Windows
Analysis Report
vNx9jGoYpb.exe
Overview
General Information
Sample name: | vNx9jGoYpb.exerenamed because original name is a hash value |
Original sample name: | f508cbf0d02ffbc85b07ada57b869239fa840e7a4b66234384cf97981ad48ccd.exe |
Analysis ID: | 1466967 |
MD5: | d482d79a7d37a4c18c8c3273f5d8eed1 |
SHA1: | f3bba44877555fd96cb89430e1bc04193b324965 |
SHA256: | f508cbf0d02ffbc85b07ada57b869239fa840e7a4b66234384cf97981ad48ccd |
Tags: | exe |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
vNx9jGoYpb.exe (PID: 6000 cmdline:
"C:\Users\ user\Deskt op\vNx9jGo Ypb.exe" MD5: D482D79A7D37A4C18C8C3273F5D8EED1) RegAsm.exe (PID: 2700 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13) WerFault.exe (PID: 4440 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 000 -s 308 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
RedLine Stealer | RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer. | No Attribution |
{"C2 url": "94.228.166.68:80", "Bot Id": "@kolnausgb", "Message": "Click Close to exit the program. Error code: 1142", "Authorization Header": "ec115238af12754cb0b0480ec782f2ef"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
Click to see the 2 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
Timestamp: | 07/03/24-15:54:07.024325 |
SID: | 2046045 |
Source Port: | 49705 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/03/24-15:54:15.837322 |
SID: | 2043231 |
Source Port: | 49705 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/03/24-15:54:07.229078 |
SID: | 2043234 |
Source Port: | 80 |
Destination Port: | 49705 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 1_2_00E19BD3 |
Source: | Code function: | 2_2_060E39C0 | |
Source: | Code function: | 2_2_060E3C92 | |
Source: | Code function: | 2_2_0A0103D8 | |
Source: | Code function: | 2_2_0A011898 | |
Source: | Code function: | 2_2_0A0166F8 | |
Source: | Code function: | 2_2_0A010D30 | |
Source: | Code function: | 2_2_0A010D30 | |
Source: | Code function: | 2_2_0A013340 | |
Source: | Code function: | 2_2_0A01839C |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 1_2_00E228F0 | |
Source: | Code function: | 1_2_00E18D09 | |
Source: | Code function: | 2_2_0518DC74 | |
Source: | Code function: | 2_2_060E0F28 | |
Source: | Code function: | 2_2_060E6F30 | |
Source: | Code function: | 2_2_060E7800 | |
Source: | Code function: | 2_2_060E0F18 | |
Source: | Code function: | 2_2_060EEA17 | |
Source: | Code function: | 2_2_060EEA28 | |
Source: | Code function: | 2_2_060E6BE8 | |
Source: | Code function: | 2_2_060FEA18 | |
Source: | Code function: | 2_2_060F43C0 | |
Source: | Code function: | 2_2_060F1831 | |
Source: | Code function: | 2_2_060F1840 | |
Source: | Code function: | 2_2_0A012A58 | |
Source: | Code function: | 2_2_0A013B68 | |
Source: | Code function: | 2_2_0A0103D8 | |
Source: | Code function: | 2_2_0A011898 | |
Source: | Code function: | 2_2_0A01B158 | |
Source: | Code function: | 2_2_0A013600 | |
Source: | Code function: | 2_2_0A0176F0 | |
Source: | Code function: | 2_2_0A012418 | |
Source: | Code function: | 2_2_0A018450 | |
Source: | Code function: | 2_2_0A0144B0 | |
Source: | Code function: | 2_2_0A010D30 | |
Source: | Code function: | 2_2_0A011889 | |
Source: | Code function: | 2_2_0A014FF0 | |
Source: | Code function: | 2_2_0A012408 | |
Source: | Code function: | 2_2_0A018440 | |
Source: | Code function: | 2_2_0A010D1F | |
Source: | Code function: | 2_2_0A0135F0 |
Source: | Code function: |
Source: | Process created: |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 1_2_00E09A7F | |
Source: | Code function: | 2_2_060E3800 | |
Source: | Code function: | 2_2_060F1670 | |
Source: | Code function: | 2_2_060FDEC0 | |
Source: | Code function: | 2_2_060F9C7C | |
Source: | Code function: | 2_2_060F9CDC | |
Source: | Code function: | 2_2_060F22A0 | |
Source: | Code function: | 2_2_060F4330 | |
Source: | Code function: | 2_2_060F4370 | |
Source: | Code function: | 2_2_060FE8C0 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | Code function: | 1_2_00E19BD3 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_1-17023 |
Source: | Process information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 2_2_060E8548 |
Source: | Code function: | 1_2_00E0DE43 |
Source: | Code function: | 1_2_00E151C2 | |
Source: | Code function: | 1_2_00E11F18 |
Source: | Code function: | 1_2_00E1D31C |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 1_2_00E0A082 | |
Source: | Code function: | 1_2_00E0A1E0 | |
Source: | Code function: | 1_2_00E0DE43 | |
Source: | Code function: | 1_2_00E09F26 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 1_2_013E018D |
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 1_2_00E09C45 |
Source: | Code function: | 1_2_00E1D0BA | |
Source: | Code function: | 1_2_00E1C9F8 | |
Source: | Code function: | 1_2_00E1C951 | |
Source: | Code function: | 1_2_00E1CADE | |
Source: | Code function: | 1_2_00E1CA43 | |
Source: | Code function: | 1_2_00E14A45 | |
Source: | Code function: | 1_2_00E1CB69 | |
Source: | Code function: | 1_2_00E1CDBC | |
Source: | Code function: | 1_2_00E1CEE5 | |
Source: | Code function: | 1_2_00E1CFEB | |
Source: | Code function: | 1_2_00E14F6B | |
Source: | Code function: | 1_2_00E1C756 |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 1_2_00E0944C |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 221 Windows Management Instrumentation | 1 DLL Side-Loading | 411 Process Injection | 1 Masquerading | 1 OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 261 Security Software Discovery | Remote Desktop Protocol | 3 Data from Local System | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 251 Virtualization/Sandbox Evasion | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 11 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 411 Process Injection | NTDS | 251 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 3 Obfuscated Files or Information | Cached Domain Credentials | 1 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | 134 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
96% | ReversingLabs | Win32.Trojan.RedLine | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
api.ip.sb | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
94.228.166.68 | unknown | Russian Federation | 48467 | PRANET-ASRU | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1466967 |
Start date and time: | 2024-07-03 15:53:09 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 12s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | vNx9jGoYpb.exerenamed because original name is a hash value |
Original Sample Name: | f508cbf0d02ffbc85b07ada57b869239fa840e7a4b66234384cf97981ad48ccd.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@4/6@1/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 104.26.13.31, 104.26.12.31, 172.67.75.172, 52.168.117.173
- Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, api.ip.sb.cdn.cloudflare.net, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: vNx9jGoYpb.exe
Time | Type | Description |
---|---|---|
09:54:13 | API Interceptor | |
09:54:19 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
94.228.166.68 | Get hash | malicious | RedLine | Browse | ||
Get hash | malicious | RedLine | Browse | |||
Get hash | malicious | RedLine, Xmrig | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
PRANET-ASRU | Get hash | malicious | RedLine | Browse |
| |
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | RedLine, Xmrig | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Mars Stealer, PureLog Stealer, RedLine, SmokeLoader, Stealc | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | Quasar | Browse |
| ||
Get hash | malicious | Amadey | Browse |
