Windows
Analysis Report
new order 00041221.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- new order 00041221.exe (PID: 1000 cmdline:
"C:\Users\ user\Deskt op\new ord er 0004122 1.exe" MD5: F0C82F395D37FA87114CA7EF075695C8) - new order 00041221.exe (PID: 5292 cmdline:
"C:\Users\ user\Deskt op\new ord er 0004122 1.exe" MD5: F0C82F395D37FA87114CA7EF075695C8)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_VIPKeylogger | Yara detected VIP Keylogger | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown |
| |
Click to see the 17 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_VIPKeylogger | Yara detected VIP Keylogger | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
Click to see the 28 entries |
System Summary |
---|
Source: | Author: frack113: |
Timestamp: | 2024-07-26T09:03:24.118819+0200 |
SID: | 2803305 |
Source Port: | 49720 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Unknown Traffic |
Timestamp: | 2024-07-26T09:03:09.919075+0200 |
SID: | 2803305 |
Source Port: | 49706 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Unknown Traffic |
Timestamp: | 2024-07-26T09:03:45.702091+0200 |
SID: | 2022930 |
Source Port: | 443 |
Destination Port: | 55797 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-26T09:03:10.643717+0200 |
SID: | 2803274 |
Source Port: | 49707 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 2024-07-26T09:03:09.300053+0200 |
SID: | 2803274 |
Source Port: | 49702 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 2024-07-26T09:03:24.465395+0200 |
SID: | 2022930 |
Source Port: | 443 |
Destination Port: | 49717 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-26T09:03:06.940575+0200 |
SID: | 2803274 |
Source Port: | 49702 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 2024-07-26T09:03:44.316920+0200 |
SID: | 2022930 |
Source Port: | 443 |
Destination Port: | 55796 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Location Tracking |
---|
Source: | DNS query: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 3_2_0127F150 | |
Source: | Code function: | 3_2_0127F33C | |
Source: | Code function: | 3_2_0127F7F1 | |
Source: | Code function: | 3_2_05A32DC0 | |
Source: | Code function: | 3_2_05A3F1C8 | |
Source: | Code function: | 3_2_05A32DD0 | |
Source: | Code function: | 3_2_05A33116 | |
Source: | Code function: | 3_2_05A3E918 | |
Source: | Code function: | 3_2_05A32970 | |
Source: | Code function: | 3_2_05A3ED70 | |
Source: | Code function: | 3_2_05A3E4C0 | |
Source: | Code function: | 3_2_05A3DC10 | |
Source: | Code function: | 3_2_05A3E068 | |
Source: | Code function: | 3_2_05A30040 | |
Source: | Code function: | 3_2_05A30853 | |
Source: | Code function: | 3_2_05A3D7B8 | |
Source: | Code function: | 3_2_05A30B30 | |
Source: | Code function: | 3_2_05A30B30 | |
Source: | Code function: | 3_2_05A3CF08 | |
Source: | Code function: | 3_2_05A3D360 | |
Source: | Code function: | 3_2_05A3F620 | |
Source: | Code function: | 3_2_05A30673 | |
Source: | Code function: | 3_2_05A3FA78 |
Networking |
---|
Source: | DNS query: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Large array initialization: |
Source: | Static PE information: |
Source: | Process Stats: |
Source: | Code function: | 1_2_04C86F4C | |
Source: | Code function: | 1_2_04C83E3C | |
Source: | Code function: | 1_2_04C85858 | |
Source: | Code function: | 1_2_04C85868 | |
Source: | Code function: | 1_2_04C87810 | |
Source: | Code function: | 1_2_04DD65D0 | |
Source: | Code function: | 1_2_04DDE4F4 | |
Source: | Code function: | 1_2_04DD7328 | |
Source: | Code function: | 1_2_04DF75C0 | |
Source: | Code function: | 1_2_04DF4640 | |
Source: | Code function: | 1_2_04DFB250 | |
Source: | Code function: | 1_2_04DFB260 | |
Source: | Code function: | 1_2_04DF3B60 | |
Source: | Code function: | 1_2_06B77240 | |
Source: | Code function: | 1_2_06B70040 | |
Source: | Code function: | 1_2_06B746B0 | |
Source: | Code function: | 1_2_06B746A2 | |
Source: | Code function: | 1_2_06B77240 | |
Source: | Code function: | 1_2_06B72FD8 | |
Source: | Code function: | 1_2_06B73410 | |
Source: | Code function: | 1_2_06B73400 | |
Source: | Code function: | 1_2_06B7A290 | |
Source: | Code function: | 1_2_06B74AE8 | |
Source: | Code function: | 1_2_06B74AD8 | |
Source: | Code function: | 1_2_06B72BA0 | |
Source: | Code function: | 1_2_06B72B80 | |
Source: | Code function: | 1_2_06B70006 | |
Source: | Code function: | 3_2_0127C146 | |
Source: | Code function: | 3_2_0127A088 | |
Source: | Code function: | 3_2_01275362 | |
Source: | Code function: | 3_2_0127D2CA | |
Source: | Code function: | 3_2_0127D599 | |
Source: | Code function: | 3_2_0127C468 | |
Source: | Code function: | 3_2_0127C738 | |
Source: | Code function: | 3_2_012769A0 | |
Source: | Code function: | 3_2_012729E0 | |
Source: | Code function: | 3_2_0127CD28 | |
Source: | Code function: | 3_2_0127EC18 | |
Source: | Code function: | 3_2_0127CFF7 | |
Source: | Code function: | 3_2_01276FC8 | |
Source: | Code function: | 3_2_0127F7F1 | |
Source: | Code function: | 3_2_0127EC0A | |
Source: | Code function: | 3_2_0127FC48 | |
Source: | Code function: | 3_2_01273E09 | |
Source: | Code function: | 3_2_05A397B0 | |
Source: | Code function: | 3_2_05A35290 | |
Source: | Code function: | 3_2_05A39ED8 | |
Source: | Code function: | 3_2_05A3F1B9 | |
Source: | Code function: | 3_2_05A39590 | |
Source: | Code function: | 3_2_05A38DF9 | |
Source: | Code function: | 3_2_05A3F1C8 | |
Source: | Code function: | 3_2_05A3E908 | |
Source: | Code function: | 3_2_05A3E918 | |
Source: | Code function: | 3_2_05A32970 | |
Source: | Code function: | 3_2_05A3ED70 | |
Source: | Code function: | 3_2_05A3E4B3 | |
Source: | Code function: | 3_2_05A3E4C0 | |
Source: | Code function: | 3_2_05A30023 | |
Source: | Code function: | 3_2_05A3DC01 | |
Source: | Code function: | 3_2_05A3DC10 | |
Source: | Code function: | 3_2_05A3E068 | |
Source: | Code function: | 3_2_05A30040 | |
Source: | Code function: | 3_2_05A3E059 | |
Source: | Code function: | 3_2_05A31BA8 | |
Source: | Code function: | 3_2_05A3D7B8 | |
Source: | Code function: | 3_2_05A31B97 | |
Source: | Code function: | 3_2_05A30B20 | |
Source: | Code function: | 3_2_05A30B30 | |
Source: | Code function: | 3_2_05A3CF08 | |
Source: | Code function: | 3_2_05A3D360 | |
Source: | Code function: | 3_2_05A35280 | |
Source: | Code function: | 3_2_05A32288 | |
Source: | Code function: | 3_2_05A3F620 | |
Source: | Code function: | 3_2_05A38E08 | |
Source: | Code function: | 3_2_05A3F610 | |
Source: | Code function: | 3_2_05A3FA6B | |
Source: | Code function: | 3_2_05A39E69 | |
Source: | Code function: | 3_2_05A3FA78 | |
Source: | Code function: | 3_2_05A32278 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 1_2_00B50996 | |
Source: | Code function: | 1_2_00B50992 | |
Source: | Code function: | 1_2_00B5099A |
Source: | Static PE information: |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File source: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 3_2_05A397B0 |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 111 Process Injection | 1 Masquerading | 1 OS Credential Dumping | 1 Query Registry | Remote Services | 1 Email Collection | 1 Web Service | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 1 Security Software Discovery | Remote Desktop Protocol | 11 Archive Collected Data | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 31 Virtualization/Sandbox Evasion | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | 1 Data from Local System | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 111 Process Injection | NTDS | 31 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | 3 Non-Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 3 Obfuscated Files or Information | Cached Domain Credentials | 1 System Network Configuration Discovery | VNC | GUI Input Capture | 14 Application Layer Protocol | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 12 Software Packing | DCSync | 13 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
41% | Virustotal | Browse | ||
47% | ReversingLabs | ByteCode-MSIL.Trojan.SnakeStealer | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
12% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
3% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
15% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
15% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
mail.moonbrosurgical.com | 203.124.44.4 | true | false |
| unknown |
reallyfreegeoip.org | 188.114.97.3 | true | true |
| unknown |
api.telegram.org | 149.154.167.220 | true | true |
| unknown |
checkip.dyndns.com | 193.122.6.168 | true | false |
| unknown |
15.164.165.52.in-addr.arpa | unknown | unknown | true |
| unknown |
checkip.dyndns.org | unknown | unknown | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown | |
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | true | |
188.114.97.3 | reallyfreegeoip.org | European Union | 13335 | CLOUDFLARENETUS | true | |
203.124.44.4 | mail.moonbrosurgical.com | Pakistan | 7590 | COMSATSCommissiononScienceandTechnologyforPK | false | |
193.122.6.168 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1482843 |
Start date and time: | 2024-07-26 09:02:08 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 9m 30s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 19 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | new order 00041221.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/1@6/4 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
03:03:04 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
149.154.167.220 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | AsyncRAT, Neshta, StormKitty, WorldWind Stealer | Browse | |||
Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
188.114.97.3 | Get hash | malicious | Remcos | Browse |
| |
Get hash | malicious | Amadey, GO Backdoor | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | CobaltStrike | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
203.124.44.4 | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | ||
193.122.6.168 | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
reallyfreegeoip.org | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
checkip.dyndns.com | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
api.telegram.org | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | AsyncRAT, Neshta, StormKitty, WorldWind Stealer | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
mail.moonbrosurgical.com | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ORACLE-BMC-31898US | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
TELEGRAMRU | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | StormKitty | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | Amadey, Babadeda, RedLine, Stealc, Vidar | Browse |
| |
Get hash | malicious | Babadeda | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Babadeda | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
COMSATSCommissiononScienceandTechnologyforPK | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | Quasar | Browse |
| ||
Get hash | malicious | Lokibot | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | CryptOne | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | StormKitty | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Users\user\Desktop\new order 00041221.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1216 |
Entropy (8bit): | 5.34331486778365 |
Encrypted: | false |
SSDEEP: | 24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ |
MD5: | 1330C80CAAC9A0FB172F202485E9B1E8 |
SHA1: | 86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492 |
SHA-256: | B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560 |
SHA-512: | 75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2 |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 7.862704704273304 |
TrID: |
|
File name: | new order 00041221.exe |
File size: | 740'864 bytes |
MD5: | f0c82f395d37fa87114ca7ef075695c8 |
SHA1: | 06df165721ef1544251108d1af927786ea7de870 |
SHA256: | d954045a10b2292df4e754ad6f1c5350c82ce0a75d2cd9275ada797eca2c413f |
SHA512: | 145f6655175992ee8d5526aea9e8dc281b243183a7c96fb170f63b620bcc39cbca7caa75672f02968deef34a5bc51bba4b82b89755145f0c5446cc63a5581430 |
SSDEEP: | 12288:pTNYsbvttIEsckdcJvb0wSeIRT8d8OX4SOE0+N3bve6wJC+WrNnv0Y3S3yo3PeJW:tNYsbvttIRZm4SHHNZrNnvGyo3q |
TLSH: | 6BF4122D56AA9F57CB3D87B9F09220440774E029F283F75E5EC1E4E80E627D4C8976A3 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z..f.................D...........c... ........@.. ....................................@................................ |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x4b638e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66A3037A [Fri Jul 26 02:01:30 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xb6334 | 0x57 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xb8000 | 0x600 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xba000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0xb4394 | 0xb4400 | f2c21709783cfecf3bab12beb0a753c9 | False | 0.9138281791782247 | data | 7.869956261157549 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0xb8000 | 0x600 | 0x600 | 8cc51061b76e2ed9a4b6d2ac40a49596 | False | 0.4446614583333333 | data | 4.208815747903402 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xba000 | 0xc | 0x200 | 1ec507a80a6c9a0a331e6f4c2391e4c1 | False | 0.044921875 | data | 0.10191042566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0xb8090 | 0x354 | data | 0.4460093896713615 | ||
RT_MANIFEST | 0xb83f4 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5489795918367347 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Protocol | SID | Signature | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
