Windows
Analysis Report
Ref#1550238.exe
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- Ref#1550238.exe (PID: 7480 cmdline:
"C:\Users\ user\Deskt op\Ref#155 0238.exe" MD5: A31BCF203BB60F13DE83211AC9D44D06)
- cleanup
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-03T15:10:03.156977+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.7 | 49896 | 5.253.86.15 | 443 | TCP |
2024-12-03T15:10:08.451556+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.7 | 49927 | 5.253.86.15 | 443 | TCP |
2024-12-03T15:10:20.407125+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.7 | 49938 | 5.253.86.15 | 443 | TCP |
2024-12-03T15:10:28.874317+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.7 | 49965 | 5.253.86.15 | 443 | TCP |
2024-12-03T15:10:48.327359+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.7 | 49983 | 5.253.86.15 | 443 | TCP |
2024-12-03T15:10:59.577294+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.7 | 49985 | 5.253.86.15 | 443 | TCP |
2024-12-03T15:11:15.124157+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.7 | 49986 | 5.253.86.15 | 443 | TCP |
2024-12-03T15:11:35.999128+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.7 | 49989 | 5.253.86.15 | 443 | TCP |
2024-12-03T15:11:53.124045+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.7 | 49990 | 5.253.86.15 | 443 | TCP |
2024-12-03T15:12:08.833318+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.7 | 49993 | 5.253.86.15 | 443 | TCP |
2024-12-03T15:12:13.530479+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.7 | 49994 | 5.253.86.15 | 443 | TCP |
2024-12-03T15:12:24.397233+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.7 | 49995 | 5.253.86.15 | 443 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_0164DA1C | |
Source: | Code function: | 0_2_056FAAF8 | |
Source: | Code function: | 0_2_056F0568 | |
Source: | Code function: | 0_2_056F0558 | |
Source: | Code function: | 0_2_056FC550 | |
Source: | Code function: | 0_2_056FC9C8 | |
Source: | Code function: | 0_2_056FC9B8 | |
Source: | Code function: | 0_2_056FAAE8 | |
Source: | Code function: | 0_2_056FAA83 |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Registry key monitored for changes: | Jump to behavior | ||
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | OS Credential Dumping | 1 Query Registry | Remote Services | 1 Archive Collected Data | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 31 Virtualization/Sandbox Evasion | LSASS Memory | 1 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | 31 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 12 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
45% | ReversingLabs | Win32.Trojan.Generic | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
oshi.at | 5.253.86.15 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
5.253.86.15 | oshi.at | Cyprus | 208046 | HOSTSLICK-GERMANYNL | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1567423 |
Start date and time: | 2024-12-03 15:07:22 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 44s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Ref#1550238.exe |
Detection: | MAL |
Classification: | mal56.winEXE@1/0@1/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ocsps.ssl.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: Ref#1550238.exe
Time | Type | Description |
---|---|---|
09:08:20 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
5.253.86.15 | Get hash | malicious | AsyncRAT, Babadeda, PureLog Stealer, zgRAT | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Amadey, Djvu, Fabookie, RedLine, SmokeLoader | Browse | |||
Get hash | malicious | Djvu, RedLine, SmokeLoader | Browse | |||
Get hash | malicious | BlackGuard, SmokeLoader | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
oshi.at | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Doenerium | Browse |
| ||
Get hash | malicious | Doenerium | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AsyncRAT, Babadeda, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | AsyncRAT, Babadeda, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | Babadeda, PureLog Stealer, Quasar, zgRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
HOSTSLICK-GERMANYNL | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Icarus | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Quasar | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | KnowBe4 | Browse |
| ||
Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
| ||
Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
| ||
Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
| ||
Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
|
File type: | |
Entropy (8bit): | 5.691852920088672 |
TrID: |
|
File name: | Ref#1550238.exe |
File size: | 348'128 bytes |
MD5: | a31bcf203bb60f13de83211ac9d44d06 |
SHA1: | 8d559c68b94f38e6886f467080cbce53a2ae1654 |
SHA256: | bd35a1c3b410026617e27fa3937f77f1a42ada6978afc36022e75c63677f897d |
SHA512: | 6404465ccf7dcbc3bcd985e68034f5c8cbc926db719397d05b3af50f9e5554cb1757080038ea7d26b451aed8c90f7d83894c1984995fff6f87bc077ad56a3b50 |
SSDEEP: | 3072:BbS0IEhKUQfHCj32o7wewfHHQoz5f8o/8Ck0cTIHXrrCbJSZ862M:9SYIWtw4W8y8cc03rObgSM |
TLSH: | F174840BF7C1D4D6DD407BB2F4974911A3A0EDC23A9FCE06295633D82D733A7698618A |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....-Ng.............................=... ...@....@.. ....................................`................................ |
Icon Hash: | b04a484c4c4a4eb0 |
Entrypoint: | 0x443dee |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x674E2DDC [Mon Dec 2 21:59:56 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Signature Valid: | false |
Signature Issuer: | CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US |
Signature Validation Error: | The digital signature of the object did not verify |
Error Number: | -2146869232 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | FF0E889D2A73C3A679605952D35452DC |
Thumbprint SHA-1: | 2C1D12F8BBE0827400A8440AF74FFFA8DCC8097C |
Thumbprint SHA-256: | A73352D67693AA16BCE2F182B15891F0F23EA0485CC18938686AAFDEE7B743E3 |
