Windows
Analysis Report
450230549.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- 450230549.exe (PID: 7068 cmdline:
"C:\Users\ user\Deskt op\4502305 49.exe" MD5: 5086980F3EE0C035EC304102E6981410) - RegAsm.exe (PID: 6444 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13) - RegAsm.exe (PID: 5324 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13) - RegAsm.exe (PID: 4136 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Agent Tesla, AgentTesla | A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel. |
{"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.zqamcx.com", "Username": "server1@zqamcx.com", "Password": "Anambraeast@"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 9 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID | Detects executables referencing Windows vault credential objects. Observed in infostealers | ditekSHen |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
Click to see the 20 entries |
Networking |
---|
Source: | Author: Joe Security: |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Windows user hook set: | Jump to behavior |
Source: | Window created: | Jump to behavior |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_00D311D8 | |
Source: | Code function: | 0_2_00D32B28 | |
Source: | Code function: | 0_2_00D32B19 | |
Source: | Code function: | 3_2_00EAB303 | |
Source: | Code function: | 3_2_00EA4BE8 | |
Source: | Code function: | 3_2_00EAEE48 | |
Source: | Code function: | 3_2_00EA3FD0 | |
Source: | Code function: | 3_2_00EA4318 | |
Source: | Code function: | 3_2_060F2168 | |
Source: | Code function: | 3_2_060F2163 | |
Source: | Code function: | 3_2_06175590 | |
Source: | Code function: | 3_2_061765F8 | |
Source: | Code function: | 3_2_0617B22A | |
Source: | Code function: | 3_2_06173050 | |
Source: | Code function: | 3_2_0617C180 | |
Source: | Code function: | 3_2_06177D80 | |
Source: | Code function: | 3_2_061776A0 | |
Source: | Code function: | 3_2_0617E398 | |
Source: | Code function: | 3_2_06170040 | |
Source: | Code function: | 3_2_06175CDF | |
Source: | Code function: | 3_2_0617001A |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | .Net Code: |
Source: | Static PE information: |
Source: | Code function: | 3_2_00EAB1FD | |
Source: | Code function: | 3_2_060F968C | |
Source: | Code function: | 3_2_060F7790 |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Icon embedded in binary file: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File source: |
Source: | HTTP traffic detected: |
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Binary or memory string: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Anti Debugging |
---|
Source: | Code function: | 3_2_00EA71D0 |
Source: | Process queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Source: | Memory allocated: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 231 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | 2 OS Credential Dumping | 1 File and Directory Discovery | Remote Services | 11 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 311 Process Injection | 1 Deobfuscate/Decode Files or Information | 21 Input Capture | 34 System Information Discovery | Remote Desktop Protocol | 2 Data from Local System | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Obfuscated Files or Information | 1 Credentials in Registry | 531 Security Software Discovery | SMB/Windows Admin Shares | 1 Email Collection | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Software Packing | NTDS | 1 Process Discovery | Distributed Component Object Model | 21 Input Capture | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Timestomp | LSA Secrets | 261 Virtualization/Sandbox Evasion | SSH | 1 Clipboard Data | 13 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | 1 System Network Configuration Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 11 Masquerading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 261 Virtualization/Sandbox Evasion | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 311 Process Injection | /etc/passwd and /etc/shadow | Network Sniffing | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
34% | ReversingLabs | Win32.Trojan.Sonbokli | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
zqamcx.com | 78.110.166.82 | true | true | unknown | |
cdn.discordapp.com | 162.159.134.233 | true | false | unknown | |
ip-api.com | 208.95.112.1 | true | true | unknown | |
198.187.3.20.in-addr.arpa | unknown | unknown | false | unknown | |
mail.zqamcx.com | unknown | unknown | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
208.95.112.1 | ip-api.com | United States | 53334 | TUT-ASUS | true | |
78.110.166.82 | zqamcx.com | United Kingdom | 42831 | UKSERVERS-ASUKDedicatedServersHostingandCo-Location | true | |
162.159.134.233 | cdn.discordapp.com | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1519251 |
Start date and time: | 2024-09-26 09:17:58 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 24s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Run name: | Run with higher sleep bypass |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 450230549.exe |
Detection: | MAL |
Classification: | mal100.spre.troj.spyw.evad.winEXE@7/1@4/3 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: 450230549.exe
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
208.95.112.1 | Get hash | malicious | Blackshades, Quasar | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | PXRECVOWEIWOEI Stealer, PureLog Stealer | Browse |
| ||
78.110.166.82 | Get hash | malicious | CobaltStrike | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
cdn.discordapp.com | Get hash | malicious | LummaC, Socks5Systemz | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Lokibot | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
ip-api.com | Get hash | malicious | Blackshades, Quasar | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
zqamcx.com | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
UKSERVERS-ASUKDedicatedServersHostingandCo-Location | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
TUT-ASUS | Get hash | malicious | Blackshades, Quasar | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | MassLogger RAT, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | MassLogger RAT, Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Users\user\Desktop\450230549.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 847 |
Entropy (8bit): | 5.345615485833535 |
Encrypted: | false |
SSDEEP: | 24:ML9E4KlKDE4KhKiKhPKIE4oKNzKoZAE4KzeR:MxHKlYHKh3oPtHo6hAHKzeR |
MD5: | EEEC189088CC5F1F69CEE62A3BE59EA2 |
SHA1: | 250F25CE24458FC0C581FDDF59FAA26D557844C5 |
SHA-256: | 5345D03A7E6C9436497BA4120DE1F941800F2522A21DE70CEA6DB1633D356E11 |
SHA-512: | 2E017FD29A505BCAC78C659DE10E0D869C42CE3B057840680B23961DBCB1F82B1CC7094C87CEEB8FA14826C4D8CFED88DC647422A4A3FA36C4AAFD6430DAEFE5 |
Malicious: | true |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 6.490515014251841 |
TrID: |