2024-07-26T09:03:24.118819+0200 | TCP | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 49720 | 443 | 192.168.2.7 | 188.114.97.3 |
2024-07-26T09:03:09.919075+0200 | TCP | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 49706 | 443 | 192.168.2.7 | 188.114.97.3 |
2024-07-26T09:03:45.702091+0200 | TCP | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 443 | 55797 | 40.127.169.103 | 192.168.2.7 |
2024-07-26T09:03:10.643717+0200 | TCP | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 49707 | 80 | 192.168.2.7 | 193.122.6.168 |
2024-07-26T09:03:09.300053+0200 | TCP | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 49702 | 80 | 192.168.2.7 | 193.122.6.168 |
2024-07-26T09:03:24.465395+0200 | TCP | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 443 | 49717 | 52.165.165.26 | 192.168.2.7 |
2024-07-26T09:03:06.940575+0200 | TCP | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 49702 | 80 | 192.168.2.7 | 193.122.6.168 |
2024-07-26T09:03:44.316920+0200 | TCP | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 443 | 55796 | 40.127.169.103 | 192.168.2.7 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 26, 2024 09:03:05.825613022 CEST | 49702 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:05.831568956 CEST | 80 | 49702 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:05.831721067 CEST | 49702 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:05.832084894 CEST | 49702 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:05.837492943 CEST | 80 | 49702 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:06.531081915 CEST | 80 | 49702 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:06.535823107 CEST | 49702 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:06.540728092 CEST | 80 | 49702 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:06.891879082 CEST | 80 | 49702 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:06.940574884 CEST | 49702 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:06.955890894 CEST | 49703 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:06.955939054 CEST | 443 | 49703 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:06.956557035 CEST | 49703 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:06.963951111 CEST | 49703 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:06.963975906 CEST | 443 | 49703 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:07.438919067 CEST | 443 | 49703 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:07.439071894 CEST | 49703 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:07.444463015 CEST | 49703 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:07.444472075 CEST | 443 | 49703 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:07.444812059 CEST | 443 | 49703 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:07.487534046 CEST | 49703 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:07.505680084 CEST | 49703 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:07.548540115 CEST | 443 | 49703 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:07.960217953 CEST | 443 | 49703 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:07.960319042 CEST | 443 | 49703 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:07.960413933 CEST | 49703 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:07.969619036 CEST | 49703 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:07.992885113 CEST | 49702 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:07.998681068 CEST | 80 | 49702 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:09.247378111 CEST | 80 | 49702 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:09.250452042 CEST | 49706 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:09.250489950 CEST | 443 | 49706 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:09.250610113 CEST | 49706 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:09.250868082 CEST | 49706 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:09.250881910 CEST | 443 | 49706 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:09.300052881 CEST | 49702 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:09.761877060 CEST | 443 | 49706 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:09.774473906 CEST | 49706 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:09.774568081 CEST | 443 | 49706 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:09.919105053 CEST | 443 | 49706 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:09.919323921 CEST | 443 | 49706 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:09.919392109 CEST | 49706 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:09.919786930 CEST | 49706 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:09.923782110 CEST | 49702 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:09.924933910 CEST | 49707 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:09.929918051 CEST | 80 | 49707 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:09.930032969 CEST | 49707 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:09.930144072 CEST | 49707 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:09.930629015 CEST | 80 | 49702 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:09.930855036 CEST | 49702 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:09.934993029 CEST | 80 | 49707 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:10.593067884 CEST | 80 | 49707 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:10.594641924 CEST | 49709 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:10.594716072 CEST | 443 | 49709 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:10.594796896 CEST | 49709 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:10.595124006 CEST | 49709 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:10.595141888 CEST | 443 | 49709 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:10.643717051 CEST | 49707 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:11.080826998 CEST | 443 | 49709 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:11.083190918 CEST | 49709 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:11.083239079 CEST | 443 | 49709 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:11.215873957 CEST | 443 | 49709 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:11.215966940 CEST | 443 | 49709 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:11.216449976 CEST | 49709 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:11.216864109 CEST | 49709 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:11.222276926 CEST | 49710 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:11.227142096 CEST | 80 | 49710 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:11.227317095 CEST | 49710 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:11.227489948 CEST | 49710 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:11.232238054 CEST | 80 | 49710 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:13.940898895 CEST | 80 | 49710 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:13.954924107 CEST | 49711 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:13.987483025 CEST | 49710 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:14.185848951 CEST | 80 | 49710 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:14.185941935 CEST | 49710 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:14.186134100 CEST | 80 | 49711 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:14.186222076 CEST | 49711 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:14.186454058 CEST | 49711 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:14.191287041 CEST | 80 | 49711 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:16.051285028 CEST | 80 | 49711 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:16.069993019 CEST | 49712 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:16.070053101 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:16.070143938 CEST | 49712 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:16.076559067 CEST | 49712 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:16.076590061 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:16.076704979 CEST | 49710 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:16.082537889 CEST | 80 | 49710 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:16.087300062 CEST | 49710 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:16.096885920 CEST | 49711 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:16.577074051 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:16.582406998 CEST | 49712 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:16.582432032 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:16.719886065 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:16.719976902 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:16.720025063 CEST | 49712 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:16.723089933 CEST | 49712 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:16.782828093 CEST | 49711 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:16.786812067 CEST | 49713 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:16.788384914 CEST | 80 | 49711 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:16.788434982 CEST | 49711 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:16.791650057 CEST | 80 | 49713 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:16.791708946 CEST | 49713 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:16.791847944 CEST | 49713 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:16.796879053 CEST | 80 | 49713 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:19.046257019 CEST | 80 | 49713 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:19.048593044 CEST | 49714 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:19.048628092 CEST | 443 | 49714 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:19.048765898 CEST | 49714 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:19.049093008 CEST | 49714 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:19.049105883 CEST | 443 | 49714 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:19.097068071 CEST | 49713 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:19.511085987 CEST | 443 | 49714 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:19.512948036 CEST | 49714 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:19.512973070 CEST | 443 | 49714 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:19.632844925 CEST | 443 | 49714 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:19.632921934 CEST | 443 | 49714 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:19.632999897 CEST | 49714 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:19.633580923 CEST | 49714 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:19.637445927 CEST | 49713 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:19.638541937 CEST | 49715 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:19.643400908 CEST | 80 | 49713 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:19.643529892 CEST | 49713 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:19.643709898 CEST | 80 | 49715 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:19.643805027 CEST | 49715 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:19.643990040 CEST | 49715 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:19.649305105 CEST | 80 | 49715 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:22.177618027 CEST | 80 | 49715 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:22.179352999 CEST | 49716 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:22.179400921 CEST | 443 | 49716 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:22.179471016 CEST | 49716 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:22.179747105 CEST | 49716 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:22.179758072 CEST | 443 | 49716 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:22.221874952 CEST | 49715 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:22.641446114 CEST | 443 | 49716 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:22.643264055 CEST | 49716 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:22.643302917 CEST | 443 | 49716 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:22.790102005 CEST | 443 | 49716 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:22.790200949 CEST | 443 | 49716 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:22.790254116 CEST | 49716 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:22.796539068 CEST | 49716 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:22.827532053 CEST | 49715 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:22.828885078 CEST | 49718 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:22.833036900 CEST | 80 | 49715 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:22.833084106 CEST | 49715 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:22.833739042 CEST | 80 | 49718 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:22.833801031 CEST | 49718 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:22.834057093 CEST | 49718 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:22.839128971 CEST | 80 | 49718 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:23.482217073 CEST | 80 | 49718 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:23.483360052 CEST | 49720 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:23.483395100 CEST | 443 | 49720 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:23.483465910 CEST | 49720 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:23.483668089 CEST | 49720 