Windows
Analysis Report
xXQ39a5f9EJP.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- xXQ39a5f9EJP.exe (PID: 6860 cmdline:
"C:\Users\ user\Deskt op\xXQ39a5 f9EJP.exe" MD5: B385264019D78C7225E7E088D5AD6042) - cmd.exe (PID: 3164 cmdline:
C:\Windows \system32\ cmd.exe /c ""C:\User s\user\App Data\Local \Temp\tmp6 79F.tmp.ba t"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 3396 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - timeout.exe (PID: 6032 cmdline:
timeout 3 MD5: 100065E21CFBBDE57CBA2838921F84D6)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
AsyncRAT | AsyncRAT is a Remote Access Tool (RAT) designed to remotely monitor and control other computers through a secure encrypted connection. It is an open source remote administration tool, however, it could also be used maliciously because it provides functionality such as keylogger, remote desktop control, and many other functions that may cause harm to the victims computer. In addition, AsyncRAT can be delivered via various methods such as spear-phishing, malvertising, exploit kit and other techniques. | No Attribution |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
DCRat | DCRat is a typical RAT that has been around since at least June 2019. | No Attribution |
{"Ports": ["7094"], "Server": ["liverpool777.duckdns.org"], "Mutex": "DcRatMutex_qwqdanchun", "Certificate": "MIICMDCCAZmgAwIBAgIVAMaBeR9P3Ul+SdXWCbf4dEVfPoRFMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMDIwNDE1MDcxN1oXDTMzMTExMzE1MDcxN1owEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKc8o3jPsEuo8oWGV/dKkjetOpEe003VLgZvyH72e4hhVOKpVhCoXfNzypj62QwbJzZNiJEjKbHcMIBTj6FXTcN0crxDt9y9Zkqcv5bHQt7qEhSGlQDWusiPiFi/ZUm5aABL1L3ZDlEq0EomTSE+zogqLxeR4JBAsV0AR4buL7SRAgMBAAGjMjAwMB0GA1UdDgQWBBQmwIernSRvdh/MqJJVki/p4G9lwDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAIQGk5vP6qdN4EaKNY/YrbRS91Tu9QPKlufTNOzSlJxuxr062vtdFPTQylkVTc+MeL3xUB8gBMAixsOc/vHhhjk6N+XsPz/AvA0eRze9Tje1kzVx/fH+uv1/dBFR0/I8hyBB6C1MxQ5E4tNT4z0yGxYsRw0P9j2sVHbmQKMh1R2n", "Server Signature": "SEbLPMahs9JeJC0j5v4/FMTverhEsUQlMFhAvhUdfeRa6auTTJ/otpfbZiZfWEuXgBArX1bR9yS1pN9NEsBwBkkPOvTRwmm8puXW45QjxRW2+dfh2iaylWKUfQAfbeVT73kMNtF5SZh2AwPOl40y8sslWQkiHCmlNWGjYoKVW+s="}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AsyncRAT | Yara detected AsyncRAT | Joe Security | ||
Windows_Trojan_DCRat_1aeea1ac | unknown | unknown |
| |
INDICATOR_SUSPICIOUS_EXE_B64_Artifacts | Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc. | ditekSHen |
| |
INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice | Detects executables attemping to enumerate video devices using WMI | ditekSHen |
| |
INDICATOR_SUSPICIOUS_EXE_DcRatBy | Detects executables containing the string DcRatBy | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_DCRat_1aeea1ac | unknown | unknown |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_DCRat_1aeea1ac | unknown | unknown |
| |
JoeSecurity_AsyncRAT | Yara detected AsyncRAT | Joe Security | ||
Windows_Trojan_DCRat_1aeea1ac | unknown | unknown |
| |
JoeSecurity_DcRat_2 | Yara detected DcRat | Joe Security | ||
Windows_Trojan_DCRat_1aeea1ac | unknown | unknown |
| |
Click to see the 11 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AsyncRAT | Yara detected AsyncRAT | Joe Security | ||
Windows_Trojan_DCRat_1aeea1ac | unknown | unknown |
| |
INDICATOR_SUSPICIOUS_EXE_B64_Artifacts | Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc. | ditekSHen |
| |
INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice | Detects executables attemping to enumerate video devices using WMI | ditekSHen |
| |
INDICATOR_SUSPICIOUS_EXE_DcRatBy | Detects executables containing the string DcRatBy | ditekSHen |
| |
Click to see the 4 entries |
Timestamp: | 04/19/24-00:20:55.692486 |
SID: | 2034847 |
Source Port: | 7094 |
Destination Port: | 49730 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-00:20:55.692486 |
SID: | 2848152 |
Source Port: | 7094 |
Destination Port: | 49730 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_00007FFD9B888346 | |
Source: | Code function: | 0_2_00007FFD9B8890F2 | |
Source: | Code function: | 0_2_00007FFD9B8830E2 | |
Source: | Code function: | 0_2_00007FFD9B88FFE0 | |
Source: | Code function: | 0_2_00007FFD9B88FF58 | |
Source: | Code function: | 0_2_00007FFD9B88DE0D | |
Source: | Code function: | 0_2_00007FFD9B88C56F | |
Source: | Code function: | 0_2_00007FFD9B89DD00 | |
Source: | Code function: | 0_2_00007FFD9B88FBFA | |
Source: | Code function: | 0_2_00007FFD9B88F460 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Task registration methods: | ||
Source: | Task registration methods: | ||
Source: | Task registration methods: | ||
Source: | Task registration methods: | ||
Source: | Task registration methods: | ||
Source: | Task registration methods: |
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: |
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Process created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 0_2_00007FFD9B895AD8 | |
Source: | Code function: | 0_2_00007FFD9B8959DB | |
Source: | Code function: | 0_2_00007FFD9B89816A | |
Source: | Code function: | 0_2_00007FFD9B8800C1 |
Boot Survival |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Key value created or modified: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Binary or memory string: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior |
Source: | File Volume queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Lowering of HIPS / PFW / Operating System Security Settings |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | 1 Windows Management Instrumentation | 1 Scripting | 12 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Query Registry | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 11 Scheduled Task/Job | 11 Scheduled Task/Job | 11 Scheduled Task/Job | 1 Modify Registry | LSASS Memory | 121 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 1 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 31 Virtualization/Sandbox Evasion | NTDS | 31 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | 11 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 12 Process Injection | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 111 Obfuscated Files or Information | Cached Domain Credentials | 13 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Software Packing | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1307404 | ||
100% | Joe Sandbox ML |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
liverpool777.duckdns.org | 179.13.0.175 | true | true | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
179.13.0.175 | liverpool777.duckdns.org | Colombia | 27831 | ColombiaMovilCO | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428454 |
Start date and time: | 2024-04-19 00:20:06 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 3s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | xXQ39a5f9EJP.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@7/5@1/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 72.21.81.240
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, wu.ec.azureedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- VT rate limit hit for: xXQ39a5f9EJP.exe
Time | Type | Description |
---|---|---|
