Windows
Analysis Report
103__Installer.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
103__Installer.exe (PID: 7572 cmdline:
"C:\Users\ user\Deskt op\103__In staller.ex e" MD5: FBA295E75A2C2FD0F205DA0A14B76859) WerFault.exe (PID: 4588 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 572 -s 209 6 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
XWorm | Malware with wide range of capabilities ranging from RAT to ransomware. | No Attribution |
{"C2 url": ["59.56.110.103"], "Port": "7000", "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_Donutloader_f40e3759 | unknown | unknown |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_Donutloader_f40e3759 | unknown | unknown |
| |
Windows_Trojan_Donutloader_f40e3759 | unknown | unknown |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_Donutloader_f40e3759 | unknown | unknown |
| |
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
JoeSecurity_XWorm | Yara detected XWorm | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
|
Timestamp: | 07/02/24-19:27:48.531831 |
SID: | 2852874 |
Source Port: | 7000 |
Destination Port: | 49708 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/02/24-19:28:02.641410 |
SID: | 2852923 |
Source Port: | 49708 |
Destination Port: | 7000 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/02/24-19:26:31.035751 |
SID: | 2853193 |
Source Port: | 49708 |
Destination Port: | 7000 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/02/24-19:25:03.851820 |
SID: | 2855924 |
Source Port: | 49708 |
Destination Port: | 7000 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/02/24-19:28:02.635547 |
SID: | 2852870 |
Source Port: | 7000 |
Destination Port: | 49708 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_00B725AD |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process Stats: |
Source: | Code function: | 0_2_00B8000E | |
Source: | Code function: | 0_2_00B85A2A | |
Source: | Code function: | 0_2_00B803AC | |
Source: | Code function: | 0_2_00B8738F | |
Source: | Code function: | 0_2_00B7FB79 | |
Source: | Code function: | 0_2_00B80B66 | |
Source: | Code function: | 0_2_00B854D9 | |
Source: | Code function: | 0_2_00B86657 | |
Source: | Code function: | 0_2_00B85F7B | |
Source: | Code function: | 0_2_00B8077E | |
Source: | Code function: | 0_2_00B87F4F | |
Source: | Code function: | 0_2_05F855D8 | |
Source: | Code function: | 0_2_05F8A6B8 | |
Source: | Code function: | 0_2_05F8B3F8 | |
Source: | Code function: | 0_2_05F8ED84 | |
Source: | Code function: | 0_2_05F84D08 | |
Source: | Code function: | 0_2_05F807A0 | |
Source: | Code function: | 0_2_05F849C0 |
Source: | Code function: |
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 0_2_00B840E4 |
Source: | Code function: | 0_2_00B7A998 | |
Source: | Code function: | 0_2_00B74966 | |
Source: | Code function: | 0_2_00B7665C | |
Source: | Code function: | 0_2_05F8D055 | |
Source: | Code function: | 0_2_05F87560 | |
Source: | Code function: | 0_2_05F8D4F0 | |
Source: | Code function: | 0_2_05F8D3FB | |
Source: | Code function: | 0_2_05F8D3A6 | |
Source: | Code function: | 0_2_05F86B89 |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior |
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-25695 | ||
Source: | API call chain: | graph_0-25878 |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 0_2_00B765D1 |
Source: | Code function: | 0_2_00B840E4 |
Source: | Code function: | 0_2_03AC1628 |
Source: | Code function: | 0_2_00B87CB1 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 0_2_00B765D1 | |
Source: | Code function: | 0_2_00B7A71E | |
Source: | Code function: | 0_2_00B7C71D |
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 0_2_00B71671 |
Source: | Code function: | 0_2_00B7F8E5 | |
Source: | Code function: | 0_2_00B7F825 | |
Source: | Code function: | 0_2_00B84859 | |
Source: | Code function: | 0_2_00B7F988 | |
Source: | Code function: | 0_2_00B7F94C | |
Source: | Code function: | 0_2_00B7DBBB | |
Source: | Code function: | 0_2_00B844BA | |
Source: | Code function: | 0_2_00B7EC3A | |
Source: | Code function: | 0_2_00B7F45D | |
Source: | Code function: | 0_2_00B84594 | |
Source: | Code function: | 0_2_00B7F5F9 | |
Source: | Code function: | 0_2_00B7F552 | |
Source: | Code function: | 0_2_00B7F654 | |
Source: | Code function: | 0_2_00B7DFDE | |
Source: | Code function: | 0_2_00B75FC5 | |
Source: | Code function: | 0_2_00B7EF28 |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_00B741BA |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 11 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 11 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 151 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 11 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 141 Virtualization/Sandbox Evasion | Security Account Manager | 141 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Process Injection | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Deobfuscate/Decode Files or Information | LSA Secrets | 1 File and Directory Discovery | SSH | Keylogging | 12 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 2 Obfuscated Files or Information | Cached Domain Credentials | 34 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Software Packing | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
21% | ReversingLabs | |||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
guanlix.cn | 91.208.240.157 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
91.208.240.157 | guanlix.cn | unknown | 139659 | LUCID-AS-APLUCIDACLOUDLIMITEDHK | false | |
59.56.110.103 | unknown | China | 133774 | CHINATELECOM-FUJIAN-FUZHOU-IDC1FuzhouCN | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1466314 |
Start date and time: | 2024-07-02 19:23:56 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 7m 2s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 18 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 103__Installer.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@2/7@1/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.42.65.92
- Excluded domains from analysis (whitelisted): onedsblobprdeus17.eastus.cloudapp.azure.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: 103__Installer.exe
Time | Type | Description |
---|---|---|
13:24:49 | API Interceptor | |
13:28:12 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
91.208.240.157 | Get hash | malicious | XWorm | Browse |
| |
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
59.56.110.103 | Get hash | malicious | XWorm | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
guanlix.cn | Get hash | malicious | XWorm | Browse |
| |
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CHINATELECOM-FUJIAN-FUZHOU-IDC1FuzhouCN | Get hash | malicious | XWorm | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | CobaltStrike | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
