Windows
Analysis Report
HeOkukP.dll
Overview
General Information
Detection
Score: | 88 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- loaddll32.exe (PID: 7704 cmdline:
loaddll32. exe "C:\Us ers\user\D esktop\HeO kukP.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618) - conhost.exe (PID: 7724 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 7784 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\HeO kukP.dll", #1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - rundll32.exe (PID: 7816 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\HeOk ukP.dll",# 1 MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7792 cmdline:
rundll32.e xe C:\User s\user\Des ktop\HeOku kP.dll,#1 MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 8024 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\HeOk ukP.dll",# 1 MD5: 889B99C52A60DD49227C5E485A016679)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Virustotal: | Perma Link |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Networking |
---|
Source: | Network Connect: | Jump to behavior |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 5_2_04C233B0 | |
Source: | Code function: | 7_2_04BD33B0 | |
Source: | Code function: | 9_2_056533B0 |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Code function: | 5_2_04C3650E | |
Source: | Code function: | 5_2_04C233A8 | |
Source: | Code function: | 7_2_04BD33A8 | |
Source: | Code function: | 7_2_04BE650E | |
Source: | Code function: | 9_2_0566650E | |
Source: | Code function: | 9_2_056533A8 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Evasive API call chain: | graph_5-1657 |
Source: | API coverage: | ||
Source: | API coverage: | ||
Source: | API coverage: |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_5-1658 | ||
Source: | API call chain: | graph_7-1645 | ||
Source: | API call chain: | graph_9-1546 |
Source: | Code function: | 5_2_04C2F0EF |
Source: | Code function: | 5_2_04C2F0EF |
Source: | Code function: | 5_2_04C211A4 | |
Source: | Code function: | 7_2_04BD11A4 | |
Source: | Code function: | 9_2_056511A4 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 5_2_04C2E1C6 | |
Source: | Code function: | 5_2_04C233B0 | |
Source: | Code function: | 5_2_04C22C29 | |
Source: | Code function: | 7_2_04BD33B0 | |
Source: | Code function: | 7_2_04BDE1C6 | |
Source: | Code function: | 7_2_04BD2C29 | |
Source: | Code function: | 9_2_05652C29 | |
Source: | Code function: | 9_2_0565E1C6 | |
Source: | Code function: | 9_2_056533B0 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 111 Process Injection | 1 Virtualization/Sandbox Evasion | OS Credential Dumping | 21 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 111 Process Injection | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Obfuscated Files or Information | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Rundll32 | NTDS | 11 System Information Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
41% | Virustotal | Browse | ||
32% | ReversingLabs | |||
100% | Avira | HEUR/AGEN.1300638 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
5% | Virustotal | Browse | ||
1% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
2% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
2% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
env-3936544.jcloud.kz | 185.22.66.16 | true | true |
| unknown |
www.rapidfilestorage.com | unknown | unknown | false |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
185.22.66.16 | env-3936544.jcloud.kz | Kazakhstan | 48716 | PSKZ | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1502264 |
Start date and time: | 2024-08-31 22:04:09 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 59s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Run name: | Run with higher sleep bypass |
Number of analysed new started processes analysed: | 18 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | HeOkukP.dll |
Detection: | MAL |
Classification: | mal88.evad.winDLL@10/0@1/1 |
EGA Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe, UsoClient.exe
- Excluded domains from analysis (whitelisted): login.live.com, slscr.update.microsoft.com, settings-win.data.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
185.22.66.16 | Get hash | malicious | LummaC, Djvu, Go Injector, LummaC Stealer, Neoreklami, Stealc, SystemBC | Browse |
| |
Get hash | malicious | Amadey, DarkTortilla, Djvu, LummaC Stealer, RedLine, Stealc, Vidar | Browse |
| ||
Get hash | malicious | DarkTortilla, Neoreklami | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Babadeda, LummaC Stealer, PureLog Stealer, RedLine, Stealc | Browse |
| ||
Get hash | malicious | LummaC, Mars Stealer, PureLog Stealer, RedLine, Stealc, Stealerium, Vidar | Browse |
| ||
Get hash | malicious | LummaC Stealer, Mars Stealer, PureLog Stealer, Socks5Systemz, Stealc, Stealerium, Vidar | Browse |
| ||
Get hash | malicious | LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, Xmrig | Browse |
| ||
Get hash | malicious | LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar | Browse |
| ||
Get hash | malicious | CryptOne, Djvu, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
env-3936544.jcloud.kz | Get hash | malicious | Neoreklami | Browse |
| |
Get hash | malicious | LummaC, Djvu, Go Injector, LummaC Stealer, Neoreklami, Stealc, SystemBC | Browse |
| ||
Get hash | malicious | Neoreklami | Browse |
| ||
Get hash | malicious | Amadey, DarkTortilla, Djvu, LummaC Stealer, RedLine, Stealc, Vidar | Browse |
| ||
Get hash | malicious | DarkTortilla, Neoreklami | Browse |
| ||
Get hash | malicious | Neoreklami | Browse |
| ||
Get hash | malicious | Neoreklami | Browse |
| ||
Get hash | malicious | Neoreklami | Browse |
| ||
Get hash | malicious | Neoreklami | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
PSKZ | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GRQ Scam | Browse |
