Windows
Analysis Report
inquiry for AP-103- FM-2400 project.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- inquiry for AP-103- FM-2400 project.exe (PID: 7316 cmdline:
"C:\Users\ user\Deskt op\inquiry for AP-10 3- FM-2400 project.e xe" MD5: 965690B2881041A12B0B63D8D68BE854) - conhost.exe (PID: 7324 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - RegSvcs.exe (PID: 7452 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\reg svcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94) - RegSvcs.exe (PID: 7460 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\reg svcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94) - WerFault.exe (PID: 7540 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 7 316 -s 101 6 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
RedLine Stealer | RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer. | No Attribution |
{"C2 url": ["212.162.149.77:1912"], "Bot Id": "Vip-Data", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine_1 | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 6 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
Timestamp: | 07/12/24-09:53:06.619207 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 1912 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/12/24-09:52:59.543201 |
SID: | 2043234 |
Source Port: | 1912 |
Destination Port: | 49730 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/12/24-09:53:04.717651 |
SID: | 2046056 |
Source Port: | 1912 |
Destination Port: | 49730 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/12/24-09:52:59.414591 |
SID: | 2046045 |
Source Port: | 49730 |
Destination Port: | 1912 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Exploits |
---|
Source: | File source: | ||
Source: | File source: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_00007FFD9B978A48 | |
Source: | Code function: | 0_2_00007FFD9B979250 | |
Source: | Code function: | 0_2_00007FFD9B97E979 | |
Source: | Code function: | 0_2_00007FFD9B9747F5 | |
Source: | Code function: | 0_2_00007FFD9B98C7C1 | |
Source: | Code function: | 0_2_00007FFD9B97BEF0 | |
Source: | Code function: | 0_2_00007FFD9B98A697 | |
Source: | Code function: | 0_2_00007FFD9B984E9F | |
Source: | Code function: | 0_2_00007FFD9B9803AF | |
Source: | Code function: | 0_2_00007FFD9BA503E0 | |
Source: | Code function: | 2_2_00A8DC74 | |
Source: | Code function: | 2_2_028C8B20 | |
Source: | Code function: | 2_2_028C0007 | |
Source: | Code function: | 2_2_028C0040 | |
Source: | Code function: | 2_2_028C8B10 |
Source: | Process created: |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00007FFD9B987B2F | |
Source: | Code function: | 0_2_00007FFD9B977C5D | |
Source: | Code function: | 0_2_00007FFD9B987B2F | |
Source: | Code function: | 0_2_00007FFD9B977C6D | |
Source: | Code function: | 0_2_00007FFD9BA50312 | |
Source: | Code function: | 2_2_028CD731 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File source: |
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | WMI Queries: |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory allocated: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 221 Windows Management Instrumentation | 1 DLL Side-Loading | 311 Process Injection | 1 Masquerading | 1 OS Credential Dumping | 341 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 241 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 3 Data from Local System | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 241 Virtualization/Sandbox Evasion | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 311 Process Injection | NTDS | 113 System Information Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
26% | ReversingLabs | Win64.Trojan.CrypterX | ||
34% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
212.162.149.77 | unknown | Netherlands | 64236 | UNREAL-SERVERSUS | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1472089 |
Start date and time: | 2024-07-12 09:51:52 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 15s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | inquiry for AP-103- FM-2400 project.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.expl.evad.winEXE@7/6@0/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 13.89.179.12
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
Time | Type | Description |
---|---|---|
03:53:04 | API Interceptor | |
03:53:13 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
UNREAL-SERVERSUS | Get hash | malicious | RedLine | Browse |
| |
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos, PureLog Stealer | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_inquiry for AP-1_cdfe5c582c65621baa53dccb9fe1927a395898b_5d35286c_ccdce3e4-8663-4d4b-a58a-a2b8687938ba\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.0198486655947558 |
Encrypted: | false |
SSDEEP: | 192:N2uEnX250UnUlaWBNwnTzuiFxZ24lO8l:gdnXLUnUlamNwTzuiFxY4lO8l |
MD5: | 35D4838C425A747DB7A0BECB6E883413 |
SHA1: | F2ADCE27C1B5FEEB80330686D8ED240D537ADAC4 |
SHA-256: | 8AD0DB44F05F634885EC749AC2BA91C6D2CC8AB595D29BEB95358616687BDC51 |
SHA-512: | 059B887EEC87BAC4CCD6985C4D73B6D46D4E5BAE857622D09A5111FE6A3F3E9BF7CBA0560947730DB0A9763DDB974EA987E0F97403E1CE9511C50BF6607E6EFC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 396459 |
Entropy (8bit): | 3.2858093052068784 |
Encrypted: | false |
SSDEEP: | 3072:+8adhHg4Mx2p3+vaZqKPZCDU+qqq6lZJJ9tnOwlP4nQ6rWoiracSjRO1CCqjj+y:dA223Qog9tOy8Tqqj |
MD5: | 2DA359AA9727A0CAF1A01FDE1A5A3202 |
SHA1: | 0CA1EB17FC70F349AA0223BBD4196252B9233D26 |
SHA-256: | 906005AF4A6F91015F3ED0793A34083B6F5336F029F1034E044A330A19137DDE |
SHA-512: | F6CB2C87E1597273553C160D42F08E7AF53CA1B1C91C852EADDADBEAD34D659B7DCF12D38C43CE14C3F3116BB6CD7EE47FC6B0FC5516325EC478B17A47720FF5 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8906 |
Entropy (8bit): | 3.7159491870289267 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJmucm6Y9OmuhgmfB6JAprZ89bIWqfwYm:R6lXJ3cm6YkmwgmfBiDIDfW |
MD5: | 26357B1FCAC7C8F4CA2A65D3B2A04ADD |
SHA1: | A3F8A32928F5051428E7BE972A859B4AB9C9A0F9 |
SHA-256: | 6F71BC10E47800D0A6002980C2DDB8E44373DDEF5D04E5BD1F09711F0CE19AD4 |
SHA-512: | BBD912D4DB503115E072F2A609FF042B4A15CFD03F67FA5E98E67B65BB8992CFFE37E1CF6AC9C21C025224AB37DEEC429CB7010F7E1C698FBEB5469A9C055EDB |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4898 |
Entropy (8bit): | 4.55915780130248 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsfJg771I96qSWpW8VYUYm8M4JuViAFkInyq8547lt/2jd:uIjfBI7Rqz7VwJuIYnh2jd |
MD5: | BA5CF29B7BB0F6569C76F1FBA9EA7819 |
SHA1: | 0EB413F9777F61C7A0560B092EBC8FD0FF1CD14B |
SHA-256: | 3BD9A83DFC240857AC1C7B603018550761F421D505F91517B122CFD442D00BEB |
SHA-512: | 1F4F6E8123A3BB8ECC8B41F9005BC147E1E5307CEFBF779E33E36350F8C078B948374A1D698AF0611C17B65D59E3D2854BD93CC91AB903A0070ACC82C6CFD87B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3094 |
Entropy (8bit): | 5.33145931749415 |
Encrypted: | false |
SSDEEP: | 96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV |
MD5: | 3FD5C0634443FB2EF2796B9636159CB6 |
SHA1: | 366DDE94AEFCFFFAB8E03AD8B448E05D7489EB48 |
SHA-256: | 58307E94C67E2348F5A838DE4FF668983B38B7E9A3B1D61535D3A392814A57D6 |
SHA-512: | 8535E7C0777C6B0876936D84BDE2BDC59963CF0954D4E50D65808E6E806E8B131DF5DB8FA0E030FAE2702143A7C3A70698A2B9A80519C9E2FFC286A71F0B797C |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.466232579049025 |
Encrypted: | false |
SSDEEP: | 6144:WIXfpi67eLPU9skLmb0b42WSPKaJG8nAgejZMMhA2gX4WABl0uNBdwBCswSbO:bXD942WlLZMM6YFH7+O |
MD5: | 640E21583EC710FF72248917D7B93C3B |
SHA1: | E1775F11329571637CF627B221081540900EFCC1 |
SHA-256: | C910C2EA032E0580B9896C11B4BA68D6A7C2C27A9CD21639448EE88E49230F75 |
SHA-512: | 65452F69C5B66D2108A706976DB5DC354455595649BE34B92935D7D607B7121A901E25990588311E902CBAA58E53DA01A836F4868DDACAE94A801852CEA498F5 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 5.160737257448162 |
TrID: |
|
File name: | inquiry for AP-103- FM-2400 project.exe |
File size: | 2'237'025 bytes |
MD5: | 965690b2881041a12b0b63d8d68be854 |
SHA1: | 86ab14ecf043d8efd1133a89623c6ea808e710a6 |
SHA256: | b7585402d354395dd4cb9031486b62c65856189cdf27ebf5e0a9a3685970f187 |
SHA512: | 1f3163a0d135f48695d7e8486925ba68a5a0ba1561d1482360d0fe707e53fa81420cb10db8f8fe789ebf3433dedc2ac8022fd2c67326913e52df3de4195c3e93 |
SSDEEP: | 12288:pJZ0sqcLkZ45tofQaRqlbnw3P3U5rV5vMPxY5ByvyOIGsm+qt1ahWQ9HeZZY:prXqt4/2qVw3P3Ar7vMPurWSqtUh/9QY |
TLSH: | 4EA52205752B5E2BFDD69178C9D231F06AFC8D4B74F3862FCF21AE99999067C0462231 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...l7.f.........."...0..Z............... ....@...... ....................................`................................ |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x400000 |