LUCID-AS-APLUCIDACLOUDLIMITEDHK | Get hash | malicious | XWorm | Browse |
| |
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GhostRat | Browse |
| ||
Get hash | malicious | GhostRat | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_103__Installer.e_543e9b5bf1d99de7872b8c34a610dcac6fe4_9792b471_b8d55630-627c-4954-8814-5f2f94326423\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.2517547462549623 |
Encrypted: | false |
SSDEEP: | 192:RqYfuOi2UN0BU/AjZTD4yX66zuiFAZ24IO8w:YYfuOi29BU/AjWyX/zuiFAY4IO8w |
MD5: | C5E9A958D70D40923D453882DCAAE84F |
SHA1: | 8A599622D0DA2A33BE9EF6452677DC3766F9E2E4 |
SHA-256: | D03EC714151BA896B4ECFB29D3F9C50C01DBDF7F278B1E36BF9EA219C0E773A3 |
SHA-512: | E2F0A9A643BC49B4C74200B553D2E1BFB2DCA2389E87A167C1E18D2B725AEB6844C41C8735DE1389297EC05D6F805B19EB96127361BBB5B2DB92110DD51DC6B3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 353771 |
Entropy (8bit): | 3.5682967330200746 |
Encrypted: | false |
SSDEEP: | 3072:MhwFpka8T4uEqxmeLTg/NyHm1vUaGyDe3UF6:qwYa8T4OpTg/NyHUVhK+6 |
MD5: | 9A602E3F6AB0AF82F58F8F6F2E9C65DF |
SHA1: | 9DE0202FAFF890A9CF9074CCF10176847F7F789E |
SHA-256: | 427975DED050EB244A10AF1575C1EE921538BEEBF5E083957AB4613C37F863CD |
SHA-512: | 228FFEC8E31DA91460CEDDE08775DDE58B4C90207E8BF30C3FCA3A10E80435ECB0604EC962E8DEE86301DDACD79B7E5E3DA90F1E7699C3E0EEAF43982C3AD229 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8434 |
Entropy (8bit): | 3.696449317246591 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJyJx67p6YWGSU+4kgmfZYAVbprZ89bpJsfpDm:R6lXJyf6N6Y3SUKgmfSAVwpifw |
MD5: | EE824B01C41E286E2A2CB3D12C388F92 |
SHA1: | BC957467F5B7C9CAC693B45AFB00C9FEB4779A70 |
SHA-256: | C2872A72E55A0691CCF848D5E2134F1DC8868B6D0BE03A4E04320DA6E2DF70B7 |
SHA-512: | 3041124FA99D9612F0D9574FE2D5D0031A3D6C98F547B511A6AF957CB9DE65B7550DF61EC1C11A22B3518F9A87B24C26778F235789C1583A39A4452DB16CAE46 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4765 |
Entropy (8bit): | 4.457823322209864 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsmnNJg77aI9H2zNWpW8VY8Ym8M4JMrtBFK+q8vqtHPAS88WSycd:uIjfmnnI7Q47V4JtK+P7Nycd |
MD5: | 0B2EF78F46E97AE88DCE37A6354C7258 |
SHA1: | F5CDAB970C54A86C622D2649E9A44638465A6C65 |
SHA-256: | 8A1AFAA3BDFE79D9252D4D6405F80712E7C164D246D4C6A01F4F6671B5805AFD |
SHA-512: | 892038D30ABB9CF8AE0D5CF4963D76A1B7ABF0CC91C2BA82C5AFF0FFD6EF4166CB7AE16DDEB28D5E15A0F6E603252CD9A6012BE61314088F45A5583AC642305C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\103__Installer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71938 |
Entropy (8bit): | 7.604678512981776 |
Encrypted: | false |
SSDEEP: | 1536:+Sjk79gZOcfNdQdX5kDjfjx1rwa7F0vGmM6eKXBwLsy1ETqfvu+P4Rtsj5o:S5gblOdX50jxJZJmMRKXBwLs/ |
MD5: | 30DD8CD1E4557604F2F904623AC15350 |
SHA1: | 4605B3E8F3FDDA4E22389CC655842D67A5A02D65 |
SHA-256: | 6B3852E6F2BD2DF3A4AD5AD33009227E682BBB25B5C0F7EDFA0124C05B08138B |
SHA-512: | B96490A8F2116250C5AA99F5C76895829F21595E40674AC828EF138598EF3D8BE0D3CA5F3BE4D3E250C2FB6D18B8108868032BE61E68868062A731EE27A23459 |
Malicious: | false |
Yara Hits: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\103__Installer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71938 |
Entropy (8bit): | 7.604678512981776 |
Encrypted: | false |
SSDEEP: | 1536:+Sjk79gZOcfNdQdX5kDjfjx1rwa7F0vGmM6eKXBwLsy1ETqfvu+P4Rtsj5o:S5gblOdX50jxJZJmMRKXBwLs/ |
MD5: | 30DD8CD1E4557604F2F904623AC15350 |
SHA1: | 4605B3E8F3FDDA4E22389CC655842D67A5A02D65 |
SHA-256: | 6B3852E6F2BD2DF3A4AD5AD33009227E682BBB25B5C0F7EDFA0124C05B08138B |
SHA-512: | B96490A8F2116250C5AA99F5C76895829F21595E40674AC828EF138598EF3D8BE0D3CA5F3BE4D3E250C2FB6D18B8108868032BE61E68868062A731EE27A23459 |
Malicious: | false |
Yara Hits: |
|
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.296059831234597 |
Encrypted: | false |
SSDEEP: | 6144:U41fWRYkg7Di2vXoy00lWZgiWaaKxC44Q0NbuDs+wW/mBMZJh1Vjt:J1/YCW2AoQ0Nid/wMHrVp |
MD5: | 47D4670EBAE6F1E7C598895C7D988734 |
SHA1: | 2F34B43524FC00693304B32BA4C3E3787466C59E |
SHA-256: | 309D2E3911C9601B4E21C2054DBC6AC8340A515E14D249B64563B54FAF735D8A |
SHA-512: | AD7B92972225CF1FCFEBD8FBE9798A03FD187E7C1B51479F04ABC31761913F6DE2047C9BC075590DCCCB09FEFEAA7B8B84001977159252EB261335663F582D0C |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 5.938024130303621 |
TrID: |
|
File name: | 103__Installer.exe |
File size: | 249'344 bytes |
MD5: | fba295e75a2c2fd0f205da0a14b76859 |
SHA1: | 5f26b9001c0482f1018ce153e58caf61e80ecb8f |
SHA256: | 86ed9f7125ae452d28f9eabd11f5cc9bef747fb751a5aa1283a0ab24952cf508 |
SHA512: | 0570f038d1ee0892ff66aa47b8b8ceca5790f467188b16a5c968f0bfc2891882b3441d090db1b586861a6a84756d2dbcf54e9360970638d5ae987477f012e283 |
SSDEEP: | 3072:NPl4G474Poo9JkbXjEU+QVUjsbCeg2SbAe4ZQeAnuTCt2xbzmyoaq6rcYsc8kOeu:NPW745r2XgUsjsbOZnjZ2x4 |
TLSH: | 15345B92F6C0D4B6D8170175983ACEB2126BBE798974110B36E9372F5EB72831937E07 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.q>...m...m...mj..m...mj..m...m...m...m...m_..mj..m1..mj..m...mj..m...mRich...m........PE..L....b.f.................v...T..... |
Icon Hash: | 20246c0c56e20926 |
Entrypoint: | 0x405b41 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x668362D5 [Tue Jul 2 02:15:49 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 0b47c746b58dc722dcec07246158fda2 |
Instruction |
---|
call 00007F746094B1B5h |
jmp 00007F7460943C8Eh |
mov edi, edi |
push ebp |
mov ebp, esp |
mov eax, dword ptr [ebp+08h] |
test eax, eax |
je 00007F7460943E14h |
sub eax, 08h |
cmp dword ptr [eax], 0000DDDDh |
jne 00007F7460943E09h |
push eax |
call 00007F74609426EFh |
pop ecx |
pop ebp |
ret |
mov edi, edi |
push ebp |
mov ebp, esp |
mov eax, dword ptr [ebp+08h] |
push esi |
mov esi, ecx |
mov byte ptr [esi+0Ch], 00000000h |
test eax, eax |
jne 00007F7460943E65h |
call 00007F7460947A1Eh |
mov dword ptr [esi+08h], eax |
mov ecx, dword ptr [eax+6Ch] |
mov dword ptr [esi], ecx |
mov ecx, dword ptr [eax+68h] |
mov dword ptr [esi+04h], ecx |
mov ecx, dword ptr [esi] |
cmp ecx, dword ptr [004201F8h] |
je 00007F7460943E14h |
mov ecx, dword ptr [0041FFB0h] |
test dword ptr [eax+70h], ecx |
jne 00007F7460943E09h |
call 00007F746094BB8Fh |
mov dword ptr [esi], eax |
mov eax, dword ptr [esi+04h] |
cmp eax, dword ptr [0041FEB8h] |
je 00007F7460943E18h |
mov eax, dword ptr [esi+08h] |
mov ecx, dword ptr [0041FFB0h] |
test dword ptr [eax+70h], ecx |
jne 00007F7460943E0Ah |
call 00007F746094B3EEh |
mov dword ptr [esi+04h], eax |
mov eax, dword ptr [esi+08h] |
test byte ptr [eax+70h], 00000002h |
jne 00007F7460943E16h |
or dword ptr [eax+70h], 02h |
mov byte ptr [esi+0Ch], 00000001h |
jmp 00007F7460943E0Ch |
mov ecx, dword ptr [eax] |
mov dword ptr [esi], ecx |
mov eax, dword ptr [eax+04h] |