00:20:55 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
179.13.0.175 | Get hash | malicious | Quasar | Browse | ||
Get hash | malicious | XWorm | Browse | |||
Get hash | malicious | XWorm | Browse | |||
Get hash | malicious | AsyncRAT | Browse | |||
Get hash | malicious | AsyncRAT | Browse | |||
Get hash | malicious | AsyncRAT | Browse | |||
Get hash | malicious | AsyncRAT | Browse | |||
Get hash | malicious | Njrat | Browse | |||
Get hash | malicious | Njrat | Browse | |||
Get hash | malicious | Njrat | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
liverpool777.duckdns.org | Get hash | malicious | Njrat | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ColombiaMovilCO | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Quasar | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Users\user\Desktop\xXQ39a5f9EJP.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 69993 |
Entropy (8bit): | 7.99584879649948 |
Encrypted: | true |
SSDEEP: | 1536:iMveRG6BWC7T2g1wGUa5QUoaIB9ttiFJG+AOQOXl0Usvwr:feRG6BX6gUaHo9tkBHiUewr |
MD5: | 29F65BA8E88C063813CC50A4EA544E93 |
SHA1: | 05A7040D5C127E68C25D81CC51271FFB8BEF3568 |
SHA-256: | 1ED81FA8DFB6999A9FEDC6E779138FFD99568992E22D300ACD181A6D2C8DE184 |
SHA-512: | E29B2E92C496245BED3372578074407E8EF8882906CE10C35B3C8DEEBFEFE01B5FD7F3030ACAA693E175F4B7ACA6CD7D8D10AE1C731B09C5FA19035E005DE3AA |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Users\user\Desktop\xXQ39a5f9EJP.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 330 |
Entropy (8bit): | 3.141494007698779 |
Encrypted: | false |
SSDEEP: | 6:kK9ZlDN+SkQlPlEGYRMY9z+4KlDA3RUeVlWI/Vt:zlMkPlE99SNxAhUeVLVt |
MD5: | F8434D5CFA720139E31894AB43807D4B |
SHA1: | 5902936B530151D272E09D013FB09C6A5105A3DC |
SHA-256: | C6087B5954A1233D0C21D33E32C87F58C4E244E3D0A428CA47F26178B64DD22C |
SHA-512: | 9B0BB6FE03056CA4D8F709CCEF69E1F0C8B04076F66799B72CA75EF90539E2B4FA77ED8F31A235B57A4378386F6B41A9F1A4AABE1510025167C90B8A577C2B25 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\xXQ39a5f9EJP.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1907 |
Entropy (8bit): | 5.375380268342155 |
Encrypted: | false |
SSDEEP: | 48:MxHKQwYHKGSI6oPtHTHhAHKKkl+vxp3/ell1qHGIs0HKJHNptLHqHj:iqbYqGSI6oPtzHeqKksZp/ellwmj0qJi |
MD5: | 4CEAC8E156C9A1D90AB03AF9133D7A38 |
SHA1: | 39ACAE4267BF940B8995DD12CC797DE497B4D73E |
SHA-256: | 7BB4ADB915FC1C1076B35CC3D69402A22EB89878D6269FAF5826FF06958ED0D6 |
SHA-512: | 597A202013C9E046449D71BF4C816E98BC7203EDBEB17F3D181400590C36E9E545B6FD7449635719EEF595B8730C066313912B1DA1A7F87AC818082B2C330A7B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\xXQ39a5f9EJP.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 153 |
Entropy (8bit): | 5.139737252440667 |
Encrypted: | false |
SSDEEP: | 3:mKDDCMNqTtv3Dt+WfHvhs9d9E5Dcq10d9DwU1hGDt+kiE2J5xAInTRI5iL1ZPy:hWKqTtLwQO9/iDc5DNewkn23fT1k |
MD5: | 2A715442718477F4ACE5FC6E7DB52688 |
SHA1: | E9BA28439F9294F1B0CEBF3BF6D23DBF57A55487 |
SHA-256: | 7A9920C759A7347D896D900ABBD0EF53CCAB6BE841DF6BE674AC233EEA9E2289 |
SHA-512: | AC1B08A077050295B15B2B20A1B8C620BCF81E447FEAE5485071B05C7BBC84CCD8910E108CA0B1D2EE8F73FE209B1B2090D1F30828A960B561C9043DDAEFE70C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\timeout.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 69 |
Entropy (8bit): | 4.643906340459884 |
Encrypted: | false |
SSDEEP: | 3:hYFqdLGAR+mQRKVxLZXt04hovn:hYFqGaNZK4Qn |
MD5: | A95BB132FBBAD82B9DC8D474497E4B61 |
SHA1: | EFF67571370682301B518C7DC6F6BF09BBA7C940 |
SHA-256: | 4CBE1DA45AB844939D9E506733ED61E0FF3641B779AC057FA35749E5C9CDA453 |
SHA-512: | A37FAECFFEB9ACC03861D96520FFE4BDBC91DDF12078CEEF35523A0EC9BFF43C25344C37251BBFEBCE8B3477512B5A75B360B48BA1DCFDD1B24C0172B23A62E1 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 5.615876081246294 |
TrID: |
|
File name: | xXQ39a5f9EJP.exe |
File size: | 48'640 bytes |
MD5: | b385264019d78c7225e7e088d5ad6042 |
SHA1: | 544ef98e04e0218af42302970199dd1f66182118 |
SHA256: | 4eb22bcde9c1f6978506647ab39e9e4245cb4bde3a359c0348e37ec3f9c12116 |
SHA512: | 2a7b118a8c7c9e38884d884891c9342fafa80ec65a6f54c1ac7daefd23c33aada89250e2fbaa3507e802440c9bcbc9288bf0fd8391dabd3587e140330d7e1587 |
SSDEEP: | 768:4q+s3pUtDILNCCa+DiptelDSN+iV08YbygeiOOW1tWtirvEgK/JvZVc6KN:4q+AGtQOptKDs4zb13OOW1tWErnkJvZI |
TLSH: | 96235D4037D88136F2BD4BB4ACF2E14586B5D2676903CA9D6CC814EA1F13BC59A136FE |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`................................. ........@.. ....................... ............@................................ |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x40cbbe |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x60930A0B [Wed May 5 21:11:39 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xcb64 | 0x57 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xe000 | 0xdf7 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x10000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0xabc4 | 0xac00 | 21c919d4bb2022b37b2a380177fe0763 | False | 0.5020439680232558 | data | 5.640623955928705 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0xe000 | 0xdf7 | 0xe00 | 2083376922615c09cdda9acfd9305376 | False | 0.4017857142857143 | data | 5.110607648061562 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x10000 | 0xc | 0x200 | 82148d01c3935cf90ef81a3dd1fad607 | False | 0.044921875 | data | 0.07763316234324169 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0xe0a0 | 0x2d4 | data | 0.4350828729281768 | ||
RT_MANIFEST | 0xe374 | 0xa83 | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.40245261984392416 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/19/24-00:20:55.692486 | TCP | 2034847 | ET TROJAN Observed Malicious SSL Cert (AsyncRAT) | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
04/19/24-00:20:55.692486 | TCP | 2848152 | ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT Variant) | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 00:20:55.283459902 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:20:55.457745075 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:20:55.457851887 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:20:55.490252018 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:20:55.692486048 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:20:55.698606968 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:20:55.878040075 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:20:55.932013988 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:20:56.664951086 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:20:56.889107943 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:20:56.889175892 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:20:57.112657070 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:21:08.278161049 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:08.508018970 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:21:08.508344889 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:08.693154097 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:21:08.744586945 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:08.916750908 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:21:08.963236094 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:10.207216978 