| ||
Get hash | malicious | Wannacry | Browse |
| ||
Get hash | malicious | FormBook, GuLoader | Browse |
|
File type: | |
Entropy (8bit): | 7.803660030165451 |
TrID: |
|
File name: | HeOkukP.dll |
File size: | 6'726'144 bytes |
MD5: | 57c5d2950f3b91f96c81ae32e1b01a44 |
SHA1: | 53645e86895b877cfd5b8284dbcc8c0314337b8c |
SHA256: | d11a6b623af75e54374bea05172b2193f93e2a8aa479ed13a7b1d19dd3738245 |
SHA512: | 938257c4e5238f395229673428307b20f3662a69d20bc48d2f80dc2dfa7971dc72780d18549636ea292011646a15a5ed06ea00dafc1c928af48eb5a13ae66677 |
SSDEEP: | 98304:i/Nf5fRmhQ1orSk3GCK4J7vADNR6oXc0/8+x0bRtI4PPgbYhiLC9kEN6+/mu:mfiQ15M2aIDS0i+SRi4samC9bN9O |
TLSH: | FD661238A300E610EC69DB7F27E6089E15542EB325D861C3B65935153F787E0F6E2B2E |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i1b.._1.._1.._1.Z.1.._1.Z.1.._1.Z.1M._1R..1.._1..^19._1:..1.._1:..1.._1:..1.._1:..1.._1Rich.._1........................PE..L.. |
Icon Hash: | 7ae282899bbab082 |
Entrypoint: | 0x10060ca6 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x10000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL |
DLL Characteristics: | NX_COMPAT |
Time Stamp: | 0x616BE6B0 [Sun Oct 17 09:02:40 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | f97432a3249488bbad6577e538ae4c50 |
Instruction |
---|
push ebp |
mov ebp, esp |
cmp dword ptr [ebp+0Ch], 01h |
jne 00007FEFE457B817h |
call 00007FEFE4585B0Ah |
push dword ptr [ebp+10h] |
push dword ptr [ebp+0Ch] |
push dword ptr [ebp+08h] |
call 00007FEFE457B81Ch |
add esp, 0Ch |
pop ebp |
retn 000Ch |
push 0000000Ch |
push 10079B68h |
call 00007FEFE457F490h |
xor eax, eax |
inc eax |
mov esi, dword ptr [ebp+0Ch] |
test esi, esi |
jne 00007FEFE457B81Eh |
cmp dword ptr [10667CC0h], esi |
je 00007FEFE457B8FAh |
and dword ptr [ebp-04h], 00000000h |
cmp esi, 01h |
je 00007FEFE457B817h |
cmp esi, 02h |
jne 00007FEFE457B847h |
mov ecx, dword ptr [100026C8h] |
test ecx, ecx |
je 00007FEFE457B81Eh |
push dword ptr [ebp+10h] |
push esi |
push dword ptr [ebp+08h] |
call ecx |
mov dword ptr [ebp-1Ch], eax |
test eax, eax |
je 00007FEFE457B8C7h |
push dword ptr [ebp+10h] |
push esi |
push dword ptr [ebp+08h] |
call 00007FEFE457B626h |
mov dword ptr [ebp-1Ch], eax |
test eax, eax |
je 00007FEFE457B8B0h |
mov ebx, dword ptr [ebp+10h] |
push ebx |
push esi |
push dword ptr [ebp+08h] |
call 00007FEFE4585B1Fh |
mov edi, eax |
mov dword ptr [ebp-1Ch], edi |
cmp esi, 01h |
jne 00007FEFE457B83Ah |
test edi, edi |
jne 00007FEFE457B836h |
push ebx |
push eax |
push dword ptr [ebp+08h] |
call 00007FEFE4585B07h |
push ebx |
push edi |
push dword ptr [ebp+08h] |
call 00007FEFE457B5ECh |
mov eax, dword ptr [100026C8h] |
test eax, eax |
je 00007FEFE457B819h |
push ebx |
push edi |
push dword ptr [ebp+08h] |
call eax |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x7a140 | 0x38 | .text |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x66a2a0 | 0x78 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x66c000 | 0x30f8 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x7ca8 | 0x40 | .text |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x66a000 | 0x2a0 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x79178 | 0x79200 | 564be5cced7e69c5b175f41303bd5a21 | False | 0.48263149832301344 | data | 6.352246855438842 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x7b000 | 0x5eedcc | 0x5ec800 | da1bab48eefc3456574bcc7ece7a1a46 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0x66a000 | 0x10fc | 0x1200 | d0b05efd35b5c7e3ef96e48186266571 | False | 0.4457465277777778 | DOS executable (COM, 0x8C-variant) | 5.364677663489182 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x66c000 | 0x30f8 | 0x3200 | f21fdbf1777501eeadfa6759b96d303e | False | 0.72828125 | data | 6.543828454975629 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
DLL | Import |
---|---|
KERNEL32.dll | GetModuleHandleExW, ExitProcess, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, LCMapStringW, HeapSize, IsProcessorFeaturePresent, GetProcAddress, GetModuleHandleW, GetStartupInfoW, TlsFree, GetProcessHeap, IsDebuggerPresent, IsValidCodePage, GetOEMCP, GetStdHandle, GetFileType, GetModuleFileNameA, GetCurrentProcessId, GetEnvironmentStringsW, FreeEnvironmentStringsW, WriteFile, CloseHandle, FlushFileBuffers, GetConsoleCP, GetConsoleMode, ReadFile, SetFilePointerEx, LoadLibraryExW, OutputDebugStringW, SetStdHandle, WriteConsoleW, ReadConsoleW, LocalFree, GetEnvironmentVariableW, CreatePipe, CreateFileMappingA, ResetEvent, GetACP, GetProcessTimes, GetWindowsDirectoryA, GlobalLock, GetCurrentProcess, FreeLibrary, TlsGetValue, DeleteFileA, LoadLibraryA, FindClose, FindFirstFileA, RaiseException, CreateFileW, GetModuleFileNameW, InitializeCriticalSectionAndSpinCount, QueryPerformanceCounter, TlsSetValue, TlsAlloc, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, EncodePointer, DecodePointer, MultiByteToWideChar, GetStringTypeW, GetLastError, HeapReAlloc, GetSystemTimeAsFileTime, HeapFree, RtlUnwind, GetCommandLineA, GetCurrentThreadId, GetCPInfo, HeapAlloc, UnhandledExceptionFilter, SetUnhandledExceptionFilter, SetLastError, Sleep, TerminateProcess |
USER32.dll | CheckMenuItem, ToAsciiEx, SetCapture, IsZoomed, LoadStringA, DeleteMenu, GetParent, MessageBeep, DrawEdge, CreateIconIndirect, DrawFocusRect, ShowCursor, ReleaseDC, EnableMenuItem, ScrollWindow, RedrawWindow, CreatePopupMenu, CreateCaret, RemoveMenu, SetCaretPos, DrawFrameControl, TranslateMDISysAccel, SetWindowRgn, SendDlgItemMessageA, GetDC, GetQueueStatus, GetWindowTextA, GetScrollInfo, UnionRect, UnregisterClassA, SystemParametersInfoW, SetClassLongA, GetDesktopWindow, IsDlgButtonChecked, DrawMenuBar, GetSystemMetrics, ValidateRgn, DialogBoxParamA, GetCaretBlinkTime |