| ||
Get hash | malicious | LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine | Browse |
| ||
Get hash | malicious | Quasar | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_vNx9jGoYpb.exe_1a36ee1e8d866438ce0365ff4a967e6bec3e399_7a62e937_2c513ef4-d8d7-415e-8458-44fe6a175ed7\Report.wer ![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAXCAYAAAARIY8tAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyFpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTQyIDc5LjE2MDkyNCwgMjAxNy8wNy8xMy0wMTowNjozOSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIChXaW5kb3dzKSIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDo1MURGMTcxMEUwMTExMUU3ODcwNkQzRUEzRDEzQkU2NSIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDo1MURGMTcxMUUwMTExMUU3ODcwNkQzRUEzRDEzQkU2NSI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOjUxREYxNzBFRTAxMTExRTc4NzA2RDNFQTNEMTNCRTY1IiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOjUxREYxNzBGRTAxMTExRTc4NzA2RDNFQTNEMTNCRTY1Ii8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+ndzG2gAAA2JJREFUeNq0VVtIlEEU/nZXaTc1txbLMkrFxAuolA+Z3dQgqIdE0dSy1gclezJt1VWrh9TSBzUqKCorMs1L0ENJqV0helBMxTCSykUSzby77pKX7czorr/r6mLggcPMf/453zdz5pwzIoPBgNUUMVZZRJaM0evlUTRUrRArpmpouNIqAYFLaeggdV0hgYbUm0h01kJ0zhK4o9NGwdzJEsF20tRl74B270xDltC2RiZDpEqFTa7bTbbNHh6ISEvj/8xETRhbljtBPqm90JBV8xTa4WF8a2w02b5++oSJ0VGoq2vMCezmMBYTEPNOGpTmHjIHBwz09CyKB7OtXbfOUqhOEVagpROULJVVTCS2tjiafJYrm1vJzBIi4Vg2grTct5THjl2BiM5UQz8xwb8PxsXhc339ciTBDJa0UjyXloWWVsns7XmIjqWk8H29vH0Lz2/eoLmI29g/pktIAWHLJL4yqYo+IheckQAOxMZCVV4BhYuLKU19gvfCOygILp6eszcqlyPk5AmMDQ5C095uTiAn1TECVrGmbbj6+UFVVoag8HA8K7mGvzodnN3dIRaLURgXi8baFzxEM9PTNK9F3b27iL14CbvDj+FHSwuG+/qEJL4iOoZamFqn869AameHJ7mXMdLfj/tdGlxPSsSeiEhMjIxgemoKDooNeFv2GOdpIwlUHyyUx7NzwBrnwyy1kCCHZVExaZfRohsbw920VA5uFL1Wi5E//TicmIgjyckY6u0lsBnTf934OB5dyOG1YdY6iiRf9PopChNLdJZJ3PG3RjMPTs5JxSWccJu3z2wN/OrhlVyZl4vvzc3cZpiZYc7o7+42up6hvtQiEhTaB5aqIoo1XywQB4UCUekZ/ARMXt25g+rCAowNDCwsgHnfjwyLCAwS023IpK00JNEuRHaOjvwS2WIGHpOdjdD4eNSVlqKzqQmHlErYr5fzOUsCiY0NmA+bs8OwrCTwnkXtmk5RSkMCq9SQuBPw3b8P/qFh+NnaigfqTHR3dPB1W728kHDlKtwCAtD65jXa33/Au4pyTE9Ost8PCVxp8T2Y66adxobHct/N3w8tDQ0WKykgjMjb2oQJoSX1NO5+qQdHbd4RVyA5BJ5n7cFZkLYrfNGKrD76tAM9Den/QZBh/lwy+SfAAK5qO2iUYLhmAAAAAElFTkSuQmCC)
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.7037447162233627 |
Encrypted: | false |
SSDEEP: | 96:E7FDkzrY2YsthqYoVyDqdQXIDcQic6zmcETcw3r+HbHg/PB6HeaOy1FhZAX/d5Fn:GRkzr7YTG0cfmJEjG1zuiFgZ24IO8b |
MD5: | BD6A07CE3627F2234FB970A7296B78F5 |
SHA1: | 8FFB86666E78A81970B0B2E135C06C552F72E4BF |
SHA-256: | 383FD0B8ACFB04A0666BD753DCB46E0BACFED6BA7730369BDE15EAB6B9291E15 |
SHA-512: | 0B52750AAD37EA8175F09E25182F2370224DBD90D79DEF18CF98DC0BBC1CD0D41BDF3A05A84D895B4DFF87CF663A206EC82CCD171E76277F22EF06AEBE8D670D |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 47746 |
Entropy (8bit): | 1.8348823001146963 |
Encrypted: | false |
SSDEEP: | 192:bO2knRhMTOaiqrtm2mMSA7aVlSBBq9shDRD7mez5so:1IRhMKaiqr8wSSaPSBBq2DRD7mbo |
MD5: | 9B73885C15F0CA3BD740F77AA1CE9471 |
SHA1: | D02888DA942273B92554ED3686F5FE3D06F7FFEE |
SHA-256: | CF3C66A0E026045921DD4EBA0C4661541CCC199B40A7A4F2C08D4C072EF18CC8 |
SHA-512: | 1DAA6564CAE2082593F9364D75B8637C60BE332E29C4A363158E25493B66D2F49B67940711CB2A2240E6DD63766A8B07902EA1F2853BDC4DA31E2A68B97B56EB |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8356 |
Entropy (8bit): | 3.7014619178035386 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJ3g666YEIMvSUlmgmfQJjei9TprV89btEsf2Pvm:R6lXJw666YERSUlmgmfQJjert3ff |
MD5: | 5E605A1C764B06A3C13EDC31570B0747 |
SHA1: | F54A9523C32132ED5252C49835046905DBA21CD9 |
SHA-256: | CC647131587A8F9FCC41745D5D2049F8E8F270875366FACF823E1398A33BCD62 |
SHA-512: | CE1DB88A3CA3A36431E19120805C52440C569ED4F20843C9D14ECAAE78C2FDD525E4C4483E4BDE58ACC37047EF84941178E9D65278D55467E78226D55270850B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4635 |
Entropy (8bit): | 4.5144663040551185 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zslJg77aI9CVWpW8VYiYm8M4JeNFG+q8WHi+hwad:uIjf/I7ck7V6JVzJwad |
MD5: | 3FAC34151BD2F4D1FB7C24998C3E12FA |
SHA1: | 3C0B5ABDD24ACC08E4FD449CCB9ABEE3256CD3C1 |
SHA-256: | 3D4CE8737E425C32B7435EF8B08BAEC2670EA87B9530EC91543C4A402035352F |
SHA-512: | 2773DEE5B581D4BA83C165053FDFCE9A11147278723935783161C9DD0C7ACEB7DA1BF59F15FED9A438CB553881D69915602BA37F3A239EE0ACE7AF8760E450C0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3094 |
Entropy (8bit): | 5.33145931749415 |
Encrypted: | false |
SSDEEP: | 96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqc85VD:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV |
MD5: | 2A56468A7C0F324A42EA599BF0511FAF |
SHA1: | 404B343A86EDEDF5B908D7359EB8AA957D1D4333 |
SHA-256: | 6398E0BD46082BBC30008BC72A2BA092E0A1269052153D343AA40F935C59957C |
SHA-512: | 19B79181C40AA51C7ECEFCD4C9ED42D5BA19EA493AE99654D3A763EA9B21B1ABE5B5739AAC425E461609E1165BCEA749CFB997DE0D35303B4CF2A29BDEF30B17 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.421578242899919 |
Encrypted: | false |
SSDEEP: | 6144:USvfpi6ceLP/9skLmb0OTMWSPHaJG8nAgeMZMMhA2fX4WABlEnND0uhiTw:fvloTMW+EZMM6DFyp03w |
MD5: | E9F9419110CE37BA6D2B3637D3356656 |
SHA1: | 897FDCA130D74A83B3664026E51AAE7F8A440FAA |
SHA-256: | 0B74A154595F2717DD30C7103CCC114B112EC01FC4AAF646C71998BDEBF7EA6D |
SHA-512: | E96B14000155D538AD04F64B82B3FD2DE7FEC916BE1303D6244AF1B1B68415FEC5EDF3A5874EA63E2DFA94F3584A9F73D698FCDFD365084CC2FFFAD285F35B0B |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.63607553463413 |
TrID: |
|
File name: | vNx9jGoYpb.exe |
File size: | 504'832 bytes |
MD5: | d482d79a7d37a4c18c8c3273f5d8eed1 |
SHA1: | f3bba44877555fd96cb89430e1bc04193b324965 |
SHA256: | f508cbf0d02ffbc85b07ada57b869239fa840e7a4b66234384cf97981ad48ccd |
SHA512: | dd5b9a05a98e2020289647d23d93e56ab5b5ecceafa2c1f616d3b19861b2fe1d0ce1a0921a9858f9ba1939d6219f3c10ac1c365ea15d75fa53dbed5bfa43c776 |
SSDEEP: | 12288:BZkNg8Xo7kMTOZ23kiIeQmXWjt5uOHkCB/Olo8:BWfXC3+m6ukvN |
TLSH: | 8AB4F15174C08073E673157105F8EBB96A7DB9600F629DDF63940BBF4F306C19A329AA |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........@...@...@.......Q...............V....s..R.......G...@........s.......s..X....p..A....p..A...Rich@...................PE..L.. |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x4096e8 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x667AE194 [Tue Jun 25 15:26:12 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | f136198aaa89a879cedc68aa43887034 |
Instruction |
---|
call 00007FCA512C2F65h |
jmp 00007FCA512C2659h |
push ebp |
mov ebp, esp |
jmp 00007FCA512C27EFh |
push dword ptr [ebp+08h] |
call 00007FCA512CC8F4h |
pop ecx |
test eax, eax |
je 00007FCA512C27F1h |
push dword ptr [ebp+08h] |
call 00007FCA512C80A8h |
pop ecx |
test eax, eax |
je 00007FCA512C27C8h |
pop ebp |
ret |
cmp dword ptr [ebp+08h], FFFFFFFFh |
je 00007FCA512C327Bh |
jmp 00007FCA512C3258h |
push ebp |
mov ebp, esp |
push dword ptr [ebp+08h] |
call 00007FCA512C3287h |
pop ecx |
pop ebp |
ret |
jmp 00007FCA512C327Fh |
push ebp |
mov ebp, esp |
mov eax, dword ptr [ebp+08h] |
push esi |
mov ecx, dword ptr [eax+3Ch] |
add ecx, eax |
movzx eax, word ptr [ecx+14h] |
lea edx, dword ptr [ecx+18h] |
add edx, eax |
movzx eax, word ptr [ecx+06h] |
imul esi, eax, 28h |
add esi, edx |
cmp edx, esi |
je 00007FCA512C27FBh |
mov ecx, dword ptr [ebp+0Ch] |
cmp ecx, dword ptr [edx+0Ch] |
jc 00007FCA512C27ECh |
mov eax, dword ptr [edx+08h] |
add eax, dword ptr [edx+0Ch] |
cmp ecx, eax |
jc 00007FCA512C27EEh |
add edx, 28h |
cmp edx, esi |
jne 00007FCA512C27CCh |
xor eax, eax |
pop esi |
pop ebp |
ret |
mov eax, edx |
jmp 00007FCA512C27DBh |
push esi |
call 00007FCA512C323Ah |
test eax, eax |
je 00007FCA512C2802h |