|
File name: | 450230549.exe |
File size: | 107'848 bytes |
MD5: | 5086980f3ee0c035ec304102e6981410 |
SHA1: | fca1625b36a002d77f69586f96744dfbcde1d472 |
SHA256: | bfcef30ac8c0270957b3126d0b9046ddd4bc67fdffea077dd0a127809aa233a6 |
SHA512: | baca4e5d7b1c7f4a7ddcf1ff2ba9876677a9ec43f5a4f6f985f55225b6d59ddb50bb7da1609a91b2ba389796e42407164111d9268dbc6a930f8b180da6d8e2c2 |
SSDEEP: | 1536:YPDs/XKdUDp1lRzloawwPI7zwHPG72uu630VDxl7Hxij7wPTxq:YP4b1lFLwM9PG720EVDxlQjcPU |
TLSH: | E5B34B166AC5D705D9E87EF860F7012217B2BDC61630C28B2DB8B7588E72393EDC566C |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....I.............................N.... ........@.. ....................................`................................ |
Icon Hash: | 8f82989919951d01 |
Entrypoint: | 0x40e74e |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0xA449B1F0 [Sat May 5 12:58:24 2057 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Signature Valid: | false |
Signature Issuer: | CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US |
Signature Validation Error: | The digital signature of the object did not verify |
Error Number: | -2146869232 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | E4E34304F4315A15A0BC0E413363721E |
Thumbprint SHA-1: | CA38CF219C8E9782A8CBBD76643D24E4F2D74B03 |
Thumbprint SHA-256: | AF74DC88EF91477F8A93E5DA98B3C80ECD6CB6A10271DC6DC768EC3F34239BC0 |
Serial: | 030E330A8ED28347BDA3BB478E410D7C |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xe700 | 0x4b | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x12000 | 0x83e8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x15400 | 0x5148 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x1c000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xe6bf | 0x1c | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0xc754 | 0xc800 | c094f9bd686d5b7b28df2388262d0f14 | False | 0.55212890625 | data | 6.171156178031321 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.sdata | 0x10000 | 0x1e8 | 0x200 | ba1a51c546597b8fdcb7d0154e4ab651 | False | 0.857421875 | data | 6.638446248926509 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x12000 | 0x83e8 | 0x8400 | 37bfb2adf08a7790d9ce6bdcc9f0ae0c | False | 0.2878196022727273 | data | 5.210626337188779 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x1c000 | 0xc | 0x200 | c70b7482b129e12d54df7f5701eccbd1 | False | 0.044921875 | data | 0.08153941234324169 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x121c0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | 0.5487588652482269 | ||
RT_ICON | 0x12628 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | 0.37922138836772984 | ||
RT_ICON | 0x136d0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | 0.28060165975103735 | ||
RT_ICON | 0x15c78 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | 0.25614076523382145 | ||
RT_GROUP_ICON | 0x19ea0 | 0x3e | data | 0.7903225806451613 | ||
RT_VERSION | 0x19ee0 | 0x31c | data | 0.42839195979899497 | ||
RT_MANIFEST | 0x1a1fc | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5489795918367347 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 26, 2024 09:18:53.063005924 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:53.063055038 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.063131094 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:53.097182989 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:53.097204924 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.605844975 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.605990887 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:53.610922098 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:53.610938072 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.611340046 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.659261942 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:53.693247080 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:53.739401102 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.828139067 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.828355074 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.828408003 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:53.828422070 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.828552961 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.828603983 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:53.828609943 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.828756094 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.828811884 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:53.828818083 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.828917027 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.828974009 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:53.828979015 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.832915068 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.832976103 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:53.832982063 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.877991915 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:53.878005028 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.919140100 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.919244051 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:53.919253111 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.919379950 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.919434071 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:53.919440031 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.919611931 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.919681072 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:53.919687033 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.919785976 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.919841051 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:53.919846058 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.919974089 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.920022964 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:53.920027971 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.920517921 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.920577049 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:53.920581102 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.920635939 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.920665026 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.920684099 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:53.920692921 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.920734882 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:53.920825005 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.920890093 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.920937061 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.920955896 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:53.920962095 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.921005964 