Entrypoint Section: | |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x6690376C [Thu Jul 11 19:50:04 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: |
Instruction |
---|
dec ebp |
pop edx |
nop |
add byte ptr [ebx], al |
add byte ptr [eax], al |
add byte ptr [eax+eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x8000 | 0x94c | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2000 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x5af4 | 0x5c00 | 96259cd4db7dc87c48e1b047ba00df1b | False | 0.6411345108695652 | data | 6.4126909199382025 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x8000 | 0x94c | 0xa00 | 742d7f7cdaf91dbd290c33727a1ba9b7 | False | 0.304296875 | data | 4.349672557298644 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x80b8 | 0x354 | data | 0.5 | ||
RT_VERSION | 0x840c | 0x354 | data | English | United States | 0.5011737089201878 |
RT_MANIFEST | 0x8760 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5489795918367347 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
07/12/24-09:53:06.619207 | TCP | 2043231 | ET TROJAN Redline Stealer TCP CnC Activity | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
07/12/24-09:52:59.543201 | TCP | 2043234 | ET MALWARE Redline Stealer TCP CnC - Id1Response | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
07/12/24-09:53:04.717651 | TCP | 2046056 | ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
07/12/24-09:52:59.414591 | TCP | 2046045 | ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 12, 2024 09:52:58.849031925 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:52:58.854119062 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:52:58.854195118 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:52:58.879981995 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:52:58.884813070 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:52:59.378573895 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:52:59.414591074 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:52:59.419624090 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:52:59.543200970 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:52:59.584455967 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:04.587898970 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:04.593123913 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:04.717650890 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:04.717694044 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:04.717713118 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:04.717731953 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:04.717750072 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:04.717749119 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:04.717788935 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:04.771933079 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.888566017 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.894408941 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.894452095 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.894485950 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.894504070 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.894517899 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.894525051 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.894548893 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.894550085 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.894563913 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.894592047 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.894596100 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.894634962 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.894684076 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.894731045 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.894757032 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.894785881 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.894802094 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.894833088 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.894915104 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.894963980 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.899696112 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.899727106 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.899749994 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.899756908 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.899776936 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.899797916 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.899810076 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.899840117 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.899857044 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.899869919 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.899888039 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.899898052 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.899910927 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.899945021 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.899961948 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.899991035 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.900017023 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.900028944 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.900044918 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.900073051 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.900089979 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.900105953 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.900142908 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.900157928 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.905313969 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.905412912 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.905447960 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.905515909 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.905564070 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.905577898 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.905606985 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.905611992 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.905621052 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.905635118 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.905649900 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.905663013 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.905716896 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.905729055 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.905735016 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.905740023 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.905747890 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.905752897 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.905756950 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.905761957 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.905796051 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.905841112 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.910077095 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.910096884 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.910142899 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.910334110 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.910397053 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.910399914 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.910415888 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.910429955 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.910443068 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.910444021 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.910464048 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.910495996 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.910602093 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.910617113 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.910629034 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.910651922 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.910670042 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.910806894 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.910823107 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.910849094 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.910861969 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.910861969 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.910881996 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.910943985 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.910958052 