mov eax, dword ptr fs:[00000018h] |
mov esi, 0047BC90h |
mov edx, dword ptr [eax+04h] |
jmp 00007FCA512C27E6h |
cmp edx, eax |
je 00007FCA512C27F2h |
xor eax, eax |
mov ecx, edx |
lock cmpxchg dword ptr [esi], ecx |
test eax, eax |
jne 00007FCA512C27D2h |
xor al, al |
pop esi |
ret |
mov al, 01h |
pop esi |
ret |
push ebp |
mov ebp, esp |
cmp dword ptr [ebp+00h], 00000000h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2d9ac | 0x50 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x7d000 | 0x2128 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x2aea8 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x2af00 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x2ade8 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x23000 | 0x178 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x203f2 | 0x20400 | 9473287c1fe4059f1514c7787f3ece57 | False | 0.5629163638565892 | data | 6.611692103874533 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.BsS | 0x22000 | 0xd6d | 0xe00 | 2572b8942a979da57343434c1e4e0632 | False | 0.6286272321428571 | data | 6.282939700332608 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x23000 | 0xb27a | 0xb400 | a70f64d7c80ffeeddfb7285a98baa833 | False | 0.3773220486111111 | data | 4.750154549509226 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x2f000 | 0x4d794 | 0x4c800 | 2fc2b93dbd13b37ad468841543077a78 | False | 0.9821569904003268 | data | 7.986719830071589 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.reloc | 0x7d000 | 0x2128 | 0x2200 | f6df81272670eba3816cae105c1f858a | False | 0.7370174632352942 | data | 6.502574913596294 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
DLL | Import |
---|---|
GDI32.dll | Polyline |
USER32.dll | OffsetRect |
KERNEL32.dll | CreateFileW, HeapSize, GetProcessHeap, SetStdHandle, WaitForSingleObject, CreateThread, VirtualAlloc, RaiseException, InitOnceBeginInitialize, InitOnceComplete, CloseHandle, GetCurrentThreadId, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, TryAcquireSRWLockExclusive, WakeAllConditionVariable, SleepConditionVariableSRW, GetLastError, FreeLibraryWhenCallbackReturns, CreateThreadpoolWork, SubmitThreadpoolWork, CloseThreadpoolWork, GetModuleHandleExW, IsProcessorFeaturePresent, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, QueryPerformanceCounter, EncodePointer, DecodePointer, MultiByteToWideChar, WideCharToMultiByte, LCMapStringEx, GetSystemTimeAsFileTime, GetModuleHandleW, GetProcAddress, GetStringTypeW, GetCPInfo, GetCurrentProcessId, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, GetCurrentProcess, TerminateProcess, SetEnvironmentVariableW, RtlUnwind, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetCommandLineA, GetCommandLineW, HeapFree, HeapAlloc, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileType, GetFileSizeEx, SetFilePointerEx, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, ReadConsoleW, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, WriteConsoleW |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
07/03/24-15:54:07.024325 | TCP | 2046045 | ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
07/03/24-15:54:15.837322 | TCP | 2043231 | ET TROJAN Redline Stealer TCP CnC Activity | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
07/03/24-15:54:07.229078 | TCP | 2043234 | ET MALWARE Redline Stealer TCP CnC - Id1Response | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 3, 2024 15:54:06.150033951 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:06.155586004 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:06.155678034 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:06.168623924 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:06.175039053 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:06.988864899 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:07.024324894 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:07.029252052 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:07.229078054 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:07.283124924 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:12.286501884 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:12.291682005 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:12.495115995 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:12.495276928 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:12.495290995 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:12.495352030 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:12.496294022 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:12.496306896 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:12.496355057 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:12.497194052 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:12.497245073 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.950463057 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.955677032 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.955698013 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.955705881 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.955713987 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.955723047 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.955759048 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.955768108 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.955801010 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.955809116 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.955816984 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.955817938 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.955830097 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.955848932 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.955862045 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.955890894 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.960709095 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.960716963 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.960788012 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.960836887 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.960845947 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.960853100 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.960860968 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.960867882 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.960875988 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.960887909 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.960894108 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.960954905 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.960983038 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.960990906 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.961044073 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.965687990 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.965755939 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.965877056 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.965958118 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.965964079 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.966007948 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.966104984 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.966253996 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.966262102 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.966265917 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.966274023 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.966312885 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.966413975 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.971451998 