mov dword ptr [esi+04h], eax |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
mov edi, edi |
push ebp |
mov ebp, esp |
sub esp, 10h |
mov eax, dword ptr [0041F920h] |
xor eax, ebp |
mov dword ptr [ebp-04h], eax |
mov edx, dword ptr [ebp+18h] |
push ebx |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x1d95c | 0x3c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x23000 | 0x1c748 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x40000 | 0x138c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x1c368 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x19000 | 0x150 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x17548 | 0x17600 | 2832193bc838d3749cda385130dee996 | False | 0.5840261530748663 | data | 6.643994573279363 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x19000 | 0x50e0 | 0x5200 | 2b632e407db410004511f129777602b4 | False | 0.3598513719512195 | data | 4.9252502906591396 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x1f000 | 0x37c4 | 0x1a00 | 268250434fbffdf0a4bf9cf4a64d29c5 | False | 0.3167067307692308 | data | 3.867957401461582 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x23000 | 0x1c748 | 0x1c800 | 13c7e8b4f8049f0b57e98c87b62e9647 | False | 0.2745768229166667 | data | 4.800930470827677 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x40000 | 0x1e2c | 0x2000 | 061df8fc06366d9ad70b17618c2ca63b | False | 0.482666015625 | data | 4.816108713673021 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x233a0 | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1152 | Chinese | China | 0.2554878048780488 |
RT_ICON | 0x23a08 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512 | Chinese | China | 0.3602150537634409 |
RT_ICON | 0x23cf0 | 0x1e8 | Device independent bitmap graphic, 24 x 48 x 4, image size 288 | Chinese | China | 0.39344262295081966 |
RT_ICON | 0x23ed8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | Chinese | China | 0.4358108108108108 |
RT_ICON | 0x24000 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Chinese | China | 0.4986673773987207 |
RT_ICON | 0x24ea8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Chinese | China | 0.5888989169675091 |
RT_ICON | 0x25750 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Chinese | China | 0.548963133640553 |
RT_ICON | 0x25e18 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Chinese | China | 0.40534682080924855 |
RT_ICON | 0x26380 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | Chinese | China | 0.18236129184904767 |
RT_ICON | 0x36ba8 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | Chinese | China | 0.3425838450637695 |
RT_ICON | 0x3add0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | Chinese | China | 0.3924273858921162 |
RT_ICON | 0x3d378 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | Chinese | China | 0.49953095684803 |
RT_ICON | 0x3e420 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | Chinese | China | 0.580327868852459 |
RT_ICON | 0x3eda8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | Chinese | China | 0.6906028368794326 |
RT_GROUP_ICON | 0x3f210 | 0xca | data | Chinese | China | 0.6089108910891089 |
RT_VERSION | 0x3f2dc | 0x304 | data | Chinese | China | 0.43134715025906734 |
RT_MANIFEST | 0x3f5e0 | 0x165 | ASCII text, with CRLF line terminators | English | United States | 0.5434173669467787 |
DLL | Import |
---|---|
KERNEL32.dll | CloseHandle, ReadFile, VirtualAlloc, GetFileSize, CreateFileA, Sleep, GetTickCount64, VirtualFree, SetEndOfFile, CreateFileW, SetStdHandle, WriteConsoleW, LoadLibraryW, IsValidLocale, InterlockedIncrement, InterlockedDecrement, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, EncodePointer, DecodePointer, GetSystemTimeAsFileTime, GetLastError, HeapFree, RaiseException, RtlUnwind, GetCommandLineA, HeapSetInformation, GetStartupInfoW, WideCharToMultiByte, LCMapStringW, MultiByteToWideChar, GetCPInfo, HeapAlloc, IsProcessorFeaturePresent, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetModuleHandleW, SetLastError, GetCurrentThreadId, GetProcAddress, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, TerminateProcess, GetCurrentProcess, HeapCreate, SetHandleCount, GetStdHandle, InitializeCriticalSectionAndSpinCount, GetFileType, ExitProcess, WriteFile, GetConsoleCP, GetConsoleMode, FlushFileBuffers, SetFilePointer, GetModuleFileNameW, GetModuleFileNameA, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetACP, GetOEMCP, IsValidCodePage, GetStringTypeW, GetLocaleInfoW, HeapReAlloc, HeapSize, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, GetProcessHeap |
WININET.dll | InternetCloseHandle, InternetReadFile, InternetOpenUrlA, InternetOpenA |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Chinese | China | |
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
07/02/24-19:27:48.531831 | TCP | 2852874 | ETPRO TROJAN Win32/XWorm CnC PING Command Inbound M2 | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
07/02/24-19:28:02.641410 | TCP | 2852923 | ETPRO TROJAN Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
07/02/24-19:26:31.035751 | TCP | 2853193 | ETPRO TROJAN Win32/XWorm V3 CnC Command - PING Outbound | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
07/02/24-19:25:03.851820 | TCP | 2855924 | ETPRO TROJAN Win32/XWorm V3 CnC Command - PING Outbound | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
07/02/24-19:28:02.635547 | TCP | 2852870 | ETPRO TROJAN Win32/XWorm CnC Checkin - Generic Prefix Bytes | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 2, 2024 19:24:45.026818037 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:45.031827927 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:45.031934977 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:45.032059908 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:45.036792040 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:45.979119062 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:45.979178905 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:45.979186058 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:45.979269981 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:45.979298115 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:45.979443073 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:45.979449987 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:45.979460955 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:45.979470015 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:45.979518890 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:45.979518890 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:45.979882002 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:45.979888916 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:45.979895115 