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:53.921010017 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.921665907 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.921700954 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.921725988 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:53.921732903 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:53.921777964 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:53.988008976 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.034240961 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.034249067 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.081114054 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.352169037 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.352369070 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.352425098 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.352442980 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.352570057 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.352619886 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.352631092 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.352675915 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.352735043 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.352741003 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.352812052 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.352818966 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.352844954 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.352874041 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.352936029 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.352998972 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.353004932 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.353051901 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.353051901 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.353072882 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.353120089 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.353168011 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.353233099 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.353266954 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.353324890 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.353370905 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.353420973 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.353528023 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.353640079 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.353646040 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.353672028 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.353693008 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.353707075 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.353728056 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.353873968 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.353933096 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.353939056 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.353982925 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.353984118 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.354006052 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.354044914 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.354095936 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.354157925 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.354162931 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.354192019 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.354212046 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.354217052 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.354239941 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.354299068 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.354357958 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.354362965 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.354389906 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.354415894 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.354422092 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.354444027 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.357009888 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.357079029 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.357084036 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.357136965 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.357477903 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.357544899 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.357573032 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.357639074 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.357711077 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.357774973 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.358278036 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.358342886 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.358378887 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.358437061 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.358478069 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.358536005 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.361936092 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.362008095 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.362131119 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.362206936 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.362541914 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.362606049 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.362637997 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.362700939 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.362754107 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.362814903 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.363466978 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.363526106 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.363667965 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.363729000 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.363759995 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.363856077 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.364473104 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.364547014 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.364583015 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.364665985 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.364763975 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.364830017 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.365514994 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.365576982 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.365735054 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.365803957 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.365847111 