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.971491098 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.971506119 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.971534014 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.971585035 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.971615076 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.971622944 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.971664906 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.971673012 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.971679926 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.971709967 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.971724987 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.971724987 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.971733093 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.971740007 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.971756935 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.971769094 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.971795082 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.971802950 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.971807003 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.971822023 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.971831083 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.971846104 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.971846104 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.971869946 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.971889973 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.971894979 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.971908092 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.971914053 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.971942902 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.971945047 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.971976995 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.971986055 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972018957 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972026110 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972033024 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972157955 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972166061 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972168922 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972172022 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972258091 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972271919 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972279072 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972307920 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972315073 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972321987 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972328901 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972337008 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972346067 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972551107 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972558975 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972565889 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972573042 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972582102 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972585917 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972593069 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972595930 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972603083 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972609997 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972618103 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972625971 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972755909 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.972819090 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.972897053 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972906113 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972913980 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972917080 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972923994 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.972930908 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.976407051 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.976516962 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.976684093 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.976691961 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.976861954 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.976869106 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.976886034 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.976893902 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.976910114 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.977215052 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.977222919 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.977284908 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.977293015 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.977341890 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.977413893 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.977421045 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.977505922 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.977514029 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.977516890 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.977524042 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.977528095 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.977621078 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.977628946 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.977636099 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.977643013 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.977763891 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.977771997 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.977775097 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.977777958 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.977849960 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.977857113 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.977864027 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.977871895 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.977875948 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.977907896 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.977916956 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.977926970 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.978152990 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.978203058 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.978625059 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.978634119 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.978704929 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.978713036 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.978781939 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.978790045 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.978805065 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.978811979 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.978826046 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.978833914 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.978888035 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.978895903 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.979058027 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.979067087 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.979106903 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.979115009 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.979130983 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.979137897 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.979151964 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.979160070 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.979197025 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.979217052 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.979249001 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.979257107 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.979376078 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.979382992 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.979387045 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.979389906 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.979393959 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.979402065 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.981334925 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.981343031 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.981345892 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.981348991 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.981355906 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.981364012 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.981373072 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.981380939 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.981386900 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.981395006 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.981401920 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.981410027 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.981412888 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.981421947 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.981430054 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.981432915 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.981436014 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.981439114 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.981445074 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.981453896 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.981462002 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.981470108 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.981477022 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983108997 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983117104 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983195066 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983201981 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983210087 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983218908 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983234882 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983242035 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983249903 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983257055 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983266115 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983289957 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983299017 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983308077 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983315945 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983375072 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983382940 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983390093 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983397961 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983406067 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983488083 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983495951 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983499050 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.983504057 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983511925 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983519077 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983521938 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983530998 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983537912 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983546972 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983549118 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.983555079 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983601093 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983608961 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983612061 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983618975 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983627081 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983634949 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983643055 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983649969 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983664989 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983673096 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983761072 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983768940 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983772039 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983774900 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983791113 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983803988 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983817101 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983870983 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983879089 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983886003 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983917952 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983926058 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.983961105 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.988522053 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.988529921 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.988543987 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.988552094 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.988564968 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.988573074 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.988624096 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.988640070 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.988693953 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.988703012 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.988771915 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.988780022 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.988782883 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.988791943 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.988799095 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.988846064 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.988852978 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.988854885 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.988859892 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.988868952 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.988876104 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.988903999 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.988903999 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.988912106 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.988979101 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.988986969 