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:10.433042049 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:21:10.433162928 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:10.663716078 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:21:19.901542902 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:20.123373985 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:21:20.123606920 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:20.337183952 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:21:20.337266922 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:20.703603029 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:21:20.703694105 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:20.706836939 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:20.918540955 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:21:20.918626070 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:21.141761065 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:21:31.526016951 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:31.742800951 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:21:31.742872000 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:31.926377058 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:21:31.978816986 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:32.162178993 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:21:32.164033890 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:32.387516975 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:21:32.387603045 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:32.632879972 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:21:43.151360035 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:43.393104076 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:21:43.393234015 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:43.572755098 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:21:43.619420052 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:43.801678896 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:21:43.803864956 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:44.022526026 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:21:44.022664070 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:44.237818003 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:21:50.448080063 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:21:50.494509935 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:50.842600107 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:21:50.885149956 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:54.776056051 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:55.010835886 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:21:55.010988951 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:55.191595078 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:21:55.244380951 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:55.420875072 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:21:55.422667980 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:55.647516012 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:21:55.647655964 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:21:55.877212048 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:06.569555044 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:06.797266006 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:06.797379017 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:06.982219934 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:07.025610924 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:07.211014986 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:07.213219881 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:07.453299046 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:07.453408957 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:07.686240911 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:18.182667971 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:18.413059950 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:18.413155079 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:18.593055964 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:18.635226965 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:18.822474003 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:18.824476957 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:19.046228886 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:19.046307087 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:19.268564939 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:20.324033976 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:20.369339943 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:20.857744932 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:20.857912064 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:20.877545118 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:20.877785921 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:21.171648026 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:21.171789885 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:29.807471991 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:30.032625914 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:30.032705069 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:30.213116884 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:30.260160923 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:30.428096056 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:30.432220936 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:30.663058996 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:30.663122892 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:30.892462969 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:36.863116026 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:36.916351080 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:37.098105907 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:37.100912094 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:37.336452007 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:37.336561918 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:37.576682091 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:37.607085943 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:37.607209921 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:37.607270002 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:37.786994934 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:37.787395954 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:37.787471056 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:37.962282896 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:37.962753057 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:37.962769985 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:37.962820053 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:37.963109016 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:37.963145018 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:38.144299984 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.144319057 