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.910970926 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.910995960 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911010027 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911065102 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911092997 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911107063 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911119938 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911133051 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911160946 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911174059 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911238909 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911252975 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911266088 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911278963 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911324024 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911336899 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911350965 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911375999 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911389112 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911416054 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911428928 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911478043 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911490917 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911529064 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911540985 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911583900 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911597013 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911612034 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911673069 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911705017 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.911709070 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911748886 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911784887 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.911812067 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911825895 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911861897 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911875963 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911946058 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.911959887 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.912074089 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.912086964 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.912100077 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.912112951 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.912137985 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.912151098 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.912175894 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.912189007 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.912204981 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.912261009 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.912275076 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.912287951 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.912303925 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.915076017 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.915343046 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.915380955 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.915395021 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.915409088 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.915729046 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.915767908 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.915880919 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.915894985 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.917156935 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.917201042 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.917213917 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.917227030 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.917278051 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.917294025 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.917321920 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.917335033 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.917347908 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.917362928 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.917480946 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.917494059 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.917507887 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.917521954 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.917562962 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.917577028 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.917824984 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.917840004 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.917853117 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.917866945 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.917893887 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.917907000 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.917921066 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.917944908 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918054104 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.918057919 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918113947 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.918148041 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918162107 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918195963 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918209076 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918245077 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918256998 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918272972 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918317080 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918332100 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918364048 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918406963 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918420076 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918443918 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918467999 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918481112 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918576002 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918589115 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918603897 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918616056 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918628931 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918654919 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918704987 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918879986 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918893099 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918905973 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918920994 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918932915 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918946028 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918958902 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918984890 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.918997049 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.919009924 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.919035912 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.919048071 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.919074059 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.919086933 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.919101954 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.919115067 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.919141054 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.919153929 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.919167995 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.919181108 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.919208050 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.919220924 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.919233084 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.923477888 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.923494101 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.923672915 