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.365902901 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.365932941 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.365991116 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.366619110 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.366678953 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.366740942 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.366792917 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.366862059 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.366918087 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.368752003 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.368769884 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.368813992 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.368829966 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.368839025 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.368887901 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.369906902 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.369952917 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.369982958 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.369988918 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.370017052 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.370044947 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.371017933 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.371062040 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.371097088 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.371103048 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.371124029 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.371153116 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.372107029 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.372148037 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.372199059 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.372204065 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.372232914 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.372260094 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.372699976 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.372756004 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.372795105 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.372800112 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.372826099 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.372858047 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.373260975 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.373316050 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.373331070 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.373338938 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.373377085 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.373445988 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.373552084 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.373599052 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.373650074 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.373655081 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.373681068 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.373704910 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.373752117 CEST | 443 | 49731 | 162.159.134.233 | 192.168.2.4 |
Sep 26, 2024 09:18:54.373806953 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.375844955 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.377594948 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:54.387025118 CEST | 49731 | 443 | 192.168.2.4 | 162.159.134.233 |
Sep 26, 2024 09:18:55.443361044 CEST | 49732 | 80 | 192.168.2.4 | 208.95.112.1 |
Sep 26, 2024 09:18:55.448268890 CEST | 80 | 49732 | 208.95.112.1 | 192.168.2.4 |
Sep 26, 2024 09:18:55.448342085 CEST | 49732 | 80 | 192.168.2.4 | 208.95.112.1 |
Sep 26, 2024 09:18:55.448527098 CEST | 49732 | 80 | 192.168.2.4 | 208.95.112.1 |
Sep 26, 2024 09:18:55.453630924 CEST | 80 | 49732 | 208.95.112.1 | 192.168.2.4 |
Sep 26, 2024 09:18:56.173146963 CEST | 80 | 49732 | 208.95.112.1 | 192.168.2.4 |
Sep 26, 2024 09:18:56.173299074 CEST | 80 | 49732 | 208.95.112.1 | 192.168.2.4 |
Sep 26, 2024 09:18:56.173372030 CEST | 49732 | 80 | 192.168.2.4 | 208.95.112.1 |
Sep 26, 2024 09:18:56.789660931 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Sep 26, 2024 09:18:56.794625998 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:56.794737101 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Sep 26, 2024 09:18:57.440876961 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:57.441437960 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Sep 26, 2024 09:18:57.446379900 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:57.607733011 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:57.608017921 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Sep 26, 2024 09:18:57.613971949 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:58.035113096 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:58.036175013 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:58.036251068 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Sep 26, 2024 09:18:58.046757936 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Sep 26, 2024 09:18:58.055841923 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:58.222718000 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:58.222759008 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:58.222795010 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:58.222831011 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Sep 26, 2024 09:18:58.250165939 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Sep 26, 2024 09:18:58.257999897 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:58.419301033 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:58.433442116 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Sep 26, 2024 09:18:58.440336943 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:58.601455927 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:58.602745056 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Sep 26, 2024 09:18:58.607675076 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:58.768929958 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:58.769290924 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Sep 26, 2024 09:18:58.774132967 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:58.938026905 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:58.938465118 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Sep 26, 2024 09:18:58.943454981 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:59.117639065 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:59.118005991 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Sep 26, 2024 09:18:59.122925997 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:59.597043991 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:59.597101927 