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:45.979955912 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:45.984069109 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:45.984087944 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:45.984224081 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.216850042 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.216912985 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.216967106 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.217000008 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.217034101 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.217034101 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.217108011 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.217116117 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.217164993 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.217288017 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.217390060 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.217854977 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.217860937 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.217873096 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.217978001 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.218102932 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.218230009 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.218240023 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.218245983 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.218308926 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.218436956 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.218488932 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.218550920 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.218558073 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.218569040 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.218575954 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.218601942 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.218635082 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.218991041 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.218998909 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.219053984 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.219441891 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.219516993 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.219520092 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.219527006 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.219573975 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.221932888 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.222018003 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.222088099 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.222161055 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.222167015 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.222173929 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.222218990 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.222218990 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.454722881 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.454783916 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.454791069 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.454844952 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.454844952 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.455092907 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.455102921 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.455115080 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.455121994 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.455185890 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.455446959 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.455454111 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.455460072 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.455503941 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.455527067 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.455765009 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.455770969 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.455784082 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.455826998 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.456182957 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.456188917 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.456195116 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.456201077 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.456212997 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.456219912 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.456224918 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.456240892 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.456240892 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.456262112 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.456290960 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.456994057 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.457000017 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.457012892 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.457060099 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.457060099 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:46.548846006 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:24:46.548969030 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:24:50.512407064 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:24:50.517437935 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:24:50.517569065 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:24:50.770144939 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:24:50.911608934 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:03.851819992 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:25:03.856626987 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:04.185338974 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:04.238194942 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:25:04.514658928 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:25:04.519702911 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:16.926495075 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:25:16.932051897 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:17.262506962 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:17.265055895 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:25:17.269995928 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:18.491913080 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:18.535146952 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:25:30.004367113 