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.923727036 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.923748016 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.923763990 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924165010 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924212933 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924226999 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924252987 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924267054 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924278975 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924329042 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924343109 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924367905 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924380064 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924439907 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924453974 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924524069 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924537897 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924552917 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924581051 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924597025 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924609900 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924633980 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924649000 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924662113 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924674988 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924700975 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924714088 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924743891 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924756050 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924771070 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924784899 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924810886 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924823999 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924851894 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924865007 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924881935 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.924896002 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.925008059 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.925020933 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.925034046 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.925046921 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.925060034 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.925271034 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.925283909 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.925311089 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.925323963 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.925406933 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.925420046 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.925434113 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.925451040 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.925476074 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.925487995 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.928751945 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.928786993 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.928798914 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.928813934 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.928838015 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.928850889 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.928936958 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.928951025 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.928955078 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.928962946 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.928977966 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929006100 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929013014 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.929019928 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929047108 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929059982 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929073095 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929086924 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929198027 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929209948 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929224014 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929236889 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929250002 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929263115 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929297924 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929311037 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929325104 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929337025 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929349899 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929382086 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929439068 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929451942 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929466009 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929478884 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929497957 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929512024 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929536104 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929548979 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929584026 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929596901 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929639101 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929651976 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929686069 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929698944 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929711103 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929723024 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929764986 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929780006 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929792881 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929819107 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929831028 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929843903 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929928064 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929939985 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.929954052 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934237957 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934252024 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934266090 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934278965 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934303999 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934317112 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934329033 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934341908 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934354067 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934366941 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934392929 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934406042 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934418917 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934432030 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934447050 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934526920 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934540033 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934555054 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934617043 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.934632063 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934644938 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934724092 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.934760094 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934772968 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934786081 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934834957 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934930086 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934945107 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934968948 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934982061 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.934994936 