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:59.597266912 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Sep 26, 2024 09:18:59.597414970 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Sep 26, 2024 09:18:59.602271080 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:59.763427019 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:59.764264107 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Sep 26, 2024 09:18:59.764347076 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Sep 26, 2024 09:18:59.764390945 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Sep 26, 2024 09:18:59.764410973 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Sep 26, 2024 09:18:59.769165039 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:59.769227028 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:59.769368887 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:18:59.769403934 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:19:00.063638926 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:19:00.112437963 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Sep 26, 2024 09:19:46.860256910 CEST | 80 | 49732 | 208.95.112.1 | 192.168.2.4 |
Sep 26, 2024 09:19:46.860441923 CEST | 49732 | 80 | 192.168.2.4 | 208.95.112.1 |
Sep 26, 2024 09:20:36.160512924 CEST | 49732 | 80 | 192.168.2.4 | 208.95.112.1 |
Sep 26, 2024 09:20:36.165497065 CEST | 80 | 49732 | 208.95.112.1 | 192.168.2.4 |
Sep 26, 2024 09:20:36.737802982 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Sep 26, 2024 09:20:36.742779016 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:20:36.904401064 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 |
Sep 26, 2024 09:20:36.912650108 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 26, 2024 09:18:53.048355103 CEST | 49427 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 26, 2024 09:18:53.055481911 CEST | 53 | 49427 | 1.1.1.1 | 192.168.2.4 |
Sep 26, 2024 09:18:55.431085110 CEST | 59962 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 26, 2024 09:18:55.437942982 CEST | 53 | 59962 | 1.1.1.1 | 192.168.2.4 |
Sep 26, 2024 09:18:56.721034050 CEST | 58174 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 26, 2024 09:18:56.788402081 CEST | 53 | 58174 | 1.1.1.1 | 192.168.2.4 |
Sep 26, 2024 09:19:33.249334097 CEST | 53 | 50568 | 162.159.36.2 | 192.168.2.4 |
Sep 26, 2024 09:19:33.741158962 CEST | 58556 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 26, 2024 09:19:33.755312920 CEST | 53 | 58556 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 26, 2024 09:18:53.048355103 CEST | 192.168.2.4 | 1.1.1.1 | 0xcf27 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 09:18:55.431085110 CEST | 192.168.2.4 | 1.1.1.1 | 0xa1b2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 09:18:56.721034050 CEST | 192.168.2.4 | 1.1.1.1 | 0x9522 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 09:19:33.741158962 CEST | 192.168.2.4 | 1.1.1.1 | 0xd0bf | Standard query (0) | PTR (Pointer record) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 26, 2024 09:18:53.055481911 CEST | 1.1.1.1 | 192.168.2.4 | 0xcf27 | No error (0) | 162.159.134.233 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:18:53.055481911 CEST | 1.1.1.1 | 192.168.2.4 | 0xcf27 | No error (0) | 162.159.135.233 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:18:53.055481911 CEST | 1.1.1.1 | 192.168.2.4 | 0xcf27 | No error (0) | 162.159.129.233 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:18:53.055481911 CEST | 1.1.1.1 | 192.168.2.4 | 0xcf27 | No error (0) | 162.159.130.233 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:18:53.055481911 CEST | 1.1.1.1 | 192.168.2.4 | 0xcf27 | No error (0) | 162.159.133.233 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:18:55.437942982 CEST | 1.1.1.1 | 192.168.2.4 | 0xa1b2 | No error (0) | 208.95.112.1 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:18:56.788402081 CEST | 1.1.1.1 | 192.168.2.4 | 0x9522 | No error (0) | zqamcx.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 26, 2024 09:18:56.788402081 CEST | 1.1.1.1 | 192.168.2.4 | 0x9522 | No error (0) | 78.110.166.82 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:19:33.755312920 CEST | 1.1.1.1 | 192.168.2.4 | 0xd0bf | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49732 | 208.95.112.1 | 80 | 4136 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 26, 2024 09:18:55.448527098 CEST | 80 | OUT | |
Sep 26, 2024 09:18:56.173146963 CEST | 175 | IN | |
Sep 26, 2024 09:18:56.173299074 CEST | 175 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49731 | 162.159.134.233 | 443 | 7068 | C:\Users\user\Desktop\450230549.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 07:18:53 UTC | 227 | OUT | |
2024-09-26 07:18:53 UTC | 1167 | IN | |
2024-09-26 07:18:53 UTC | 521 | IN | |
2024-09-26 07:18:53 UTC | 1050 | IN | |
2024-09-26 07:18:53 UTC | 1369 | IN | |
2024-09-26 07:18:53 UTC | 581 | IN | |
2024-09-26 07:18:53 UTC | 1369 | IN | |
2024-09-26 07:18:53 UTC | 1369 | IN | |
2024-09-26 07:18:53 UTC | 1369 | IN | |
2024-09-26 07:18:53 UTC | 1369 | IN | |
2024-09-26 07:18:53 UTC | 1369 | IN | |
2024-09-26 07:18:53 UTC | 1369 | IN |
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Commands |
---|---|---|---|---|---|
Sep 26, 2024 09:18:57.440876961 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 | 220-cphost14.qhoster.net ESMTP Exim 4.96.2 #2 Thu, 26 Sep 2024 08:18:57 +0100 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. |
Sep 26, 2024 09:18:57.441437960 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 | EHLO 562258 |
Sep 26, 2024 09:18:57.607733011 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 | 250-cphost14.qhoster.net Hello 562258 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP |
Sep 26, 2024 09:18:57.608017921 CEST | 49733 | 587 | 192.168.2.4 | 78.110.166.82 | STARTTLS |
Sep 26, 2024 09:18:58.035113096 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 | 220 TLS go ahead |
Sep 26, 2024 09:18:58.036175013 CEST | 587 | 49733 | 78.110.166.82 | 192.168.2.4 | 220 TLS go ahead |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 03:18:52 |
Start date: | 26/09/2024 |
Path: | C:\Users\user\Desktop\450230549.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x3d0000 |
File size: | 107'848 bytes |
MD5 hash: | 5086980F3EE0C035EC304102E6981410 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 03:18:54 |
Start date: | 26/09/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x200000 |
File size: | 65'440 bytes |
MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 03:18:54 |
Start date: | 26/09/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xe0000 |
File size: | 65'440 bytes |
MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 03:18:54 |
Start date: | 26/09/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x530000 |
File size: | 65'440 bytes |
MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | false |
Execution Graph