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:25:30.009336948 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:30.339859962 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:30.343574047 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:25:30.348565102 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:43.082802057 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:25:43.087631941 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:43.416511059 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:43.425026894 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:25:43.429888964 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:48.494132996 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:48.535218954 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:25:51.458343029 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:25:51.458450079 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:25:53.395464897 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:25:53.628973007 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:25:53.642569065 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:53.642595053 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:53.973797083 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:53.977257013 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:25:53.982192993 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:54.270006895 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:25:54.274880886 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:54.603859901 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:54.619333982 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:25:54.624145031 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:54.941957951 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:25:54.947242975 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:55.035686970 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:25:55.040543079 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:55.239356041 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:25:55.244496107 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:55.275682926 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:55.285409927 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:25:55.334037066 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:55.517119884 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:55.519125938 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:25:55.524116039 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:55.796210051 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:55.801194906 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:25:55.805977106 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:56.754271030 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:25:56.759324074 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:57.087941885 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:25:57.089941025 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:25:57.094856024 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:04.942106962 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:04.947887897 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:05.082530975 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:05.087430954 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:05.276668072 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:05.280270100 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:05.286572933 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:05.524923086 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:05.530759096 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:05.535940886 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:10.332664967 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:10.337512970 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:10.426253080 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:10.431102037 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:10.441837072 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:10.446621895 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:10.473146915 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:10.477962017 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:10.666465044 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:10.669002056 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:10.673846960 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:10.906523943 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:10.916600943 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:10.921535015 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:11.159605026 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:11.170754910 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:11.175685883 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:11.177151918 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:11.182199955 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:11.411134005 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:11.416021109 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:11.973893881 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:11.975536108 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:11.980379105 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:14.019992113 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:14.025361061 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:14.354161024 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:14.356132030 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:14.360889912 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:15.551229954 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:15.578768969 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:15.907475948 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:15.909339905 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:15.914211988 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:17.535559893 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:17.542098999 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:17.870080948 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:17.872157097 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:17.877017021 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:18.521421909 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:18.566567898 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:30.613755941 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:30.732541084 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:30.973040104 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:30.978003025 