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.988991022 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.988997936 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.989001036 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.989007950 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.989087105 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.989095926 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.989103079 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.989106894 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.989114046 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.989120960 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.989170074 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.989178896 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.989182949 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.989186049 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.989192963 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.989200115 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.989207029 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.989221096 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.989228964 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.989234924 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.989360094 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.989368916 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.989372015 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.989408970 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.989463091 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.989470959 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.989485025 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.989491940 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.989510059 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.993808031 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.993895054 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.993901968 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.993911028 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.993917942 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.993926048 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.993953943 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994007111 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.994009972 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994050980 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.994112968 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994122028 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994124889 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994132042 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994141102 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994158030 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994165897 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994174957 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994182110 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994189978 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994231939 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994240046 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994380951 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994388103 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994395018 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994401932 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994417906 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994426012 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994432926 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994440079 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994493008 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994502068 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994556904 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994565010 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994573116 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994580030 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994595051 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994607925 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994617939 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994651079 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994658947 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994797945 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994806051 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994813919 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994824886 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994833946 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994839907 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994843006 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994854927 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994862080 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994870901 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994879007 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994893074 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994900942 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.994909048 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.998972893 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.998981953 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.998987913 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.998996973 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.999059916 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.999068022 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.999126911 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.999181986 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.999190092 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.999205112 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.999217033 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.999238014 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.999243021 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.999250889 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.999290943 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:14.999325037 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.999332905 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.999336004 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.999344110 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:14.999351978 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:15.044756889 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:15.044995070 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:15.045061111 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:15.045061111 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:15.045109987 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:15.049845934 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:15.049977064 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:15.050004005 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:15.050034046 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:15.050043106 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:15.050101995 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:15.050112009 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:15.050178051 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:15.050188065 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:15.050239086 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:15.050249100 