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:23.483678102 CEST | 443 | 49720 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:23.534396887 CEST | 49718 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:23.965667009 CEST | 443 | 49720 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:23.967667103 CEST | 49720 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:23.967699051 CEST | 443 | 49720 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:24.118855000 CEST | 443 | 49720 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:24.119066954 CEST | 443 | 49720 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:24.119179010 CEST | 49720 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:24.119705915 CEST | 49720 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:24.137238026 CEST | 49718 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:24.140444040 CEST | 49722 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:24.142745972 CEST | 80 | 49718 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:24.142842054 CEST | 49718 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:24.145524979 CEST | 80 | 49722 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:24.145667076 CEST | 49722 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:24.147607088 CEST | 49722 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:24.152587891 CEST | 80 | 49722 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:26.356765985 CEST | 80 | 49722 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:26.359874010 CEST | 49725 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:26.359915972 CEST | 443 | 49725 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:26.360249043 CEST | 49725 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:26.360435009 CEST | 49725 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:26.360445976 CEST | 443 | 49725 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:26.409490108 CEST | 49722 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:26.864325047 CEST | 443 | 49725 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:26.878006935 CEST | 49725 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:26.878038883 CEST | 443 | 49725 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:27.017858982 CEST | 443 | 49725 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:27.017968893 CEST | 443 | 49725 | 188.114.97.3 | 192.168.2.7 |
Jul 26, 2024 09:03:27.018022060 CEST | 49725 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:27.019392014 CEST | 49725 | 443 | 192.168.2.7 | 188.114.97.3 |
Jul 26, 2024 09:03:27.043045998 CEST | 49722 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:27.048341036 CEST | 80 | 49722 | 193.122.6.168 | 192.168.2.7 |
Jul 26, 2024 09:03:27.048403978 CEST | 49722 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:27.051434994 CEST | 49726 | 443 | 192.168.2.7 | 149.154.167.220 |
Jul 26, 2024 09:03:27.051460028 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.7 |
Jul 26, 2024 09:03:27.051536083 CEST | 49726 | 443 | 192.168.2.7 | 149.154.167.220 |
Jul 26, 2024 09:03:27.052506924 CEST | 49726 | 443 | 192.168.2.7 | 149.154.167.220 |
Jul 26, 2024 09:03:27.052516937 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.7 |
Jul 26, 2024 09:03:27.673579931 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.7 |
Jul 26, 2024 09:03:27.673825026 CEST | 49726 | 443 | 192.168.2.7 | 149.154.167.220 |
Jul 26, 2024 09:03:27.734774113 CEST | 49726 | 443 | 192.168.2.7 | 149.154.167.220 |
Jul 26, 2024 09:03:27.734791994 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.7 |
Jul 26, 2024 09:03:27.735407114 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.7 |
Jul 26, 2024 09:03:27.739933968 CEST | 49726 | 443 | 192.168.2.7 | 149.154.167.220 |
Jul 26, 2024 09:03:27.780513048 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.7 |
Jul 26, 2024 09:03:27.918943882 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.7 |
Jul 26, 2024 09:03:27.919035912 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.7 |
Jul 26, 2024 09:03:27.919100046 CEST | 49726 | 443 | 192.168.2.7 | 149.154.167.220 |
Jul 26, 2024 09:03:27.922861099 CEST | 49726 | 443 | 192.168.2.7 | 149.154.167.220 |
Jul 26, 2024 09:03:33.156932116 CEST | 49707 | 80 | 192.168.2.7 | 193.122.6.168 |
Jul 26, 2024 09:03:34.440284014 CEST | 49727 | 2525 | 192.168.2.7 | 203.124.44.4 |
Jul 26, 2024 09:03:34.445215940 CEST | 2525 | 49727 | 203.124.44.4 | 192.168.2.7 |
Jul 26, 2024 09:03:34.445343971 CEST | 49727 | 2525 | 192.168.2.7 | 203.124.44.4 |
Jul 26, 2024 09:03:36.176240921 CEST | 2525 | 49727 | 203.124.44.4 | 192.168.2.7 |
Jul 26, 2024 09:03:36.176511049 CEST | 49727 | 2525 | 192.168.2.7 | 203.124.44.4 |
Jul 26, 2024 09:03:36.181655884 CEST | 2525 | 49727 | 203.124.44.4 | 192.168.2.7 |
Jul 26, 2024 09:03:36.523237944 CEST | 2525 | 49727 | 203.124.44.4 | 192.168.2.7 |
Jul 26, 2024 09:03:36.523497105 CEST | 49727 | 2525 | 192.168.2.7 | 203.124.44.4 |
Jul 26, 2024 09:03:36.529000044 CEST | 2525 | 49727 | 203.124.44.4 | 192.168.2.7 |
Jul 26, 2024 09:03:36.842788935 CEST | 2525 | 49727 | 203.124.44.4 | 192.168.2.7 |
Jul 26, 2024 09:03:36.843630075 CEST | 49727 | 2525 | 192.168.2.7 | 203.124.44.4 |
Jul 26, 2024 09:03:36.848593950 CEST | 2525 | 49727 | 203.124.44.4 | 192.168.2.7 |
Jul 26, 2024 09:03:37.172761917 CEST | 2525 | 49727 | 203.124.44.4 | 192.168.2.7 |
Jul 26, 2024 09:03:37.172775984 CEST | 2525 | 49727 | 203.124.44.4 | 192.168.2.7 |
Jul 26, 2024 09:03:37.172787905 CEST | 2525 | 49727 | 203.124.44.4 | 192.168.2.7 |
Jul 26, 2024 09:03:37.172964096 CEST | 49727 | 2525 | 192.168.2.7 | 203.124.44.4 |
Jul 26, 2024 09:03:37.201371908 CEST | 49727 | 2525 | 192.168.2.7 | 203.124.44.4 |
Jul 26, 2024 09:03:37.206260920 CEST | 2525 | 49727 | 203.124.44.4 | 192.168.2.7 |
Jul 26, 2024 09:03:37.523972034 CEST | 2525 | 49727 | 203.124.44.4 | 192.168.2.7 |
Jul 26, 2024 09:03:37.527039051 CEST | 49727 | 2525 | 192.168.2.7 | 203.124.44.4 |
Jul 26, 2024 09:03:37.532322884 CEST | 2525 | 49727 | 203.124.44.4 | 192.168.2.7 |
Jul 26, 2024 09:03:37.851963043 CEST | 2525 | 49727 | 203.124.44.4 | 192.168.2.7 |
Jul 26, 2024 09:03:37.853307962 CEST | 49727 | 2525 | 192.168.2.7 | 203.124.44.4 |
Jul 26, 2024 09:03:37.859302998 CEST | 2525 | 49727 | 203.124.44.4 | 192.168.2.7 |
Jul 26, 2024 09:03:38.166686058 CEST | 2525 | 49727 | 203.124.44.4 | 192.168.2.7 |
Jul 26, 2024 09:03:38.180031061 CEST | 49727 | 2525 | 192.168.2.7 | 203.124.44.4 |
Jul 26, 2024 09:03:38.184792995 CEST | 2525 | 49727 | 203.124.44.4 | 192.168.2.7 |
Jul 26, 2024 09:03:40.522603035 CEST | 2525 | 49727 | 203.124.44.4 | 192.168.2.7 |
Jul 26, 2024 09:03:40.523319960 CEST | 49727 | 2525 | 192.168.2.7 | 203.124.44.4 |
Jul 26, 2024 09:03:40.528223991 CEST | 2525 | 49727 | 203.124.44.4 | 192.168.2.7 |
Jul 26, 2024 09:03:40.842854977 CEST | 2525 | 49727 | 203.124.44.4 | 192.168.2.7 |
Jul 26, 2024 09:03:40.843704939 CEST | 2525 | 49727 | 203.124.44.4 | 192.168.2.7 |
Jul 26, 2024 09:03:40.843766928 CEST | 49727 | 2525 | 192.168.2.7 | 203.124.44.4 |
Jul 26, 2024 09:03:40.850321054 CEST | 49727 | 2525 | 192.168.2.7 | 203.124.44.4 |
Jul 26, 2024 09:03:40.855396986 CEST | 2525 | 49727 | 203.124.44.4 | 192.168.2.7 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 26, 2024 09:03:05.810882092 CEST | 52429 | 53 | 192.168.2.7 | 1.1.1.1 |
Jul 26, 2024 09:03:05.818300962 CEST | 53 | 52429 | 1.1.1.1 | 192.168.2.7 |
Jul 26, 2024 09:03:06.947355032 CEST | 50025 | 53 | 192.168.2.7 | 1.1.1.1 |
Jul 26, 2024 09:03:06.955200911 CEST | 53 | 50025 | 1.1.1.1 | 192.168.2.7 |
Jul 26, 2024 09:03:27.042723894 CEST | 50679 | 53 | 192.168.2.7 | 1.1.1.1 |
Jul 26, 2024 09:03:27.050193071 CEST | 53 | 50679 | 1.1.1.1 | 192.168.2.7 |
Jul 26, 2024 09:03:33.355645895 CEST | 59996 | 53 | 192.168.2.7 | 1.1.1.1 |
Jul 26, 2024 09:03:34.363585949 CEST | 59996 | 53 | 192.168.2.7 | 1.1.1.1 |
Jul 26, 2024 09:03:34.434303999 CEST | 53 | 59996 | 1.1.1.1 | 192.168.2.7 |
Jul 26, 2024 09:03:34.434468031 CEST | 53 | 59996 | 1.1.1.1 | 192.168.2.7 |
Jul 26, 2024 09:03:39.604254007 CEST | 53 | 49769 | 162.159.36.2 | 192.168.2.7 |
Jul 26, 2024 09:03:40.088443041 CEST | 65345 | 53 | 192.168.2.7 | 1.1.1.1 |
Jul 26, 2024 09:03:40.096103907 CEST | 53 | 65345 | 1.1.1.1 | 192.168.2.7 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jul 26, 2024 09:03:05.810882092 CEST | 192.168.2.7 | 1.1.1.1 | 0x9736 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 26, 2024 09:03:06.947355032 CEST | 192.168.2.7 | 1.1.1.1 | 0x7fcf | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 26, 2024 09:03:27.042723894 CEST | 192.168.2.7 | 1.1.1.1 | 0x32a2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 26, 2024 09:03:33.355645895 CEST | 192.168.2.7 | 1.1.1.1 | 0x2142 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 26, 2024 09:03:34.363585949 CEST | 192.168.2.7 | 1.1.1.1 | 0x2142 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 26, 2024 09:03:40.088443041 CEST | 192.168.2.7 | 1.1.1.1 | 0xffe | Standard query (0) | PTR (Pointer record) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 26, 2024 09:03:05.818300962 CEST | 1.1.1.1 | 192.168.2.7 | 0x9736 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 26, 2024 09:03:05.818300962 CEST | 1.1.1.1 | 192.168.2.7 | 0x9736 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
Jul 26, 2024 09:03:05.818300962 CEST | 1.1.1.1 | 192.168.2.7 | 0x9736 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
Jul 26, 2024 09:03:05.818300962 CEST | 1.1.1.1 | 192.168.2.7 | 0x9736 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
Jul 26, 2024 09:03:05.818300962 CEST | 1.1.1.1 | 192.168.2.7 | 0x9736 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
Jul 26, 2024 09:03:05.818300962 CEST | 1.1.1.1 | 192.168.2.7 | 0x9736 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
Jul 26, 2024 09:03:06.955200911 CEST | 1.1.1.1 | 192.168.2.7 | 0x7fcf | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Jul 26, 2024 09:03:06.955200911 CEST | 1.1.1.1 | 192.168.2.7 | 0x7fcf | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Jul 26, 2024 09:03:27.050193071 CEST | 1.1.1.1 | 192.168.2.7 | 0x32a2 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false | ||
Jul 26, 2024 09:03:34.434303999 CEST | 1.1.1.1 | 192.168.2.7 | 0x2142 | No error (0) | 203.124.44.4 | A (IP address) | IN (0x0001) | false | ||
Jul 26, 2024 09:03:34.434468031 CEST | 1.1.1.1 | 192.168.2.7 | 0x2142 | No error (0) | 203.124.44.4 | A (IP address) | IN (0x0001) | false | ||
Jul 26, 2024 09:03:40.096103907 CEST | 1.1.1.1 | 192.168.2.7 | 0xffe | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.7 | 49702 | 193.122.6.168 | 80 | 5292 | C:\Users\user\Desktop\new order 00041221.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 26, 2024 09:03:05.832084894 CEST | 151 | OUT | |
Jul 26, 2024 09:03:06.531081915 CEST | 320 | IN | |
Jul 26, 2024 09:03:06.535823107 CEST | 127 | OUT | |
Jul 26, 2024 09:03:06.891879082 CEST | 320 | IN | |
Jul 26, 2024 09:03:07.992885113 CEST | 127 | OUT | |
Jul 26, 2024 09:03:09.247378111 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.7 | 49707 | 193.122.6.168 | 80 | 5292 | C:\Users\user\Desktop\new order 00041221.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 26, 2024 09:03:09.930144072 CEST | 127 | OUT | |
Jul 26, 2024 09:03:10.593067884 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.7 | 49710 | 193.122.6.168 | 80 | 5292 | C:\Users\user\Desktop\new order 00041221.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 26, 2024 09:03:11.227489948 CEST | 151 | OUT | |
Jul 26, 2024 09:03:13.940898895 CEST | 730 | IN | |
Jul 26, 2024 09:03:14.185848951 CEST | 730 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.7 | 49711 | 193.122.6.168 | 80 | 5292 | C:\Users\user\Desktop\new order 00041221.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 26, 2024 09:03:14.186454058 CEST | 151 | OUT | |
Jul 26, 2024 09:03:16.051285028 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.7 | 49713 | 193.122.6.168 | 80 | 5292 | C:\Users\user\Desktop\new order 00041221.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 26, 2024 09:03:16.791847944 CEST | 151 | OUT | |
Jul 26, 2024 09:03:19.046257019 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.7 | 49715 | 193.122.6.168 | 80 | 5292 | C:\Users\user\Desktop\new order 00041221.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 26, 2024 09:03:19.643990040 CEST | 151 | OUT | |
Jul 26, 2024 09:03:22.177618027 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.7 | 49718 | 193.122.6.168 | 80 | 5292 | C:\Users\user\Desktop\new order 00041221.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 26, 2024 09:03:22.834057093 CEST | 151 | OUT | |
Jul 26, 2024 09:03:23.482217073 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.7 | 49722 | 193.122.6.168 | 80 | 5292 | C:\Users\user\Desktop\new order 00041221.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 26, 2024 09:03:24.147607088 CEST | 151 | OUT | |
Jul 26, 2024 09:03:26.356765985 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.7 | 49703 | 188.114.97.3 | 443 | 5292 | C:\Users\user\Desktop\new order 00041221.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-26 07:03:07 UTC | 84 | OUT | |
2024-07-26 07:03:07 UTC | 704 | IN | |
2024-07-26 07:03:07 UTC | 340 | IN | |
2024-07-26 07:03:07 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.7 | 49706 | 188.114.97.3 | 443 | 5292 | C:\Users\user\Desktop\new order 00041221.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-26 07:03:09 UTC | 60 | OUT | |
2024-07-26 07:03:09 UTC | 706 | IN | |
2024-07-26 07:03:09 UTC | 340 | IN | |
2024-07-26 07:03:09 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.7 | 49709 | 188.114.97.3 | 443 | 5292 | C:\Users\user\Desktop\new order 00041221.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-26 07:03:11 UTC | 84 | OUT | |
2024-07-26 07:03:11 UTC | 708 | IN | |
2024-07-26 07:03:11 UTC | 340 | IN | |
2024-07-26 07:03:11 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.7 | 49712 | 188.114.97.3 | 443 | 5292 | C:\Users\user\Desktop\new order 00041221.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-26 07:03:16 UTC | 84 | OUT | |
2024-07-26 07:03:16 UTC | 702 | IN | |
2024-07-26 07:03:16 UTC | 340 | IN | |
2024-07-26 07:03:16 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.7 | 49714 | 188.114.97.3 | 443 | 5292 | C:\Users\user\Desktop\new order 00041221.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-26 07:03:19 UTC | 84 | OUT | |
2024-07-26 07:03:19 UTC | 709 | IN | |
2024-07-26 07:03:19 UTC | 340 | IN | |
2024-07-26 07:03:19 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.7 | 49716 | 188.114.97.3 | 443 | 5292 | C:\Users\user\Desktop\new order 00041221.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-26 07:03:22 UTC | 84 | OUT | |
2024-07-26 07:03:22 UTC | 703 | IN | |
2024-07-26 07:03:22 UTC | 340 | IN | |
2024-07-26 07:03:22 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.7 | 49720 | 188.114.97.3 | 443 | 5292 | C:\Users\user\Desktop\new order 00041221.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-26 07:03:23 UTC | 60 | OUT | |
2024-07-26 07:03:24 UTC | 713 | IN | |
2024-07-26 07:03:24 UTC | 340 | IN | |
2024-07-26 07:03:24 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.7 | 49725 | 188.114.97.3 | 443 | 5292 | C:\Users\user\Desktop\new order 00041221.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-26 07:03:26 UTC | 84 | OUT | |
2024-07-26 07:03:27 UTC | 705 | IN | |
2024-07-26 07:03:27 UTC | 340 | IN | |
2024-07-26 07:03:27 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.7 | 49726 | 149.154.167.220 | 443 | 5292 | C:\Users\user\Desktop\new order 00041221.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-26 07:03:27 UTC | 349 | OUT | |
2024-07-26 07:03:27 UTC | 344 | IN | |
2024-07-26 07:03:27 UTC | 55 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 1 |
Start time: | 03:03:04 |
Start date: | 26/07/2024 |
Path: | C:\Users\user\Desktop\new order 00041221.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x280000 |
File size: | 740'864 bytes |
MD5 hash: | F0C82F395D37FA87114CA7EF075695C8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 03:03:05 |
Start date: | 26/07/2024 |
Path: | C:\Users\user\Desktop\new order 00041221.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xbd0000 |
File size: | 740'864 bytes |
MD5 hash: | F0C82F395D37FA87114CA7EF075695C8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 11.4% |
Dynamic/Decrypted Code Coverage: | 91.5% |
Signature Coverage: | 0.9% |
Total number of Nodes: | 328 |
Total number of Limit Nodes: | 22 |
Graph
Function 04DF4640 Relevance: 2.9, Instructions: 2895COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04DD65D0 Relevance: .5, Instructions: 478COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04DF75C0 Relevance: .4, Instructions: 441COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04C86F4C Relevance: .3, Instructions: 253COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04C87810 Relevance: .2, Instructions: 221COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06B77240 Relevance: .2, Instructions: 165COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06B70006 Relevance: .1, Instructions: 89COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06B70040 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04C82D49 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04C82D58 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04C873B1 Relevance: 1.8, APIs: 1, Instructions: 297COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04C80A48 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04C87510 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B564FC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04C8704C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B54CF8 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06B75641 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06B753B9 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04C82F98 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06B75648 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06B753C0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04C82FA0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06B75490 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04C80460 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04C80EB8 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06B75498 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06B75309 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04DD0F5C Relevance: 1.6, APIs: 1, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06B75310 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04DD171F Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04C80C38 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06B78359 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06B78360 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00AFD53C Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B0D1D4 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B0D0EC Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00AFD537 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B0D0E7 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B0D1CF Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00AFD759 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00AFD758 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04DD7328 Relevance: .9, Instructions: 898COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04DF3B60 Relevance: .5, Instructions: 453COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06B7A290 Relevance: .4, Instructions: 356COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04C85868 Relevance: .3, Instructions: 315COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06B746B0 Relevance: .3, Instructions: 312COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06B72FD8 Relevance: .3, Instructions: 312COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06B73410 Relevance: .3, Instructions: 312COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06B74AE8 Relevance: .3, Instructions: 312COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06B72BA0 Relevance: .3, Instructions: 312COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04DFB250 Relevance: .3, Instructions: 272COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04DDE4F4 Relevance: .3, Instructions: 270COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04DFB260 Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04C83E3C Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04C85858 Relevance: .2, Instructions: 222COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06B72B80 Relevance: .1, Instructions: 143COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06B73400 Relevance: .1, Instructions: 133COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06B746A2 Relevance: .1, Instructions: 132COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06B74AD8 Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 14.2% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 11 |