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.144335985 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.144377947 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:38.144618034 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.144661903 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:38.144758940 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.144777060 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.144794941 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.144834042 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:38.145088911 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.145132065 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:38.321271896 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.322248936 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.322299004 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:38.323216915 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.323932886 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.323985100 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:38.326297045 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.326771975 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.326878071 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:38.327236891 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.327733994 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.327775955 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:38.496309996 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.496855021 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.497023106 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:38.497322083 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.497865915 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.497915983 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.497920036 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:38.501682997 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.501740932 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:38.502062082 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.502545118 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.502589941 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:38.502840996 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.556843042 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:38.676426888 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.676945925 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.676999092 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:38.681396961 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.681411028 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.681449890 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:38.681880951 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.682370901 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.682424068 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:38.690737009 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.742762089 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.742847919 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:38.856441021 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.857023954 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.857042074 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.857088089 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:38.857450962 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.857465982 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.857503891 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:38.857683897 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.857727051 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:38.926980972 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.927362919 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:38.927428961 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:39.039211988 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.039401054 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.039485931 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:39.039659023 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.039875984 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.039913893 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.039946079 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:39.040399075 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.040453911 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:39.101763964 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.102047920 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.102121115 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:39.228363991 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.228975058 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.229043007 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:39.229165077 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.229202032 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.229252100 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:39.230305910 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.236952066 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.237164974 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:39.280946016 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.280986071 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.281024933 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.281059027 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:39.322551966 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:39.414624929 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.415080070 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.415158033 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:39.415735006 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.416058064 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.416163921 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:39.425213099 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.425472975 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.425540924 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:39.459374905 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.468544960 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.468671083 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:39.504611969 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.556772947 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:39.605256081 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.605535030 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.605587006 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:39.606276035 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.614144087 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.614167929 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.614192009 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:39.614665031 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.614710093 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:39.647620916 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.648016930 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.648087978 