Serial: | 6DD2E3173995F51BFAC1D9FB4CB200C1 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x43da0 | 0x4b | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x44000 | 0x10e28 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x53200 | 0x1de0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x56000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x41df4 | 0x41e00 | 102d06c84424e63954a39ec2819e6137 | False | 0.3905175225332068 | data | 5.67905571766169 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x44000 | 0x10e28 | 0x11000 | f610e0855d271b56b7174997eb33bf0b | False | 0.055893841911764705 | data | 4.109331107170668 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x56000 | 0xc | 0x200 | f840735ffb5cd866dbd5b914a57abacd | False | 0.044921875 | data | 0.10191042566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x44130 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | 0.046492369572932686 | ||
RT_GROUP_ICON | 0x54958 | 0x14 | data | 1.15 | ||
RT_VERSION | 0x5496c | 0x308 | data | 0.4497422680412371 | ||
RT_MANIFEST | 0x54c74 | 0x1b4 | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (433), with no line terminators | 0.5642201834862385 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-03T15:10:03.156977+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.7 | 49896 | 5.253.86.15 | 443 | TCP |
2024-12-03T15:10:08.451556+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.7 | 49927 | 5.253.86.15 | 443 | TCP |
2024-12-03T15:10:20.407125+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.7 | 49938 | 5.253.86.15 | 443 | TCP |
2024-12-03T15:10:28.874317+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.7 | 49965 | 5.253.86.15 | 443 | TCP |
2024-12-03T15:10:48.327359+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.7 | 49983 | 5.253.86.15 | 443 | TCP |
2024-12-03T15:10:59.577294+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.7 | 49985 | 5.253.86.15 | 443 | TCP |
2024-12-03T15:11:15.124157+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.7 | 49986 | 5.253.86.15 | 443 | TCP |
2024-12-03T15:11:35.999128+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.7 | 49989 | 5.253.86.15 | 443 | TCP |
2024-12-03T15:11:53.124045+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.7 | 49990 | 5.253.86.15 | 443 | TCP |
2024-12-03T15:12:08.833318+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.7 | 49993 | 5.253.86.15 | 443 | TCP |
2024-12-03T15:12:13.530479+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.7 | 49994 | 5.253.86.15 | 443 | TCP |
2024-12-03T15:12:24.397233+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.7 | 49995 | 5.253.86.15 | 443 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 3, 2024 15:08:21.463723898 CET | 49708 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:08:21.463766098 CET | 443 | 49708 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:08:21.463856936 CET | 49708 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:08:21.505532980 CET | 49708 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:08:21.505573034 CET | 443 | 49708 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:08:23.280510902 CET | 443 | 49708 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:08:23.280611038 CET | 49708 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:08:23.286748886 CET | 49708 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:08:23.286767960 CET | 443 | 49708 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:08:23.287143946 CET | 443 | 49708 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:08:23.327337980 CET | 49708 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:08:23.391109943 CET | 49708 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:08:23.431327105 CET | 443 | 49708 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:09:13.026961088 CET | 443 | 49708 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:09:13.026987076 CET | 443 | 49708 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:09:13.027092934 CET | 49708 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:09:13.027111053 CET | 443 | 49708 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:09:13.027168036 CET | 49708 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:09:13.034759998 CET | 443 | 49708 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:09:13.034856081 CET | 49708 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:09:13.051551104 CET | 443 | 49708 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:09:13.051651001 CET | 49708 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:09:13.051661968 CET | 443 | 49708 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:09:13.106923103 CET | 49708 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:09:32.962433100 CET | 443 | 49708 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:09:32.962445974 CET | 443 | 49708 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:09:32.962548971 CET | 49708 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:09:32.978928089 CET | 443 | 49708 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:09:32.978936911 CET | 443 | 49708 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:09:32.979104996 CET | 49708 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:09:32.995775938 CET | 443 | 49708 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:09:32.995783091 CET | 443 | 49708 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:09:32.995872974 CET | 49708 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:09:33.041421890 CET | 443 | 49708 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:09:33.041547060 CET | 49708 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:09:33.058234930 CET | 443 | 49708 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:09:33.058332920 CET | 49708 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:09:33.066915035 CET | 443 | 49708 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:09:33.067001104 CET | 49708 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:09:33.149565935 CET | 443 | 49708 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:09:33.149636984 CET | 49708 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:09:50.404666901 CET | 49708 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:09:50.404751062 CET | 443 | 49708 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:09:50.404937983 CET | 443 | 49708 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:09:50.404979944 CET | 49708 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:09:50.405015945 CET | 49708 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:09:50.420574903 CET | 49896 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:09:50.420612097 CET | 443 | 49896 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:09:50.425112009 CET | 49896 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:09:50.429434061 CET | 49896 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:09:50.429450989 CET | 443 | 49896 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:09:52.252219915 CET | 443 | 49896 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:09:52.252329111 CET | 49896 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:09:52.257339001 CET | 49896 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:09:52.257347107 CET | 443 | 49896 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:09:52.257618904 CET | 443 | 49896 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:09:52.268443108 CET | 49896 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:09:52.315331936 CET | 443 | 49896 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:03.156631947 CET | 49896 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:03.156630993 CET | 49927 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:03.156694889 CET | 443 | 49927 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:03.156757116 CET | 443 | 49896 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:03.156791925 CET | 49927 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:03.156944036 CET | 443 | 49896 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:03.157001019 CET | 49896 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:03.157273054 CET | 49896 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:03.157788992 CET | 49927 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:03.157809019 CET | 443 | 49927 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:04.976433039 CET | 443 | 49927 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:04.976550102 CET | 49927 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:05.007994890 CET | 49927 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:05.008009911 CET | 443 | 49927 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:05.008320093 CET | 443 | 49927 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:05.010341883 CET | 49927 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:05.051335096 CET | 443 | 49927 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:08.451246023 CET | 49927 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:08.451340914 CET | 443 | 49927 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:08.451514006 CET | 443 | 49927 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:08.451515913 CET | 49927 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:08.451709032 CET | 49927 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:08.455056906 CET | 49938 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:08.455094099 CET | 443 | 49938 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:08.459331036 CET | 49938 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:08.459331036 CET | 49938 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:08.459366083 CET | 443 | 49938 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:10.225756884 CET | 443 | 49938 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:10.225832939 CET | 49938 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:10.229691982 CET | 49938 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:10.229702950 CET | 443 | 49938 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:10.229954958 CET | 443 | 49938 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:10.231666088 CET | 49938 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:10.279340029 CET | 443 | 49938 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:20.406737089 CET | 49938 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:20.406740904 CET | 49965 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:20.406799078 CET | 443 | 49965 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:20.406860113 CET | 443 | 49938 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:20.407054901 CET | 49938 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:20.407057047 CET | 49965 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:20.407495022 CET | 49965 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:20.407507896 CET | 443 | 49965 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:22.291291952 CET | 443 | 49965 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:22.291374922 CET | 49965 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:22.293598890 CET | 49965 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:22.293612003 CET | 443 | 49965 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:22.293891907 CET | 443 | 49965 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:22.296061993 CET | 49965 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:22.343329906 CET | 443 | 49965 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:28.873914003 CET | 49965 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:28.874008894 CET | 443 | 49965 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:28.874177933 CET | 49965 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:28.881046057 CET | 49983 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:28.881082058 CET | 443 | 49983 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:28.885494947 CET | 49983 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:28.891679049 CET | 49983 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:28.891701937 CET | 443 | 49983 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:30.777369022 CET | 443 | 49983 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:30.777468920 CET | 49983 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:30.792263985 CET | 49983 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:30.792282104 CET | 443 | 49983 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:30.792732000 CET | 443 | 49983 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:30.799062014 CET | 49983 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:30.843327999 CET | 443 | 49983 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:48.326890945 CET | 49983 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:48.326994896 CET | 443 | 49983 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:48.327065945 CET | 49983 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:48.328536987 