Execution Coverage: | 31.8% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 19.6% |
Total number of Nodes: | 102 |
Total number of Limit Nodes: | 4 |
Graph
Function 00D32B28 Relevance: 1.9, Strings: 1, Instructions: 616COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00D311D8 Relevance: .3, Instructions: 287COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00D321CF Relevance: 3.3, APIs: 2, Instructions: 326processinjectionCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00D322E1 Relevance: 1.8, APIs: 1, Instructions: 292COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00D32210 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00D321F8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00D32240 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00D33B89 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00D33C51 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00D32228 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00D33D20 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00D32258 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00D33EB9 Relevance: 1.5, APIs: 1, Instructions: 47threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00CDD76D Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00CDD76C Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00D32B19 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 10.9% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 1.5% |
Total number of Nodes: | 194 |
Total number of Limit Nodes: | 22 |
Graph
Function 06173050 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06177D80 Relevance: 3.0, Strings: 2, Instructions: 476COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06175590 Relevance: 1.9, Strings: 1, Instructions: 601COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EA71D0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061765F8 Relevance: .8, Instructions: 820COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0617C180 Relevance: .6, Instructions: 643COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0617B22A Relevance: .6, Instructions: 577COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0617ACD0 Relevance: 10.4, Strings: 8, Instructions: 395COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0617B650 Relevance: 8.0, Strings: 6, Instructions: 473COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06179150 Relevance: 5.2, Strings: 4, Instructions: 230COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0617CF38 Relevance: 4.6, Strings: 3, Instructions: 803COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06174B58 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06179142 Relevance: 2.7, Strings: 2, Instructions: 163COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EAF2D0 Relevance: 1.6, APIs: 1, Instructions: 137COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F2B53 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F2B58 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F66E4 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EA71C8 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F6B98 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F6BA0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F6720 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FA160 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FA168 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EAF3B8 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F03F4 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F1AAB Relevance: 1.6, APIs: 1, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F8629 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F673C Relevance: 1.5, APIs: 1, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F8028 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F7D68 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06174B28 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0617DAAD Relevance: 1.4, Strings: 1, Instructions: 127COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061721F0 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0617FED0 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0617FEE0 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061782F6 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06174641 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06172368 Relevance: 1.0, Instructions: 1008COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061761F0 Relevance: .2, Instructions: 229COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06173E89 Relevance: .2, Instructions: 226COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061741A8 Relevance: .2, Instructions: 221COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061741C0 Relevance: .2, Instructions: 210COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0617EAF9 Relevance: .2, Instructions: 207COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0617FC70 Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0617EB08 Relevance: .2, Instructions: 201COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0617FA20 Relevance: .2, Instructions: 172COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0617FA30 Relevance: .2, Instructions: 163COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06175400 Relevance: .1, Instructions: 132COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061720A0 Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061720B0 Relevance: .1, Instructions: 91COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06173A91 Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06173AA0 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0D005 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0D030 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06173BB0 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06173DE7 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06173868 Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0617ED78 Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06173BA2 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06173870 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0617A300 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06173DF8 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0617C7C0 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0617ED88 Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0617A310 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0617C7D0 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06176479 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061776A0 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0617A938 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061770A0 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061783D8 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0617ACC0 Relevance: 5.2, Strings: 4, Instructions: 173COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061787F0 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|