87968 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 17.6% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 131 |
Total number of Limit Nodes: | 10 |
Graph
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D7A988 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 164processCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D7CEA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69injectionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D7C458 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D734B0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D7F540 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 59threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D7F988 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D734B8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 064A7808 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D7CB28 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 064A88C0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D7FD30 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D00DD3 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D09BD8 Relevance: .4, Instructions: 366COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00D6D1D4 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00D6D01C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00D6D005 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00D6D1CF Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07D0DBD1 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|