GDI32.dll | PolyPolygon, MaskBlt, SetPixel, CreateCompatibleDC, PlayEnhMetaFile, CombineRgn, RectInRegion, Rectangle, Ellipse, SaveDC, SetPolyFillMode, GetCurrentPositionEx, GetDIBColorTable, SetStretchBltMode, CreatePatternBrush, GetClipBox, SetTextAlign, CreateDIBitmap, GetPixel, SetWindowOrgEx, Arc, GetTextExtentPoint32A, SetWindowExtEx, SetTextColor, CreateHatchBrush, CreateFontA, GetDIBits, SetBkColor, ExcludeClipRect, CreateHalftonePalette, DeleteObject, SelectObject, GetCharABCWidthsFloatA, SetViewportExtEx, GetStockObject, CloseEnhMetaFile, RestoreDC, UpdateColors, GetTextExtentExPointA |
ADVAPI32.dll | AllocateAndInitializeSid, RegCloseKey, RegOpenKeyExA, CopySid |
ole32.dll | CoTaskMemFree |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 31, 2024 22:05:13.922177076 CEST | 49709 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:13.927761078 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:13.928428888 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:13.928504944 CEST | 49709 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:13.928718090 CEST | 49709 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:13.933892965 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:13.933954000 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:13.934108019 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:13.934844971 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:13.938873053 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.716859102 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.716875076 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.716881990 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.716887951 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.716892958 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.716900110 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.716912985 CEST | 49709 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.716943979 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.716949940 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.717020988 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.717027903 CEST | 49709 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.717027903 CEST | 49709 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.717060089 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.717081070 CEST | 49709 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.717109919 CEST | 49709 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.721767902 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.721775055 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.721839905 CEST | 49709 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.722002983 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.722012997 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.722065926 CEST | 49709 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.722111940 CEST | 49709 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.733997107 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.734071970 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.734078884 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.734086037 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.734141111 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.734142065 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.734148979 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.734158993 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.734173059 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.734179020 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.734184980 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.734191895 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.734205961 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.734216928 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.734240055 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.738936901 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.738945007 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.739011049 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.803761959 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.803838968 CEST | 49709 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.890192032 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.890198946 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.890218019 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.890223026 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.890315056 CEST | 49709 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.890360117 CEST | 49709 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.890403032 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.890408039 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.890450001 CEST | 49709 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.890620947 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.890628099 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.890635014 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.890693903 CEST | 49709 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.891000032 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.891005993 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.891012907 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.891060114 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.891066074 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.891077995 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.891088009 CEST | 49709 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.891138077 CEST | 49709 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.891860962 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.891866922 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.891879082 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.891943932 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.891949892 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.891954899 CEST | 49709 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.891962051 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.891993999 CEST | 49709 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.892848015 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.892854929 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.892860889 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.892904043 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.892929077 CEST | 49709 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.892956972 CEST | 49709 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.892982960 CEST | 49709 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.895185947 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.895193100 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.895205021 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.895253897 CEST | 49709 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.907538891 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.907542944 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.907597065 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.907625914 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.907654047 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.907659054 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.907675982 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.907687902 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.907692909 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.907706022 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.907716036 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.907752037 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.908560038 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.908571005 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.908581972 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.908626080 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.908641100 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.909018993 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.909024000 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.909034014 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.909071922 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.909071922 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.909077883 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.909145117 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.909780025 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.909786940 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.909797907 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.909821987 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.909830093 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.909837008 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.909877062 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.909914017 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.910604000 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.910621881 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.910684109 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.910720110 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.912456989 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.912512064 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:14.996143103 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.996149063 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.996160030 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.996165991 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:14.996287107 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:15.062805891 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:15.062813997 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:15.062828064 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:15.062840939 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:15.062870026 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:15.062875986 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:15.062887907 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:15.062894106 CEST | 80 | 49709 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:15.062937975 CEST | 49709 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:15.063030958 CEST | 49709 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:15.081279993 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:15.081288099 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:15.081294060 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:15.081341982 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:15.081348896 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:15.081355095 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:15.081367970 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:15.081379890 CEST | 80 | 49710 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:15.081425905 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:15.081715107 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:15.309556961 CEST | 49709 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:15.312577963 CEST | 49710 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:16.041946888 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:16.209732056 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:16.209826946 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:16.210118055 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:16.214895964 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.003241062 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.003253937 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.003264904 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.003359079 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.003359079 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.003782034 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.003803015 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.003859043 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.003859043 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.003895044 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.003935099 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.003938913 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.003979921 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.004110098 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.004163027 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.004173994 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.004182100 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.004223108 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.008757114 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.008768082 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.008780003 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.008791924 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.008820057 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.008876085 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.009192944 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.009248972 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.173553944 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.173573017 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.173584938 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.173645973 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.173645973 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.173686028 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.173723936 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.173734903 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.173739910 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.173784971 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.174433947 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.174488068 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.174520016 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.174530983 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.174545050 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.174556971 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.174571037 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.174583912 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.174618959 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.174964905 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.174974918 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.175040007 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.175077915 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.175088882 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.175103903 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.175123930 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.175134897 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.175136089 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.175164938 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.175190926 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.175791979 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.175837994 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.175947905 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.175960064 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.175971031 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.176011086 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.176018000 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.176018000 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.176023960 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.176037073 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.176063061 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.176063061 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.176085949 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.178473949 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.178489923 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.178527117 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.178577900 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:17.178591967 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:17.178654909 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:18.340380907 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:18.340403080 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:18.340425968 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:18.340435028 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:18.340454102 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:18.340457916 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:18.340473890 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:18.340501070 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:18.340502977 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:18.340512037 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:18.340523958 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:18.340533972 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:18.340558052 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:18.340558052 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:18.340560913 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:18.340590954 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:18.340626001 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:18.340857983 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:18.340909958 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:18.345391035 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:18.345402002 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:18.345458984 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:18.345458984 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:18.345482111 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:18.345491886 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:18.345510006 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:18.345520973 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:18.345530987 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:18.345530987 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:18.345550060 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:18.345571041 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:18.345607996 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:18.345668077 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:18.345696926 CEST | 80 | 49711 | 185.22.66.16 | 192.168.2.7 |
Aug 31, 2024 22:05:18.345752001 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Aug 31, 2024 22:05:18.512429953 CEST | 49711 | 80 | 192.168.2.7 | 185.22.66.16 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 31, 2024 22:05:13.814819098 CEST | 51650 | 53 | 192.168.2.7 | 1.1.1.1 |
Aug 31, 2024 22:05:13.916145086 CEST | 53 | 51650 | 1.1.1.1 | 192.168.2.7 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Aug 31, 2024 22:05:13.814819098 CEST | 192.168.2.7 | 1.1.1.1 | 0x8c37 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Aug 31, 2024 22:05:13.916145086 CEST | 1.1.1.1 | 192.168.2.7 | 0x8c37 | No error (0) | env-3936544.jcloud.kz | CNAME (Canonical name) | IN (0x0001) | false | ||
Aug 31, 2024 22:05:13.916145086 CEST | 1.1.1.1 | 192.168.2.7 | 0x8c37 | No error (0) | 185.22.66.16 | A (IP address) | IN (0x0001) | false | ||
Aug 31, 2024 22:05:13.916145086 CEST | 1.1.1.1 | 192.168.2.7 | 0x8c37 | No error (0) | 185.22.66.15 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.7 | 49709 | 185.22.66.16 | 80 | 7792 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Aug 31, 2024 22:05:13.928718090 CEST | 116 | OUT | |
Aug 31, 2024 22:05:14.716859102 CEST | 1236 | IN | |
Aug 31, 2024 22:05:14.716875076 CEST | 1236 | IN | |
Aug 31, 2024 22:05:14.716881990 CEST | 448 | IN | |
Aug 31, 2024 22:05:14.716887951 CEST | 1236 | IN | |
Aug 31, 2024 22:05:14.716892958 CEST | 1236 | IN | |
Aug 31, 2024 22:05:14.716900110 CEST | 448 | IN | |
Aug 31, 2024 22:05:14.716943979 CEST | 1236 | IN | |
Aug 31, 2024 22:05:14.716949940 CEST | 224 | IN | |
Aug 31, 2024 22:05:14.717020988 CEST | 1236 | IN | |
Aug 31, 2024 22:05:14.717060089 CEST | 1236 | IN | |
Aug 31, 2024 22:05:14.721767902 CEST | 1236 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.7 | 49710 | 185.22.66.16 | 80 | 7816 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Aug 31, 2024 22:05:13.934108019 CEST | 116 | OUT | |
Aug 31, 2024 22:05:14.733997107 CEST | 1236 | IN | |
Aug 31, 2024 22:05:14.734071970 CEST | 1236 | IN | |
Aug 31, 2024 22:05:14.734078884 CEST | 1236 | IN | |
Aug 31, 2024 22:05:14.734086037 CEST | 1236 | IN | |
Aug 31, 2024 22:05:14.734142065 CEST | 1236 | IN | |
Aug 31, 2024 22:05:14.734148979 CEST | 1236 | IN | |
Aug 31, 2024 22:05:14.734173059 CEST | 1236 | IN | |
Aug 31, 2024 22:05:14.734179020 CEST | 1236 | IN | |
Aug 31, 2024 22:05:14.734184980 CEST | 1236 | IN | |
Aug 31, 2024 22:05:14.734191895 CEST | 1236 | IN | |
Aug 31, 2024 22:05:14.738936901 CEST | 1236 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.7 | 49711 | 185.22.66.16 | 80 | 8024 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Aug 31, 2024 22:05:16.210118055 CEST | 116 | OUT | |
Aug 31, 2024 22:05:17.003241062 CEST | 1236 | IN | |
Aug 31, 2024 22:05:17.003253937 CEST | 1236 | IN | |
Aug 31, 2024 22:05:17.003264904 CEST | 448 | IN | |
Aug 31, 2024 22:05:17.003782034 CEST | 1236 | IN | |
Aug 31, 2024 22:05:17.003803015 CEST | 224 | IN | |
Aug 31, 2024 22:05:17.003895044 CEST | 1236 | IN | |
Aug 31, 2024 22:05:17.003935099 CEST | 224 | IN | |
Aug 31, 2024 22:05:17.004110098 CEST | 1236 | IN | |
Aug 31, 2024 22:05:17.004163027 CEST | 224 | IN | |
Aug 31, 2024 22:05:17.004173994 CEST | 1236 | IN | |
Aug 31, 2024 22:05:17.008757114 CEST | 1236 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 1 |
Start time: | 16:05:12 |
Start date: | 31/08/2024 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2c0000 |
File size: | 126'464 bytes |
MD5 hash: | 51E6071F9CBA48E79F10C84515AAE618 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 16:05:12 |
Start date: | 31/08/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff75da10000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 16:05:12 |
Start date: | 31/08/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x410000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 16:05:12 |
Start date: | 31/08/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x480000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 16:05:12 |
Start date: | 31/08/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x480000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 16:05:15 |
Start date: | 31/08/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x480000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 3.2% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 11.2% |
Total number of Nodes: | 578 |
Total number of Limit Nodes: | 5 |
Graph
Callgraph
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 0.6% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 570 |
Total number of Limit Nodes: | 2 |
Graph
Callgraph
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 1.3% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 624 |
Total number of Limit Nodes: | 4 |
Graph
Callgraph
Function 05648BC4 Relevance: 3.0, APIs: 2, Instructions: 21memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|