CET | 49985 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:48.328582048 CET | 443 | 49985 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:48.328644991 CET | 49985 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:48.329066038 CET | 49985 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:48.329078913 CET | 443 | 49985 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:50.149457932 CET | 443 | 49985 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:50.149533033 CET | 49985 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:50.151647091 CET | 49985 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:50.151654959 CET | 443 | 49985 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:50.151930094 CET | 443 | 49985 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:50.153382063 CET | 49985 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:50.199332952 CET | 443 | 49985 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:59.576637983 CET | 49985 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:59.576833963 CET | 443 | 49985 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:59.576894045 CET | 49985 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:59.578239918 CET | 49986 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:59.578293085 CET | 443 | 49986 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:10:59.578361988 CET | 49986 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:59.578769922 CET | 49986 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:10:59.578782082 CET | 443 | 49986 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:01.401518106 CET | 443 | 49986 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:01.401637077 CET | 49986 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:01.405129910 CET | 49986 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:01.405142069 CET | 443 | 49986 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:01.405391932 CET | 443 | 49986 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:01.409145117 CET | 49986 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:01.455327988 CET | 443 | 49986 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:15.123812914 CET | 49986 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:15.123930931 CET | 443 | 49986 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:15.124015093 CET | 49986 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:15.125233889 CET | 49987 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:15.125282049 CET | 443 | 49987 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:15.125433922 CET | 49987 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:15.125865936 CET | 49987 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:15.125881910 CET | 443 | 49987 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:15.328263998 CET | 49987 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:15.337131023 CET | 49988 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:15.337182999 CET | 443 | 49988 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:15.337362051 CET | 49988 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:15.337846041 CET | 49988 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:15.337865114 CET | 443 | 49988 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:15.375338078 CET | 443 | 49987 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:16.092145920 CET | 49988 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:16.093727112 CET | 49989 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:16.093770981 CET | 443 | 49989 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:16.093847036 CET | 49989 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:16.094177961 CET | 49989 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:16.094188929 CET | 443 | 49989 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:16.139334917 CET | 443 | 49988 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:16.946110964 CET | 443 | 49987 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:16.946208954 CET | 49987 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:16.946208954 CET | 49987 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:17.105771065 CET | 443 | 49988 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:17.105844021 CET | 49988 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:17.105866909 CET | 49988 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:17.863450050 CET | 443 | 49989 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:17.863528013 CET | 49989 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:17.896455050 CET | 49989 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:17.896472931 CET | 443 | 49989 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:17.896775007 CET | 443 | 49989 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:17.898576975 CET | 49989 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:17.943322897 CET | 443 | 49989 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:35.998723984 CET | 49989 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:35.998846054 CET | 443 | 49989 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:35.998924017 CET | 49989 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:36.000942945 CET | 49990 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:36.001025915 CET | 443 | 49990 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:36.001097918 CET | 49990 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:36.001976967 CET | 49990 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:36.002000093 CET | 443 | 49990 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:37.975857973 CET | 443 | 49990 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:37.975944996 CET | 49990 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:37.978506088 CET | 49990 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:37.978518009 CET | 443 | 49990 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:37.978760004 CET | 443 | 49990 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:37.980297089 CET | 49990 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:38.023332119 CET | 443 | 49990 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:53.123704910 CET | 49990 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:53.123820066 CET | 443 | 49990 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:53.123872995 CET | 49990 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:53.126821995 CET | 49991 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:53.126867056 CET | 443 | 49991 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:53.126928091 CET | 49991 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:53.127439022 CET | 49991 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:53.127449036 CET | 443 | 49991 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:53.170258045 CET | 49991 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:53.172163963 CET | 49992 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:53.172221899 CET | 443 | 49992 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:53.172281981 CET | 49992 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:53.172854900 CET | 49992 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:53.172872066 CET | 443 | 49992 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:53.215338945 CET | 443 | 49991 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:53.748929024 CET | 49992 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:53.751224041 CET | 49993 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:53.751302004 CET | 443 | 49993 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:53.751379013 CET | 49993 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:53.751765966 CET | 49993 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:53.751777887 CET | 443 | 49993 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:53.795336008 CET | 443 | 49992 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:54.948640108 CET | 443 | 49991 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:54.948751926 CET | 49991 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:54.948751926 CET | 49991 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:55.054188013 CET | 443 | 49992 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:55.054296017 CET | 49992 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:55.054296017 CET | 49992 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:55.571523905 CET | 443 | 49993 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:55.571595907 CET | 49993 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:55.574101925 CET | 49993 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:55.574116945 CET | 443 | 49993 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:55.574385881 CET | 443 | 49993 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:11:55.576091051 CET | 49993 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:11:55.623322010 CET | 443 | 49993 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:12:08.826769114 CET | 49993 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:12:08.826881886 CET | 443 | 49993 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:12:08.827080965 CET | 49993 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:12:08.828175068 CET | 49994 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:12:08.828224897 CET | 443 | 49994 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:12:08.828382015 CET | 49994 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:12:08.828789949 CET | 49994 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:12:08.828800917 CET | 443 | 49994 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:12:10.650810003 CET | 443 | 49994 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:12:10.650939941 CET | 49994 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:12:10.652816057 CET | 49994 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:12:10.652842045 CET | 443 | 49994 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:12:10.653161049 CET | 443 | 49994 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:12:10.654905081 CET | 49994 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:12:10.699340105 CET | 443 | 49994 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:12:13.530109882 CET | 49994 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:12:13.530225039 CET | 443 | 49994 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:12:13.530437946 CET | 443 | 49994 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:12:13.530471087 CET | 49994 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:12:13.530693054 CET | 49994 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:12:13.531796932 CET | 49995 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:12:13.531856060 CET | 443 | 49995 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:12:13.532289028 CET | 49995 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:12:13.532562971 CET | 49995 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:12:13.532577991 CET | 443 | 49995 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:12:15.357887983 CET | 443 | 49995 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:12:15.359235048 CET | 49995 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:12:15.384819031 CET | 49995 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:12:15.384851933 CET | 443 | 49995 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:12:15.385248899 CET | 443 | 49995 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:12:15.391361952 CET | 49995 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:12:15.435343981 CET | 443 | 49995 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:12:24.396898031 CET | 49995 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:12:24.397008896 CET | 443 | 49995 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:12:24.397058010 CET | 49995 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:12:24.398858070 CET | 49996 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:12:24.398893118 CET | 443 | 49996 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:12:24.398978949 CET | 49996 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:12:24.399684906 CET | 49996 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:12:24.399703979 CET | 443 | 49996 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:12:26.264415979 CET | 443 | 49996 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:12:26.264489889 CET | 49996 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:12:26.434020996 CET | 49996 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:12:26.438958883 CET | 49997 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:12:26.439024925 CET | 443 | 49997 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:12:26.439095974 CET | 49997 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:12:26.439376116 CET | 49997 | 443 | 192.168.2.7 | 5.253.86.15 |
Dec 3, 2024 15:12:26.439398050 CET | 443 | 49997 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:12:28.259754896 CET | 443 | 49997 | 5.253.86.15 | 192.168.2.7 |
Dec 3, 2024 15:12:28.259826899 CET | 49997 | 443 | 192.168.2.7 | 5.253.86.15 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 3, 2024 15:08:21.122968912 CET | 55272 | 53 | 192.168.2.7 | 1.1.1.1 |
Dec 3, 2024 15:08:21.444981098 CET | 53 | 55272 | 1.1.1.1 | 192.168.2.7 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Dec 3, 2024 15:08:21.122968912 CET | 192.168.2.7 | 1.1.1.1 | 0xb2d5 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Dec 3, 2024 15:08:21.444981098 CET | 1.1.1.1 | 192.168.2.7 | 0xb2d5 | No error (0) | 5.253.86.15 | A (IP address) | IN (0x0001) | false | ||
Dec 3, 2024 15:08:21.444981098 CET | 1.1.1.1 | 192.168.2.7 | 0xb2d5 | No error (0) | 194.15.112.248 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.7 | 49708 | 5.253.86.15 | 443 | 7480 | C:\Users\user\Desktop\Ref#1550238.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-03 14:08:23 UTC | 61 | OUT | |
2024-12-03 14:09:13 UTC | 316 | IN | |
2024-12-03 14:09:13 UTC | 3767 | IN | |
2024-12-03 14:09:13 UTC | 4096 | IN | |
2024-12-03 14:09:13 UTC | 4096 | IN | |
2024-12-03 14:09:13 UTC | 1081 | IN | |
2024-12-03 14:09:32 UTC | 4096 | IN | |
2024-12-03 14:09:32 UTC | 4096 | IN | |
2024-12-03 14:09:32 UTC | 4096 | IN | |
2024-12-03 14:09:33 UTC | 4096 | IN | |
2024-12-03 14:09:33 UTC | 4096 | IN | |
2024-12-03 14:09:33 UTC | 4096 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.7 | 49896 | 5.253.86.15 | 443 | 7480 | C:\Users\user\Desktop\Ref#1550238.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-03 14:09:52 UTC | 37 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.7 | 49927 | 5.253.86.15 | 443 | 7480 | C:\Users\user\Desktop\Ref#1550238.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-03 14:10:05 UTC | 37 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.7 | 49938 | 5.253.86.15 | 443 | 7480 | C:\Users\user\Desktop\Ref#1550238.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-03 14:10:10 UTC | 37 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.7 | 49965 | 5.253.86.15 | 443 | 7480 | C:\Users\user\Desktop\Ref#1550238.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-03 14:10:22 UTC | 37 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.7 | 49983 | 5.253.86.15 | 443 | 7480 | C:\Users\user\Desktop\Ref#1550238.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-03 14:10:30 UTC | 37 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.7 | 49985 | 5.253.86.15 | 443 | 7480 | C:\Users\user\Desktop\Ref#1550238.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-03 14:10:50 UTC | 37 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.7 | 49986 | 5.253.86.15 | 443 | 7480 | C:\Users\user\Desktop\Ref#1550238.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-03 14:11:01 UTC | 37 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.7 | 49989 | 5.253.86.15 | 443 | 7480 | C:\Users\user\Desktop\Ref#1550238.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-03 14:11:17 UTC | 37 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.7 | 49990 | 5.253.86.15 | 443 | 7480 | C:\Users\user\Desktop\Ref#1550238.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-03 14:11:37 UTC | 37 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.7 | 49993 | 5.253.86.15 | 443 | 7480 | C:\Users\user\Desktop\Ref#1550238.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-03 14:11:55 UTC | 37 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.7 | 49994 | 5.253.86.15 | 443 | 7480 | C:\Users\user\Desktop\Ref#1550238.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-03 14:12:10 UTC | 37 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
12 | 192.168.2.7 | 49995 | 5.253.86.15 | 443 | 7480 | C:\Users\user\Desktop\Ref#1550238.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-03 14:12:15 UTC | 37 | OUT |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 09:08:20 |
Start date: | 03/12/2024 |
Path: | C:\Users\user\Desktop\Ref#1550238.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe20000 |
File size: | 348'128 bytes |
MD5 hash: | A31BCF203BB60F13DE83211AC9D44D06 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 9.5% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 97 |
Total number of Limit Nodes: | 8 |
Graph
Function 056FAA83 Relevance: .2, Instructions: 222COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 056FAAF8 Relevance: .2, Instructions: 218COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 056FC550 Relevance: .2, Instructions: 187COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0164DA60 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0164B3B7 Relevance: 1.7, APIs: 1, Instructions: 202COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 056F1E05 Relevance: 1.6, APIs: 1, Instructions: 115COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 056F1E10 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 056F4560 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0164DCA8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0164B5B8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0132D3B4 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0138D01C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0132D3AF Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0138D017 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0132D76D Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0132D76C Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 056F0568 Relevance: .3, Instructions: 315COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0164DA1C Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 056F0558 Relevance: .2, Instructions: 223COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 056FC9B8 Relevance: .2, Instructions: 211COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 056FC9C8 Relevance: .2, Instructions: 209COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 056FAAE8 Relevance: .2, Instructions: 201COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|