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.935007095 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.935035944 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.935049057 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.935062885 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.935086966 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.935100079 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.935112953 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.935137987 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.935149908 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.935163975 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.935175896 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.935194969 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.935221910 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.935235023 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.935261011 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.935273886 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.935286999 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.935312033 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.935324907 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.935338974 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.935364962 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.935396910 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.935445070 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.935456991 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.939591885 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.939812899 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.939827919 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.939841986 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.939889908 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.939908981 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.939922094 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.940320015 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.940426111 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.940490007 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.940505028 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.940521002 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.940589905 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.940679073 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.940692902 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.940707922 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.940720081 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.940887928 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.940901041 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.940924883 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.940937996 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.940996885 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.941009998 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.941083908 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.941097975 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.941121101 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.941133022 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.941160917 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.941174030 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.941236019 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.941250086 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.941288948 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.941303015 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.941390038 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.959403038 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.964298010 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.964766026 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.964881897 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.964881897 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.964936018 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:05.969867945 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.969882011 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.969903946 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.969917059 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.969944954 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.969957113 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.970036983 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.970050097 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.970092058 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.970104933 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.970117092 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.970129013 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.970143080 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.970155954 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.970232010 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:05.986135006 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:06.618463039 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:06.619206905 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Jul 12, 2024 09:53:06.624075890 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:06.748393059 CEST | 1912 | 49730 | 212.162.149.77 | 192.168.2.4 |
Jul 12, 2024 09:53:06.783819914 CEST | 49730 | 1912 | 192.168.2.4 | 212.162.149.77 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 03:52:50 |
Start date: | 12/07/2024 |
Path: | C:\Users\user\Desktop\inquiry for AP-103- FM-2400 project.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x28365550000 |
File size: | 2'237'025 bytes |
MD5 hash: | 965690B2881041A12B0B63D8D68BE854 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 03:52:50 |
Start date: | 12/07/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 03:52:56 |
Start date: | 12/07/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x460000 |
File size: | 45'984 bytes |
MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 03:52:56 |
Start date: | 12/07/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Wow64 process (32bit): | |
Commandline: | |
Imagebase: | |
File size: | 45'984 bytes |
MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 6 |
Start time: | 03:52:56 |
Start date: | 12/07/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff64d3f0000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 11.1% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 6 |
Total number of Limit Nodes: | 0 |
Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B9803AF Relevance: 1.6, Instructions: 1566COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B984E9F Relevance: .2, Instructions: 165COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9BA50001 Relevance: .4, Instructions: 420COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9BA51210 Relevance: .1, Instructions: 113COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9BA50A04 Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 10% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 99 |
Total number of Limit Nodes: | 8 |
Graph
Function 00A8D0A8 Relevance: 6.1, APIs: 4, Instructions: 133threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A8D0B8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A8AE30 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028C1CE4 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028C1CF0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028C0BFC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A84248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A85935 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A8D2F9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A8D300 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A8A870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A8B2A0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A8B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A2D1FC Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A2D4C4 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A2D3D8 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A3D01C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A2D1F7 Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A2D4BF Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A2D3D3 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A3D017 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A2D655 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A2D654 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|