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:15.050257921 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:15.050287008 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:15.050414085 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:15.050424099 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:15.050515890 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:15.050524950 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:15.050605059 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:15.050615072 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:15.050699949 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:15.050709009 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:15.094460011 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:15.094589949 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:15.133459091 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:15.836643934 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:15.837321997 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Jul 3, 2024 15:54:15.842201948 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:16.153192997 CEST | 80 | 49705 | 94.228.166.68 | 192.168.2.5 |
Jul 3, 2024 15:54:16.173845053 CEST | 49705 | 80 | 192.168.2.5 | 94.228.166.68 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 3, 2024 15:54:12.681226015 CEST | 57796 | 53 | 192.168.2.5 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jul 3, 2024 15:54:12.681226015 CEST | 192.168.2.5 | 1.1.1.1 | 0xca1a | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 3, 2024 15:54:12.688406944 CEST | 1.1.1.1 | 192.168.2.5 | 0xca1a | No error (0) | api.ip.sb.cdn.cloudflare.net | CNAME (Canonical name) | IN (0x0001) | false |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49705 | 94.228.166.68 | 80 | 2700 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 3, 2024 15:54:06.168623924 CEST | 37 | OUT | |
Jul 3, 2024 15:54:06.988864899 CEST | 1 | IN | |
Jul 3, 2024 15:54:07.024324894 CEST | 202 | OUT | |
Jul 3, 2024 15:54:07.229078054 CEST | 142 | IN | |
Jul 3, 2024 15:54:12.286501884 CEST | 154 | OUT | |
Jul 3, 2024 15:54:12.495115995 CEST | 1236 | IN | |
Jul 3, 2024 15:54:12.495276928 CEST | 1236 | IN | |
Jul 3, 2024 15:54:12.495290995 CEST | 1236 | IN | |
Jul 3, 2024 15:54:12.496294022 CEST | 1236 | IN | |
Jul 3, 2024 15:54:12.496306896 CEST | 1236 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 1 |
Start time: | 09:53:58 |
Start date: | 03/07/2024 |
Path: | C:\Users\user\Desktop\vNx9jGoYpb.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe00000 |
File size: | 504'832 bytes |
MD5 hash: | D482D79A7D37A4C18C8C3273F5D8EED1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 09:53:58 |
Start date: | 03/07/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9e0000 |
File size: | 65'440 bytes |
MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 09:54:01 |
Start date: | 03/07/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf70000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 1.9% |
Dynamic/Decrypted Code Coverage: | 0.6% |
Signature Coverage: | 3.2% |
Total number of Nodes: | 1053 |
Total number of Limit Nodes: | 4 |
Graph
Function 013E018D Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 282threadinjectionmemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E228F0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 214synchronizationthreadCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E144AB Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E22BA0 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E1CEE5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E1C756 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E09F26 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E0944C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27timeCOMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E1CB69 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E14F6B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E09C45 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E19BD3 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E1CDBC Relevance: 1.6, APIs: 1, Instructions: 83COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E1CFEB Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E1C951 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E0A082 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E1D31C Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E151C2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E11F18 Relevance: .0, Instructions: 12COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E09407 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 19libraryloaderCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E0CDA8 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E1830B Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298COMMONLIBRARYCODE
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E090DD Relevance: 12.2, APIs: 8, Instructions: 175COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E14C0E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E0753D Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E11F3A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 42libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E0CB51 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 168COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E164EC Relevance: 7.7, APIs: 5, Instructions: 202COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E07029 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E0DB32 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E04740 Relevance: 6.2, APIs: 4, Instructions: 169COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E05B50 Relevance: 6.1, APIs: 4, Instructions: 133COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E19990 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E11164 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E1A926 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E0D14D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E075CA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E023C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00E14E6C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Execution Graph
Execution Coverage: | 15.2% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 3.3% |
Total number of Nodes: | 120 |
Total number of Limit Nodes: | 5 |
Graph
Function 060FEA18 Relevance: 8.3, Strings: 6, Instructions: 779COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0A010D30 Relevance: 5.5, Strings: 4, Instructions: 496COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0A011898 Relevance: 5.3, Strings: 4, Instructions: 271COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0A0103D8 Relevance: 2.7, Strings: 2, Instructions: 219COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060E39C0 Relevance: 2.7, Strings: 2, Instructions: 202COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060E8548 Relevance: 1.6, APIs: 1, Instructions: 60libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0A0166F8 Relevance: 1.4, Strings: 1, Instructions: 181COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FC618 Relevance: 2.8, Strings: 2, Instructions: 289COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FF618 Relevance: 2.7, Strings: 2, Instructions: 225COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0518AE30 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0A0173D0 Relevance: 1.7, APIs: 1, Instructions: 175COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0A017488 Relevance: 1.6, APIs: 1, Instructions: 140windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05184248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05185935 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0518A858 Relevance: 1.6, APIs: 1, Instructions: 81libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F5250 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0518C9A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0518D2F9 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0518A870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0518B2A0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0A01A25A Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0A017580 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0518B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060E589C Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060E8298 Relevance: 1.5, APIs: 1, Instructions: 43comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F22C0 Relevance: 1.4, Strings: 1, Instructions: 165COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F0040 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FD9A0 Relevance: 1.4, Strings: 1, Instructions: 145COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F8078 Relevance: 1.4, Strings: 1, Instructions: 144COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FA978 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FC050 Relevance: .4, Instructions: 411COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F6689 Relevance: .4, Instructions: 407COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F0660 Relevance: .4, Instructions: 406COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F6698 Relevance: .4, Instructions: 403COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FB258 Relevance: .4, Instructions: 381COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F71F0 Relevance: .4, Instructions: 358COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F6258 Relevance: .3, Instructions: 339COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F7830 Relevance: .3, Instructions: 316COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FC041 Relevance: .3, Instructions: 308COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F84A8 Relevance: .3, Instructions: 302COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FB246 Relevance: .3, Instructions: 260COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F5B28 Relevance: .2, Instructions: 233COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F4830 Relevance: .2, Instructions: 233COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F5FB0 Relevance: .2, Instructions: 212COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F3300 Relevance: .2, Instructions: 205COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F2080 Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F6247 Relevance: .2, Instructions: 172COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FADF0 Relevance: .2, Instructions: 169COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FCC80 Relevance: .2, Instructions: 167COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F0651 Relevance: .2, Instructions: 163COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F5B19 Relevance: .2, Instructions: 158COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FD6F7 Relevance: .2, Instructions: 157COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F0DB1 Relevance: .1, Instructions: 139COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F0DC0 Relevance: .1, Instructions: 137COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FA710 Relevance: .1, Instructions: 117COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FA720 Relevance: .1, Instructions: 117COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FD800 Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F0007 Relevance: .1, Instructions: 111COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F634D Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F16D8 Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F1518 Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F1509 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0294D3D8 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F2550 Relevance: .1, Instructions: 74COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F521B Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FA270 Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0295D01C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FF970 Relevance: .1, Instructions: 71COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F1070 Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F2560 Relevance: .1, Instructions: 67COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F0F78 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F5660 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0295D005 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F5098 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0294D3D3 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FEA0A Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F0520 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FDF8A Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F5651 Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FDF98 Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FE980 Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F0530 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FE8D2 Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F76A8 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FCE50 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0294D655 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FA6A0 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FEB38 Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FE8E0 Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F05E0 Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FA630 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F769D Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FA6B0 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F781F Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F76B8 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0294D654 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FA640 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F05F0 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F16C7 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F4FF2 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FFA29 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FA969 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F1679 Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FFD17 Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F3F60 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FFD28 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F5000 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FFA38 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F6C77 Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F5313 Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F60A8 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F3F70 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F6C88 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FA8E8 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FA610 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F14D9 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F015E Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060E3C92 Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0A013340 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0A01839C Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|