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:31.035751104 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:31.040673018 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:31.058919907 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:31.065179110 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:31.113900900 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:31.113980055 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:31.118959904 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:31.306619883 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:31.308701992 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:31.313999891 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:31.546469927 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:31.549139977 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:31.554117918 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:31.786165953 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:31.788052082 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:31.794362068 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:32.082675934 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:32.087476015 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:32.604402065 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:32.606688023 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:32.611469984 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:34.519814014 CEST | 49707 | 881 | 192.168.2.10 | 91.208.240.157 |
Jul 2, 2024 19:26:34.524849892 CEST | 881 | 49707 | 91.208.240.157 | 192.168.2.10 |
Jul 2, 2024 19:26:37.332468033 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:37.544912100 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:37.875310898 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:37.877321959 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:37.882138968 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:44.535512924 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:44.541017056 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:44.869843960 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:44.871345043 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:44.876185894 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:46.380490065 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:46.385560989 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:46.442600965 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:46.448615074 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:46.756450891 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:46.759774923 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:46.767992020 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:46.996155977 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:46.998090029 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:47.004132032 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:48.517290115 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:48.566519976 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:49.473284960 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:49.478162050 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:49.807771921 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:49.813163996 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:49.818033934 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:52.848174095 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:52.853199005 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:52.879391909 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:52.886152029 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:52.895032883 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:52.900600910 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:52.910583019 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:52.915396929 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:53.182055950 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:53.183598995 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:53.188522100 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:53.435084105 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:53.439193964 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:53.443977118 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:53.674089909 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:53.676343918 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:53.681237936 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:53.681313038 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:53.686358929 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:58.020001888 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:58.025515079 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:58.362422943 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:26:58.364145041 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:26:58.369164944 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:01.426286936 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:01.431514025 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:01.760094881 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:01.763123035 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:01.767916918 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:08.363729954 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:08.368566990 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:08.697655916 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:08.700891018 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:08.705897093 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:18.518781900 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:18.566585064 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:18.785665989 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:18.790512085 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:18.801675081 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:18.806636095 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:18.848650932 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:18.853559017 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:18.957613945 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:18.962405920 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:19.004580021 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:19.009474039 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:19.123985052 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:19.126043081 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:19.131294966 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:19.301260948 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:19.306590080 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:19.359496117 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:19.361474037 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:19.366375923 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:19.426228046 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:19.431370974 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:19.598973036 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:19.600544930 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:19.605341911 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:19.605403900 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:19.610166073 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:19.839663982 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:19.844947100 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:19.850025892 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:21.092832088 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:21.094815969 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:21.095561028 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:21.095606089 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:21.097083092 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:21.097124100 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:21.098078966 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:21.098118067 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:21.100728989 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:21.317029953 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:21.322261095 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:21.720752954 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:21.722687960 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:21.727508068 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:24.863821983 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:24.868638992 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:24.879378080 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:24.884130955 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:24.942049980 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:24.946814060 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:24.957470894 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:24.962264061 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:25.082573891 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:25.087451935 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:25.098114014 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:25.102936983 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:25.113816977 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:25.118577003 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:25.160862923 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:25.165678024 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:25.176203966 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:25.181107998 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:25.196995974 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:25.198518038 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:25.245872021 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:25.437726021 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:25.440114975 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:25.444932938 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:25.676493883 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:25.678153992 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:25.683053970 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:25.683165073 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:25.687952995 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:25.915642023 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:25.923172951 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:25.928015947 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:25.935149908 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:25.940073967 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:27.989346027 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:27.994312048 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:28.322792053 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:28.325889111 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:28.330797911 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:33.363954067 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:33.369385004 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:33.697273970 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:33.698760986 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:33.703732967 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:35.692116976 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:35.696856976 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:36.025947094 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:36.031167984 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:36.035933018 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:38.457875967 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:38.462836981 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:38.791779041 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:38.796690941 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:38.801616907 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:39.145569086 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:39.151108027 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:39.481745005 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:39.483690977 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:39.488785982 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:48.531831026 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:48.585284948 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:48.791187048 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:48.796246052 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:49.127213955 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:49.129750967 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:49.134670973 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:51.176978111 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:51.182013988 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:51.270747900 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:51.275788069 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:51.285759926 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:51.290716887 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:51.532635927 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:51.534809113 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:51.540844917 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:51.754383087 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:51.756232977 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:51.761298895 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:51.991328955 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:51.993124962 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:51.997895956 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:56.427206039 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:56.432564974 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:56.761580944 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:56.763216019 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:56.768172979 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:58.738987923 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:58.744807959 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:59.199240923 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:27:59.201260090 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:27:59.206070900 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:28:02.301711082 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:28:02.306746006 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:28:02.635546923 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:28:02.641410112 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Jul 2, 2024 19:28:02.647008896 CEST | 7000 | 49708 | 59.56.110.103 | 192.168.2.10 |
Jul 2, 2024 19:28:13.915904045 CEST | 49708 | 7000 | 192.168.2.10 | 59.56.110.103 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 2, 2024 19:24:44.551358938 CEST | 62058 | 53 | 192.168.2.10 | 1.1.1.1 |
Jul 2, 2024 19:24:45.021696091 CEST | 53 | 62058 | 1.1.1.1 | 192.168.2.10 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jul 2, 2024 19:24:44.551358938 CEST | 192.168.2.10 | 1.1.1.1 | 0x24a3 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 2, 2024 19:24:45.021696091 CEST | 1.1.1.1 | 192.168.2.10 | 0x24a3 | No error (0) | 91.208.240.157 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.10 | 49707 | 91.208.240.157 | 881 | 7572 | C:\Users\user\Desktop\103__Installer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 2, 2024 19:24:45.032059908 CEST | 94 | OUT | |
Jul 2, 2024 19:24:45.979119062 CEST | 1236 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 13:24:42 |
Start date: | 02/07/2024 |
Path: | C:\Users\user\Desktop\103__Installer.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb70000 |
File size: | 249'344 bytes |
MD5 hash: | FBA295E75A2C2FD0F205DA0A14B76859 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 16 |
Start time: | 13:28:05 |
Start date: | 02/07/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2b0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 10.4% |
Dynamic/Decrypted Code Coverage: | 11.2% |
Signature Coverage: | 2% |
Total number of Nodes: | 796 |
Total number of Limit Nodes: | 79 |
Graph
Function 00B725AD Relevance: 1.6, APIs: 1, Instructions: 51COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05F84D08 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05F8ED84 Relevance: .9, Instructions: 936COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05F8B3F8 Relevance: .9, Instructions: 913COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05F8A6B8 Relevance: .9, Instructions: 896COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05F855D8 Relevance: .3, Instructions: 266COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B711E1 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 89filesleepmemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B72E42 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 71networkfileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B72E3D Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 64networkfileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03AC00CD Relevance: 6.1, APIs: 4, Instructions: 90memoryCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B72F22 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 23memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05F875E0 Relevance: 1.6, APIs: 1, Instructions: 130COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B71830 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05F86FD1 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B72D13 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B72D18 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05F876B0 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05F86F64 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7246D Relevance: 1.5, APIs: 1, Instructions: 37COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B72468 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03B0D5FC Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03B0D5F7 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03B0D006 Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03B0D01D Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7F45D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7C71D Relevance: 1.5, APIs: 1, Instructions: 4COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05F849C0 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B80B66 Relevance: .4, Instructions: 355COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8077E Relevance: .3, Instructions: 349COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B803AC Relevance: .3, Instructions: 332COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8000E Relevance: .3, Instructions: 326COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05F807A0 Relevance: .3, Instructions: 260COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03AC1628 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B71671 Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B798E5 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B75C52 Relevance: 12.1, APIs: 8, Instructions: 147COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7966F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B71AEB Relevance: 9.0, APIs: 6, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B77D40 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B72610 Relevance: 6.2, APIs: 4, Instructions: 171COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B75513 Relevance: 6.1, APIs: 4, Instructions: 130COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7DACC Relevance: 6.1, APIs: 4, Instructions: 69COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B77AB9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|