Total number of Limit Nodes: | 2 |
Graph
Function 05A397B0 Relevance: 1.9, APIs: 1, Instructions: 357COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0127A088 Relevance: .9, Instructions: 899COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012729E0 Relevance: .8, Instructions: 844COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012769A0 Relevance: .5, Instructions: 516COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01276FC8 Relevance: .5, Instructions: 462COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0127C146 Relevance: .2, Instructions: 231COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01275362 Relevance: .2, Instructions: 193COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0127CD28 Relevance: .2, Instructions: 191COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0127C468 Relevance: .2, Instructions: 190COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0127CFF7 Relevance: .2, Instructions: 187COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0127D2CA Relevance: .2, Instructions: 186COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0127D599 Relevance: .2, Instructions: 185COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0127C738 Relevance: .2, Instructions: 185COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0127EC0A Relevance: .1, Instructions: 149COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0127EC18 Relevance: .1, Instructions: 147COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05A39B94 Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01278490 Relevance: .7, Instructions: 706COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0127E2A8 Relevance: .6, Instructions: 647COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01278481 Relevance: .6, Instructions: 571COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01270C8F Relevance: .5, Instructions: 545COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01270CA0 Relevance: .5, Instructions: 539COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012776F1 Relevance: .5, Instructions: 476COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01275F38 Relevance: .3, Instructions: 326COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01276498 Relevance: .2, Instructions: 231COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0127AEF0 Relevance: .2, Instructions: 207COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012780D8 Relevance: .2, Instructions: 201COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0127F5AF Relevance: .2, Instructions: 155COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01279C30 Relevance: .2, Instructions: 151COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0127D869 Relevance: .1, Instructions: 142COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012741A0 Relevance: .1, Instructions: 134COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0127A303 Relevance: .1, Instructions: 124COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01275658 Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01278370 Relevance: .1, Instructions: 89COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01278380 Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012762F0 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012728F0 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0120D468 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0121D044 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01275649 Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01279761 Relevance: .1, Instructions: 65COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01276300 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0127F4D0 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012727F0 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0120D463 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0127F4E0 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0121D03F Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01275E98 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0127EB79 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0127ABE0 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01279C2C Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012728A2 Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01276739 Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012728B0 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01278EF8 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0127AFAD Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01276748 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05A30040 Relevance: 1.8, Strings: 1, Instructions: 596COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05A30B30 Relevance: .7, Instructions: 709COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0127F7F1 Relevance: .3, Instructions: 272COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05A3F1C8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05A3E918 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05A32970 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05A3ED70 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05A3E4C0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05A3DC10 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05A3E068 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05A3D7B8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05A3CF08 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05A3D360 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05A3F620 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05A3FA78 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05A32DC0 Relevance: .2, Instructions: 221COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05A32DD0 Relevance: .2, Instructions: 220COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05A33116 Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05A30673 Relevance: .2, Instructions: 193COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0127F150 Relevance: .2, Instructions: 150COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0127F33C Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05A30853 Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|