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:39.736454964 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.791207075 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:39.792207956 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.793437958 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.793479919 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.793495893 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:39.793596983 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.793643951 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:39.794631004 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.794673920 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.794714928 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:39.805620909 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.827332973 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.827392101 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:39.831423044 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.884936094 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:39.971425056 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.971851110 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.971935034 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:39.972418070 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.972836018 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.972899914 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:39.973320007 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.973800898 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:39.973850012 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:39.974265099 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:40.012115955 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:40.012289047 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:40.012478113 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:40.056802034 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:40.072472095 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:40.081553936 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:40.081624985 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:40.157094002 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:40.157557964 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:40.157604933 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:40.158005953 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:40.158509970 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:40.158554077 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:40.159015894 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:40.167150021 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:40.167207003 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:40.197082043 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:40.197480917 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:40.197537899 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:40.236984015 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:40.257036924 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:40.257148981 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:40.257925987 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:40.306782961 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:40.341109037 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:40.341608047 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:40.341670036 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:40.342107058 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:40.342564106 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:40.342607021 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:40.351155043 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:40.351615906 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:40.351677895 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:40.950201035 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:40.951529026 CEST | 49739 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:41.133196115 CEST | 7094 | 49739 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:41.133320093 CEST | 49739 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:41.133678913 CEST | 49739 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:41.171084881 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:41.171330929 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:41.327919006 CEST | 7094 | 49739 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:41.328609943 CEST | 49739 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:41.406184912 CEST | 7094 | 49730 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:41.430273056 CEST | 49739 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:41.437047005 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:41.445925951 CEST | 49730 | 7094 | 192.168.2.4 | 179.13.0.175 |
Apr 19, 2024 00:22:41.563982010 CEST | 7094 | 49739 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:41.603636026 CEST | 7094 | 49739 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:41.623239994 CEST | 7094 | 49739 | 179.13.0.175 | 192.168.2.4 |
Apr 19, 2024 00:22:41.623290062 CEST | 49739 | 7094 | 192.168.2.4 | 179.13.0.175 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 00:20:55.139539003 CEST | 50290 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 19, 2024 00:20:55.278522015 CEST | 53 | 50290 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 19, 2024 00:20:55.139539003 CEST | 192.168.2.4 | 1.1.1.1 | 0xa8fa | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 19, 2024 00:20:55.278522015 CEST | 1.1.1.1 | 192.168.2.4 | 0xa8fa | No error (0) | 179.13.0.175 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 00:20:51 |
Start date: | 19/04/2024 |
Path: | C:\Users\user\Desktop\xXQ39a5f9EJP.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x470000 |
File size: | 48'640 bytes |
MD5 hash: | B385264019D78C7225E7E088D5AD6042 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 5 |
Start time: | 00:22:40 |
Start date: | 19/04/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7a4100000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 00:22:40 |
Start date: | 19/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 00:22:40 |
Start date: | 19/04/2024 |
Path: | C:\Windows\System32\timeout.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7291b0000 |
File size: | 32'768 bytes |
MD5 hash: | 100065E21CFBBDE57CBA2838921F84D6 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Execution Graph
Execution Coverage: | 21% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 6 |
Total number of Limit Nodes: | 0 |
Graph
Function 00007FFD9B88FFE0 Relevance: 3.5, Instructions: 3486COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9B88C56F Relevance: 1.7, Instructions: 1722COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9B88FF58 Relevance: .7, Instructions: 721COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9B888346 Relevance: .5, Instructions: 472COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9B8890F2 Relevance: .5, Instructions: 458COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |