Windows
Analysis Report
j1zkOQTx4q.exe
Overview
General Information
Sample name: | j1zkOQTx4q.exerenamed because original name is a hash value |
Original sample name: | c49a9a589af8da0d09c69670b2579ab9.exe |
Analysis ID: | 1431969 |
MD5: | c49a9a589af8da0d09c69670b2579ab9 |
SHA1: | 51a936428711d9bd1307ffd3e75436a0e4568eb2 |
SHA256: | a411f79466c5b91feae82cddf2cff3cd20130cec9955bf5003f0ce1febd5143f |
Tags: | 32exe |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- j1zkOQTx4q.exe (PID: 6884 cmdline:
"C:\Users\ user\Deskt op\j1zkOQT x4q.exe" MD5: C49A9A589AF8DA0D09C69670B2579AB9)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RiseProStealer | Yara detected RisePro Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RiseProStealer | Yara detected RisePro Stealer | Joe Security | ||
JoeSecurity_RiseProStealer | Yara detected RisePro Stealer | Joe Security | ||
JoeSecurity_RiseProStealer | Yara detected RisePro Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RiseProStealer | Yara detected RisePro Stealer | Joe Security |
Timestamp: | 04/26/24-05:44:00.242345 |
SID: | 2046266 |
Source Port: | 50500 |
Destination Port: | 49732 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-05:44:55.687467 |
SID: | 2046268 |
Source Port: | 49732 |
Destination Port: | 50500 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-05:43:59.949956 |
SID: | 2049060 |
Source Port: | 49732 |
Destination Port: | 50500 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-05:45:36.095343 |
SID: | 2046269 |
Source Port: | 49732 |
Destination Port: | 50500 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-05:44:53.704210 |
SID: | 2046267 |
Source Port: | 50500 |
Destination Port: | 49732 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Boot Survival |
---|
Source: | Window searched: | Jump to behavior | ||
Source: | Window searched: | Jump to behavior | ||
Source: | Window searched: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | System information queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Registry key queried: | Jump to behavior | ||
Source: | Registry key queried: | Jump to behavior | ||
Source: | Registry key queried: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | System information queried: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Anti Debugging |
---|
Source: | Thread information set: | Jump to behavior |
Source: | Open window title or class name: | ||
Source: | Open window title or class name: | ||
Source: | Open window title or class name: | ||
Source: | Open window title or class name: | ||
Source: | Open window title or class name: | ||
Source: | Open window title or class name: | ||
Source: | Open window title or class name: | ||
Source: | Open window title or class name: |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Registry key value queried: | Jump to behavior | ||
Source: | Registry key value queried: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Masquerading | 1 OS Credential Dumping | 521 Security Software Discovery | Remote Services | 1 Email Collection | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 33 Virtualization/Sandbox Evasion | LSASS Memory | 33 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Data from Local System | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Software Packing | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 1 System Network Configuration Discovery | SSH | Keylogging | 13 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 1 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 24 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
48% | ReversingLabs | Win32.Trojan.Znyonm | ||
15% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
23% | Virustotal | Browse | ||
24% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
ipinfo.io | 34.117.186.192 | true | false | high | |
db-ip.com | 172.67.75.166 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
5.42.66.10 | unknown | Russian Federation | 39493 | RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU | false | |
34.117.186.192 | ipinfo.io | United States | 139070 | GOOGLE-AS-APGoogleAsiaPacificPteLtdSG | false | |
193.233.132.226 | unknown | Russian Federation | 2895 | FREE-NET-ASFREEnetEU | true | |
172.67.75.166 | db-ip.com | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431969 |
Start date and time: | 2024-04-26 05:43:06 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 26s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 5 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | j1zkOQTx4q.exerenamed because original name is a hash value |
Original Sample Name: | c49a9a589af8da0d09c69670b2579ab9.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@1/23@2/4 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtCreateFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
05:44:34 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
5.42.66.10 | Get hash | malicious | Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader | Browse |
| |
Get hash | malicious | GCleaner, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer | Browse |
| ||
Get hash | malicious | GCleaner, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
34.117.186.192 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Planet Stealer | Browse |
| ||
Get hash | malicious | Planet Stealer | Browse |
| ||
Get hash | malicious | Xmrig | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
193.233.132.226 | Get hash | malicious | RisePro Stealer | Browse | ||
Get hash | malicious | RisePro Stealer | Browse | |||
Get hash | malicious | LummaC, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader | Browse | |||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer | Browse | |||
Get hash | malicious | Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader | Browse | |||
Get hash | malicious | GCleaner, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer | Browse | |||
Get hash | malicious | GCleaner, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer | Browse | |||
Get hash | malicious | LummaC, PureLog Stealer, RisePro Stealer | Browse | |||
Get hash | malicious | RisePro Stealer | Browse | |||
Get hash | malicious | RisePro Stealer | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ipinfo.io | Get hash | malicious | RisePro Stealer | Browse |
| |
Get hash | malicious | PureLog Stealer, RisePro Stealer, zgRAT | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | NovaSentinel | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Phemedrone Stealer | Browse |
| ||
db-ip.com | Get hash | malicious | RisePro Stealer | Browse |
| |
Get hash | malicious | PureLog Stealer, RisePro Stealer, zgRAT | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
Get hash | malicious | LummaC, RisePro Stealer | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU | Get hash | malicious | RedLine | Browse |
| |
Get hash | malicious | PureLog Stealer, RisePro Stealer, zgRAT | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Glupteba, Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | Glupteba, Mars Stealer, PureLog Stealer, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | Glupteba, Mars Stealer, Phorpiex, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
FREE-NET-ASFREEnetEU | Get hash | malicious | RisePro Stealer | Browse |
| |
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
Get hash | malicious | Phorpiex | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | Glupteba, Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
GOOGLE-AS-APGoogleAsiaPacificPteLtdSG | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | PureLog Stealer, RisePro Stealer, zgRAT | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Latrodectus | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | PureLog Stealer, RisePro Stealer, zgRAT | Browse |
| ||
Get hash | malicious | DBatLoader | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | AsyncRAT | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
Process: | C:\Users\user\Desktop\j1zkOQTx4q.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6085 |
Entropy (8bit): | 6.038274200863744 |
Encrypted: | false |
SSDEEP: | 96:gxsumX/xKO2KbcRfbZJ5Jxjxcx1xcbza5BC126oxgxA26Fxr/CxbTxqCGYURxOeb:gWFXZQHRFJ5Pts7c3avC126Ygb6Lr/WY |
MD5: | ACB5AD34236C58F9F7D219FB628E3B58 |
SHA1: | 02E39404CA22F1368C46A7B8398F5F6001DB8F5C |
SHA-256: | 05E5013B848C2E619226F9E7A084DC7DCD1B3D68EE45108F552DB113D21B49D1 |
SHA-512: | 5895F39765BA3CEDFD47D57203FD7E716347CD79277EDDCDC83A729A86E2E59F03F0E7B6B0D0E7C7A383755001EDACC82171052BE801E015E6BF7E6B9595767F |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Temp\adobe25HiBSyPbReV\History\Firefox_fqs92o4p.default-release.txt
Download File
Process: | C:\Users\user\Desktop\j1zkOQTx4q.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 112 |
Entropy (8bit): | 4.911305722693245 |
Encrypted: | false |
SSDEEP: | 3:N8DSLvIJiMgTE2WdkQUl7R8DSLvIJiMhKVX3L2WdkQUlv:2OLciodq7R8OLciA8dqv |
MD5: | 978B9515D3688A43726604AC169DF379 |
SHA1: | D61293AB99332FC45CAE37D78AB17A5DA5BCD189 |
SHA-256: | CDEF3FB1CE312E4B67DC5F1B1F9FB551241C08564FDB26AFA4CBF448BB02EA65 |
SHA-512: | 86146AA576129B73743B1EBC0BC60880FDA58A11498048B3C68284C4520F1ADC324D016696B0E995A51AC56966E0F38B0AF12458A986868701C6AAAA89C829CB |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\j1zkOQTx4q.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5180 |
Entropy (8bit): | 5.394901547020423 |
Encrypted: | false |
SSDEEP: | 96:xz11U5RnecT4Aisph892bXr/sgcANUbg3x:xJ6BevAtphw2bXrTlB |
MD5: | EEC1A77719D436F66D0998A3260B4C67 |
SHA1: | 24E2C3E4B1F620A0A7B7B8658E5173BDA0B745B0 |
SHA-256: | 29297826AD054DDF694688A72FC9F82D229ACCD0F2B50286AA7739C85DB767EC |
SHA-512: | 2882C229FE058F13F7AE223F95AD625DE6B876DD1A56F57117BDE9A60A3605ABCA19C09F014C0E1138B6D2ECEB648E2193A52EB47D3CA40D6E41FB95AD31F48D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\j1zkOQTx4q.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4897 |
Entropy (8bit): | 2.518316437186352 |
Encrypted: | false |
SSDEEP: | 48:4MMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMM3:q |
MD5: | B3E9D0E1B8207AA74CB8812BAAF52EAE |
SHA1: | A2DCE0FB6B0BBC955A1E72EF3D87CADCC6E3CC6B |
SHA-256: | 4993311FC913771ACB526BB5EF73682EDA69CD31AC14D25502E7BDA578FFA37C |
SHA-512: | B17ADF4AA80CADC581A09C72800DA22F62E5FB32953123F2C513D2E88753C430CC996E82AAE7190C8CB3340FCF2D9E0D759D99D909D2461369275FBE5C68C27A |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\j1zkOQTx4q.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 696835 |
Entropy (8bit): | 7.924625803057396 |
Encrypted: | false |
SSDEEP: | 12288:dU+YN/zsDAL0YlKCsI4jx/NmR/xfJBQERNF4EYS/zLAGFQ/4n/KzoIu7fKszcOI:dG5z6AL0cP3WlU/xBBx9tB4HyCEIU5HI |
MD5: | CC52C219B468F648780DC981933A8A8E |
SHA1: | 40995F3A9B2D69DC84DC59DD64E31E468420BAAC |
SHA-256: | 3754D5183ED1BF2D677D8C2AF790E15DAF8536C4C07B98EEE4B562B197E82CB5 |
SHA-512: | CDF43590290A47783CB48881AC79AA70C1DE06953C270E1C12CF1C096907DD70A20DA867270D4D35F7E5A3B14792EE05D04F1B39818F220C51FA5E7A2B27E6E6 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\j1zkOQTx4q.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 98304 |
Entropy (8bit): | 0.08235737944063153 |
Encrypted: | false |
SSDEEP: | 12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO |
MD5: | 369B6DD66F1CAD49D0952C40FEB9AD41 |
SHA1: | D05B2DE29433FB113EC4C558FF33087ED7481DD4 |
SHA-256: | 14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D |
SHA-512: | 771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\j1zkOQTx4q.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5242880 |
Entropy (8bit): | 0.037963276276857943 |
Encrypted: | false |
SSDEEP: | 192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ |
MD5: | C0FDF21AE11A6D1FA1201D502614B622 |
SHA1: | 11724034A1CC915B061316A96E79E9DA6A00ADE8 |
SHA-256: | FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC |
SHA-512: | A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\j1zkOQTx4q.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 159744 |
Entropy (8bit): | 0.7873599747470391 |
Encrypted: | false |
SSDEEP: | 96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v |
MD5: | 6A6BAD38068B0F6F2CADC6464C4FE8F0 |
SHA1: | 4E3B235898D8E900548613DDB6EA59CDA5EB4E68 |
SHA-256: | 0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982 |
SHA-512: | BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\j1zkOQTx4q.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 106496 |
Entropy (8bit): | 1.1358696453229276 |
Encrypted: | false |
SSDEEP: | 192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544 |
MD5: | 28591AA4E12D1C4FC761BE7C0A468622 |
SHA1: | BC4968A84C19377D05A8BB3F208FBFAC49F4820B |
SHA-256: | 51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9 |
SHA-512: | 5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\j1zkOQTx4q.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 114688 |
Entropy (8bit): | 0.9746603542602881 |
Encrypted: | false |
SSDEEP: | 192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn |
MD5: | 780853CDDEAEE8DE70F28A4B255A600B |
SHA1: | AD7A5DA33F7AD12946153C497E990720B09005ED |
SHA-256: | 1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3 |
SHA-512: | E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\j1zkOQTx4q.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 40960 |
Entropy (8bit): | 0.8553638852307782 |
Encrypted: | false |
SSDEEP: | 48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil |
MD5: | 28222628A3465C5F0D4B28F70F97F482 |
SHA1: | 1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14 |
SHA-256: | 93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4 |
SHA-512: | C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\j1zkOQTx4q.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 106496 |
Entropy (8bit): | 1.1358696453229276 |
Encrypted: | false |
SSDEEP: | 192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544 |
MD5: | 28591AA4E12D1C4FC761BE7C0A468622 |
SHA1: | BC4968A84C19377D05A8BB3F208FBFAC49F4820B |
SHA-256: | 51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9 |
SHA-512: | 5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\j1zkOQTx4q.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 114688 |
Entropy (8bit): | 0.9746603542602881 |
Encrypted: | false |
SSDEEP: | 192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn |
MD5: | 780853CDDEAEE8DE70F28A4B255A600B |
SHA1: | AD7A5DA33F7AD12946153C497E990720B09005ED |
SHA-256: | 1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3 |
SHA-512: | E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\j1zkOQTx4q.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5242880 |
Entropy (8bit): | 0.037963276276857943 |
Encrypted: | false |
SSDEEP: | 192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ |
MD5: | C0FDF21AE11A6D1FA1201D502614B622 |
SHA1: | 11724034A1CC915B061316A96E79E9DA6A00ADE8 |
SHA-256: | FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC |
SHA-512: | A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\j1zkOQTx4q.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 159744 |
Entropy (8bit): | 0.7873599747470391 |
Encrypted: | false |
SSDEEP: | 96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v |
MD5: | 6A6BAD38068B0F6F2CADC6464C4FE8F0 |
SHA1: | 4E3B235898D8E900548613DDB6EA59CDA5EB4E68 |
SHA-256: | 0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982 |
SHA-512: | BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\j1zkOQTx4q.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 49152 |
Entropy (8bit): | 0.8180424350137764 |
Encrypted: | false |
SSDEEP: | 96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG |
MD5: | 349E6EB110E34A08924D92F6B334801D |
SHA1: | BDFB289DAFF51890CC71697B6322AA4B35EC9169 |
SHA-256: | C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A |
SHA-512: | 2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\j1zkOQTx4q.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 114688 |
Entropy (8bit): | 0.9746603542602881 |
Encrypted: | false |
SSDEEP: | 192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn |
MD5: | 780853CDDEAEE8DE70F28A4B255A600B |
SHA1: | AD7A5DA33F7AD12946153C497E990720B09005ED |
SHA-256: | 1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3 |
SHA-512: | E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\j1zkOQTx4q.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 126976 |
Entropy (8bit): | 0.47147045728725767 |
Encrypted: | false |
SSDEEP: | 96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u |
MD5: | A2D1F4CF66465F9F0CAC61C4A95C7EDE |
SHA1: | BA6A845E247B221AAEC96C4213E1FD3744B10A27 |
SHA-256: | B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE |
SHA-512: | C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\j1zkOQTx4q.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 106496 |
Entropy (8bit): | 1.1358696453229276 |
Encrypted: | false |
SSDEEP: | 192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544 |
MD5: | 28591AA4E12D1C4FC761BE7C0A468622 |
SHA1: | BC4968A84C19377D05A8BB3F208FBFAC49F4820B |
SHA-256: | 51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9 |
SHA-512: | 5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\j1zkOQTx4q.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 126976 |
Entropy (8bit): | 0.47147045728725767 |
Encrypted: | false |
SSDEEP: | 96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u |
MD5: | A2D1F4CF66465F9F0CAC61C4A95C7EDE |
SHA1: | BA6A845E247B221AAEC96C4213E1FD3744B10A27 |
SHA-256: | B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE |
SHA-512: | C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\j1zkOQTx4q.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 40960 |
Entropy (8bit): | 0.8553638852307782 |
Encrypted: | false |
SSDEEP: | 48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil |
MD5: | 28222628A3465C5F0D4B28F70F97F482 |
SHA1: | 1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14 |
SHA-256: | 93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4 |
SHA-512: | C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\j1zkOQTx4q.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 28672 |
Entropy (8bit): | 2.5793180405395284 |
Encrypted: | false |
SSDEEP: | 96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz |
MD5: | 41EA9A4112F057AE6BA17E2838AEAC26 |
SHA1: | F2B389103BFD1A1A050C4857A995B09FEAFE8903 |
SHA-256: | CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB |
SHA-512: | 29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\j1zkOQTx4q.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 684325 |
Entropy (8bit): | 7.99770869334907 |
Encrypted: | true |
SSDEEP: | 12288:DlyDmq4PXDpxyFGSiFwPNWDu4xRwsz7CZAEpRDjleKmH:D2mq4v1xgGdF8W64wAET9eKmH |
MD5: | B0D99B74DFEEF52E9DE4B9AC150B7AF0 |
SHA1: | C49B35D4A0443ADC597F98A70D4F78346FEC3570 |
SHA-256: | 3FDEB61743844FB1438050E72C627DE1D96D03707EE4286F782E331477D25CB7 |
SHA-512: | E0E2B63FAB070E8D96F6D34F7829C587B558B3E04EC323D253CEC3BACC5494D67CF10E58A0F64046964E17D3677D464B7FCD9C87DD00C48A3E6A9261DC5E0D47 |
Malicious: | true |
Yara Hits: |
|
Preview: |
File type: | |
Entropy (8bit): | 7.997403294188346 |
TrID: |
|
File name: | j1zkOQTx4q.exe |
File size: | 8'976'008 bytes |
MD5: | c49a9a589af8da0d09c69670b2579ab9 |
SHA1: | 51a936428711d9bd1307ffd3e75436a0e4568eb2 |
SHA256: | a411f79466c5b91feae82cddf2cff3cd20130cec9955bf5003f0ce1febd5143f |
SHA512: | 4dcd6ca8c62466f18564e2b5b068238769603df2624b9b39d0f11aa7ff643bd09a51a2a16252c31b1b4ad8d0577ab8d8d9d91e93fdfa886121c37801788bd78c |
SSDEEP: | 196608:aOVNWi1IoE6S5MBjgluihHc4+oueCxQ/sfA84JmQGOVDm2:aOVwim8S5MykihHcYueCxQIA84JfLDm2 |
TLSH: | 2A9633CF2143B631C627D1F65721C64D3A348912BC9436F9300CED69BFAAE76A5E22C5 |
File Content Preview: | MZ@.....................................!..L.!Win32 .EXE...$@...PE..L......f...............'.4...<........#......P....@...........................%.......................................#.L...L.#.H.....#.P................R................................. |
Icon Hash: | 33eba39b1b08c0a4 |
Entrypoint: | 0x163b394 |
Entrypoint Section: | .MPRESS2 |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x660FE6E7 [Fri Apr 5 11:56:23 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 2f93cd80e5dfeca07d7e8b0f35545fb5 |
Signature Valid: | false |
Signature Issuer: | C=WORLD, S=WORLD, L=\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf\xf4\xe8~\u2039\xf1\xa9\u2039M\xfc\u2039\xaf, OU=SIMENS FINLAND, O=Creted by FINLAND, CN=SIMENS FINLAND |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 09ABD8180FD9B67AA58F4AF9DE81098C |
Thumbprint SHA-1: | F76BD199CE1299A807F0FE9988862B4A9CD66F36 |
Thumbprint SHA-256: | 38481C37EE46CCBDC1A689FF78DD71BCA0A504E9511F7281F257A0060EB488AA |
Serial: | 46DBEB2987ECF44A9608BDA808CCF164 |
Instruction |
---|
pushad |
call 00007FB620C2D8A5h |
pop eax |
add eax, 00000B5Ah |
mov esi, dword ptr [eax] |
add esi, eax |
sub eax, eax |
mov edi, esi |
lodsw |
shl eax, 0Ch |
mov ecx, eax |
push eax |
lodsd |
sub ecx, eax |
add esi, ecx |
mov ecx, eax |
push edi |
push ecx |
dec ecx |
mov al, byte ptr [ecx+edi+06h] |
mov byte ptr [ecx+esi], al |
jne 00007FB620C2D898h |
sub eax, eax |
lodsb |
mov ecx, eax |
and cl, FFFFFFF0h |
and al, 0Fh |
shl ecx, 0Ch |
mov ch, al |
lodsb |
or ecx, eax |
push ecx |
add cl, ch |
mov ebp, FFFFFD00h |
shl ebp, cl |
pop ecx |
pop eax |
mov ebx, esp |
lea esp, dword ptr [esp+ebp*2-00000E70h] |
push ecx |
sub ecx, ecx |
push ecx |
push ecx |
mov ecx, esp |
push ecx |
mov dx, word ptr [edi] |
shl edx, 0Ch |
push edx |
push edi |
add ecx, 04h |
push ecx |
push eax |
add ecx, 04h |
push esi |
push ecx |
call 00007FB620C2D903h |
mov esp, ebx |
pop esi |
pop edx |
sub eax, eax |
mov dword ptr [edx+esi], eax |
mov ah, 10h |
sub edx, eax |
sub ecx, ecx |
cmp ecx, edx |
jnc 00007FB620C2D8C8h |
mov ebx, ecx |
lodsb |
inc ecx |
and al, FEh |
cmp al, E8h |
jne 00007FB620C2D894h |
inc ebx |
add ecx, 04h |
lodsd |
or eax, eax |
js 00007FB620C2D8A8h |
cmp eax, edx |
jnc 00007FB620C2D887h |
jmp 00007FB620C2D8A8h |
add eax, ebx |
js 00007FB620C2D881h |
add eax, edx |
sub eax, ebx |
mov dword ptr [esi-04h], eax |
jmp 00007FB620C2D878h |
call 00007FB620C2D8A5h |
pop edi |
add edi, FFFFFF4Dh |
mov al, E9h |
stosb |
mov eax, 00000B56h |
stosd |
call 00007FB620C2D8A5h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x123b000 | 0x4c | .MPRESS2 |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x123b04c | 0x348 | .MPRESS2 |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x123c000 | 0x1f650 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x88a400 | 0x5288 | .MPRESS1 |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x123bf00 | 0x18 | .MPRESS2 |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x123b178 | 0x68 | .MPRESS2 |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0xd2b498 | 0x40 | .MPRESS1 |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.MPRESS1 | 0x1000 | 0x123a000 | 0x869a00 | 6956b435ab7567e7706f315e89ade418 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.MPRESS2 | 0x123b000 | 0xf20 | 0x1000 | 006d332fbd96b950972f24e93d6c10c7 | False | 0.548828125 | data | 5.884664902513636 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x123c000 | 0x1f650 | 0x1f800 | 278191c907be4d7f97038651482a0e67 | False | 0.5691034226190477 | data | 6.2840827187276025 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x123c0b0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024 | English | United States | 0.6923758865248227 |
RT_ICON | 0x123c540 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | English | United States | 0.5171200750469043 |
RT_ICON | 0x123d610 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536 | English | United States | 0.30708032651129774 |
RT_ICON | 0x124de60 | 0xb7e2 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 1.0004461061307728 |
RT_ICON | 0x125966c | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | English | United States | 0.46621621621621623 |
RT_ICON | 0x12597bc | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | English | United States | 0.1351156069364162 |
RT_ICON | 0x1259d4c | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.20833333333333334 |
RT_ICON | 0x125a1dc | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States | 0.14169675090252706 |
RT_RCDATA | 0x112f650 | 0x1b350 | empty | English | United States | 0 |
RT_RCDATA | 0x114a9a0 | 0x2758 | empty | English | United States | 0 |
RT_RCDATA | 0x114d0f8 | 0x80a | empty | English | United States | 0 |
RT_RCDATA | 0x114d904 | 0x72598 | empty | English | United States | 0 |
RT_RCDATA | 0x11bfe9c | 0x27d2 | empty | English | United States | 0 |
RT_RCDATA | 0x11c2670 | 0x80a | empty | English | United States | 0 |
RT_RCDATA | 0x11c2e7c | 0x77798 | empty | English | United States | 0 |
RT_GROUP_ICON | 0x125ad28 | 0x3e | data | English | United States | 0.8064516129032258 |
RT_GROUP_ICON | 0x125ad90 | 0x3e | data | English | United States | 0.8387096774193549 |
RT_VERSION | 0x125ae10 | 0xdc | data | English | United States | 0.6545454545454545 |
RT_MANIFEST | 0x125af2c | 0x723 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.3973727422003284 |
DLL | Import |
---|---|
KERNEL32.DLL | GetModuleHandleA, GetProcAddress |
USER32.dll | wsprintfA |
GDI32.dll | CreateCompatibleBitmap |
ADVAPI32.dll | RegQueryValueExA |
SHELL32.dll | ShellExecuteA |
ole32.dll | CoInitialize |
WS2_32.dll | WSAStartup |
CRYPT32.dll | CryptUnprotectData |
SHLWAPI.dll | PathFindExtensionA |
gdiplus.dll | GdipGetImageEncoders |
SETUPAPI.dll | SetupDiEnumDeviceInfo |
ntdll.dll | RtlUnicodeStringToAnsiString |
RstrtMgr.DLL | RmStartSession |
Name | Ordinal | Address |
---|---|---|
Start | 1 | 0x461330 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/26/24-05:44:00.242345 | TCP | 2046266 | ET TROJAN [ANY.RUN] RisePro TCP (Token) | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
04/26/24-05:44:55.687467 | TCP | 2046268 | ET TROJAN [ANY.RUN] RisePro TCP v.0.x (Get_settings) | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
04/26/24-05:43:59.949956 | TCP | 2049060 | ET TROJAN RisePro TCP Heartbeat Packet | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
04/26/24-05:45:36.095343 | TCP | 2046269 | ET TROJAN [ANY.RUN] RisePro TCP (Activity) | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
04/26/24-05:44:53.704210 | TCP | 2046267 | ET TROJAN [ANY.RUN] RisePro TCP (External IP) | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 05:43:59.627837896 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:43:59.935012102 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:43:59.935127020 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:43:59.949955940 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:44:00.242345095 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:44:00.282594919 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:44:00.297143936 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:44:03.376449108 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:44:03.725370884 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:44:35.673566103 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:44:36.020914078 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:44:53.704210043 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:44:53.751429081 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:44:53.956110001 CEST | 49740 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 26, 2024 05:44:53.956140041 CEST | 443 | 49740 | 34.117.186.192 | 192.168.2.4 |
Apr 26, 2024 05:44:53.956201077 CEST | 49740 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 26, 2024 05:44:53.959692001 CEST | 49740 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 26, 2024 05:44:53.959705114 CEST | 443 | 49740 | 34.117.186.192 | 192.168.2.4 |
Apr 26, 2024 05:44:54.332813978 CEST | 443 | 49740 | 34.117.186.192 | 192.168.2.4 |
Apr 26, 2024 05:44:54.332906961 CEST | 49740 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 26, 2024 05:44:54.334362030 CEST | 49740 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 26, 2024 05:44:54.334367990 CEST | 443 | 49740 | 34.117.186.192 | 192.168.2.4 |
Apr 26, 2024 05:44:54.334733009 CEST | 443 | 49740 | 34.117.186.192 | 192.168.2.4 |
Apr 26, 2024 05:44:54.376409054 CEST | 49740 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 26, 2024 05:44:54.384241104 CEST | 49740 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 26, 2024 05:44:54.428170919 CEST | 443 | 49740 | 34.117.186.192 | 192.168.2.4 |
Apr 26, 2024 05:44:54.712310076 CEST | 443 | 49740 | 34.117.186.192 | 192.168.2.4 |
Apr 26, 2024 05:44:54.712644100 CEST | 443 | 49740 | 34.117.186.192 | 192.168.2.4 |
Apr 26, 2024 05:44:54.712824106 CEST | 49740 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 26, 2024 05:44:54.718921900 CEST | 49740 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 26, 2024 05:44:54.718921900 CEST | 49740 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 26, 2024 05:44:54.718944073 CEST | 443 | 49740 | 34.117.186.192 | 192.168.2.4 |
Apr 26, 2024 05:44:54.718952894 CEST | 443 | 49740 | 34.117.186.192 | 192.168.2.4 |
Apr 26, 2024 05:44:54.872183084 CEST | 49741 | 443 | 192.168.2.4 | 172.67.75.166 |
Apr 26, 2024 05:44:54.872210026 CEST | 443 | 49741 | 172.67.75.166 | 192.168.2.4 |
Apr 26, 2024 05:44:54.872302055 CEST | 49741 | 443 | 192.168.2.4 | 172.67.75.166 |
Apr 26, 2024 05:44:54.872720003 CEST | 49741 | 443 | 192.168.2.4 | 172.67.75.166 |
Apr 26, 2024 05:44:54.872739077 CEST | 443 | 49741 | 172.67.75.166 | 192.168.2.4 |
Apr 26, 2024 05:44:55.192425966 CEST | 443 | 49741 | 172.67.75.166 | 192.168.2.4 |
Apr 26, 2024 05:44:55.192567110 CEST | 49741 | 443 | 192.168.2.4 | 172.67.75.166 |
Apr 26, 2024 05:44:55.194108963 CEST | 49741 | 443 | 192.168.2.4 | 172.67.75.166 |
Apr 26, 2024 05:44:55.194114923 CEST | 443 | 49741 | 172.67.75.166 | 192.168.2.4 |
Apr 26, 2024 05:44:55.194593906 CEST | 443 | 49741 | 172.67.75.166 | 192.168.2.4 |
Apr 26, 2024 05:44:55.195785046 CEST | 49741 | 443 | 192.168.2.4 | 172.67.75.166 |
Apr 26, 2024 05:44:55.240119934 CEST | 443 | 49741 | 172.67.75.166 | 192.168.2.4 |
Apr 26, 2024 05:44:55.423114061 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:44:55.470153093 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:44:55.686225891 CEST | 443 | 49741 | 172.67.75.166 | 192.168.2.4 |
Apr 26, 2024 05:44:55.686593056 CEST | 443 | 49741 | 172.67.75.166 | 192.168.2.4 |
Apr 26, 2024 05:44:55.686777115 CEST | 49741 | 443 | 192.168.2.4 | 172.67.75.166 |
Apr 26, 2024 05:44:55.686933994 CEST | 49741 | 443 | 192.168.2.4 | 172.67.75.166 |
Apr 26, 2024 05:44:55.686944962 CEST | 443 | 49741 | 172.67.75.166 | 192.168.2.4 |
Apr 26, 2024 05:44:55.686955929 CEST | 49741 | 443 | 192.168.2.4 | 172.67.75.166 |
Apr 26, 2024 05:44:55.686961889 CEST | 443 | 49741 | 172.67.75.166 | 192.168.2.4 |
Apr 26, 2024 05:44:55.687467098 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:44:56.035784006 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:44:57.602844000 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:44:57.657840967 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:44:59.390281916 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:44:59.407844067 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:44:59.809062004 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:45:01.019835949 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:45:01.063944101 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:45:01.860594988 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:45:02.211577892 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:45:05.001576900 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:45:05.409440041 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:45:23.544864893 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:45:23.595206976 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:45:23.642149925 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:45:24.009287119 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:45:36.095343113 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:45:36.508893967 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:45:54.432549000 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:45:54.485946894 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:45:55.546716928 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:45:55.579740047 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:45:56.011888027 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:45:56.273870945 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:45:56.329591990 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:45:57.597668886 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:45:57.642226934 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:45:59.544809103 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:45:59.549988031 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:45:59.856925011 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:45:59.857039928 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:45:59.857074022 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:45:59.857108116 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:45:59.857144117 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:45:59.857182980 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:45:59.857224941 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:45:59.857260942 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:45:59.857352018 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:45:59.910062075 CEST | 49742 | 80 | 192.168.2.4 | 5.42.66.10 |
Apr 26, 2024 05:46:00.165440083 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.165488005 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.165563107 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.165582895 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:00.165647984 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.165680885 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:00.165718079 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:00.165800095 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.165898085 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:00.166098118 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.166151047 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.166177988 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:00.166208982 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:00.166265011 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.166323900 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:00.166349888 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.166418076 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:00.214061975 CEST | 80 | 49742 | 5.42.66.10 | 192.168.2.4 |
Apr 26, 2024 05:46:00.214169025 CEST | 49742 | 80 | 192.168.2.4 | 5.42.66.10 |
Apr 26, 2024 05:46:00.473407030 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.473495960 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:00.473525047 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.473624945 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:00.473818064 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.473850965 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.473891973 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.473922014 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:00.473965883 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:00.473984003 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.474019051 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.474050999 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.474124908 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.474164009 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:00.474237919 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.474270105 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.474344015 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.474359989 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:00.474437952 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:00.474617958 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.474651098 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.474695921 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:00.474735022 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:00.474766016 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.474838972 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.474929094 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:00.781641960 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.781755924 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.781790018 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.781852961 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:00.781922102 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:00.782000065 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.782119989 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.782203913 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:00.782322884 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.782381058 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:00.782416105 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.782531977 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:00.782603979 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.782708883 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:00.782720089 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.782809973 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.782840014 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.782912016 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:00.910442114 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:00.910666943 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.360865116 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.509607077 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.509659052 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.509687901 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.509730101 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.511127949 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.511161089 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.511332035 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.511408091 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.511483908 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.511531115 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.668282032 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.817660093 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.817714930 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.817749023 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.817840099 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.819221020 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.819293976 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.819529057 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.819605112 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.819905043 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.819957972 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.820197105 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.820274115 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.820296049 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.820353031 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.820530891 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.820596933 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.821150064 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.821166039 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.821181059 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.821213007 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.821260929 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.821275949 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.821326971 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.821341991 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.821449041 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.821464062 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.821537018 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.821557999 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.821571112 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.821621895 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.821669102 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.821682930 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.821727037 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.821768045 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.821866989 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.821908951 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.821932077 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.821971893 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.822438955 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.822499990 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.822627068 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.822696924 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.822736025 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.822802067 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.823117018 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.823179960 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.823514938 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.823529959 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.823601007 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.823631048 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.823693991 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.823808908 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.823860884 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.823873043 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.823916912 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.823924065 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.823950052 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.824023008 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.824183941 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.824253082 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.824553967 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.824640989 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.824681044 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.824750900 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.825552940 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.825620890 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.825635910 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.825680971 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.826102018 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.826153040 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.826210022 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.826220036 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.826226950 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.826294899 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.826416016 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.826478958 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.826751947 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.826792002 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.826811075 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.826868057 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.826942921 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.827008009 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.827013969 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.827069998 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.827141047 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.827156067 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.827224016 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.827244043 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.827300072 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.827513933 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.827528000 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.827600002 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.827708006 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.827763081 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.226 |
Apr 26, 2024 05:46:01.827780008 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.827979088 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.828097105 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.828243017 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:01.910556078 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.125170946 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.125226021 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.125572920 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.125787973 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.126471043 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.126524925 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.126871109 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.126996994 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.127063990 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.127213955 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.127289057 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.128010988 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.128137112 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.128242016 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.128285885 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.128317118 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.128348112 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.128381014 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.128412008 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.128598928 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.128631115 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.128781080 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.129031897 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.129148960 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.129182100 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.129352093 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.129384041 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.129554987 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.129748106 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.129904032 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.129936934 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.130116940 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.130203962 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.130399942 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.130776882 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.130808115 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.130839109 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.130913973 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.130947113 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.131002903 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.131211042 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.131580114 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.131663084 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.131964922 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.132170916 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.132261992 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.132294893 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.132325888 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.132612944 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.132729053 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.132896900 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.133131027 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.133172989 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.133487940 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.133568048 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.134108067 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.134140015 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.134176016 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.134207964 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.134238005 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.134268999 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.134355068 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.134743929 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.134778023 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.134942055 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.135035992 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.135576010 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.135607958 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.135827065 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.135991096 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.136470079 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.136959076 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.136991978 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.137052059 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.137132883 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.137334108 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.137428999 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.137460947 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.137515068 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.137597084 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.137733936 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.138020992 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.138386011 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.138417959 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.138780117 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.138812065 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.138844967 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.139096975 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.139130116 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.139235020 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.139755964 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.139787912 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.139914989 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.140006065 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.140081882 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.140141964 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.140175104 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.140225887 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.140259027 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.140290022 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.140321970 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.140521049 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.140625954 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Apr 26, 2024 05:46:02.140810966 CEST | 50500 | 49732 | 193.233.132.226 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 05:44:53.803080082 CEST | 49924 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 26, 2024 05:44:53.950670958 CEST | 53 | 49924 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 05:44:54.720726967 CEST | 49870 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 26, 2024 05:44:54.870719910 CEST | 53 | 49870 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 26, 2024 05:44:53.803080082 CEST | 192.168.2.4 | 1.1.1.1 | 0xbabb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 05:44:54.720726967 CEST | 192.168.2.4 | 1.1.1.1 | 0x1973 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 26, 2024 05:44:53.950670958 CEST | 1.1.1.1 | 192.168.2.4 | 0xbabb | No error (0) | 34.117.186.192 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 05:44:54.870719910 CEST | 1.1.1.1 | 192.168.2.4 | 0x1973 | No error (0) | 172.67.75.166 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 05:44:54.870719910 CEST | 1.1.1.1 | 192.168.2.4 | 0x1973 | No error (0) | 104.26.4.15 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 05:44:54.870719910 CEST | 1.1.1.1 | 192.168.2.4 | 0x1973 | No error (0) | 104.26.5.15 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49740 | 34.117.186.192 | 443 | 6884 | C:\Users\user\Desktop\j1zkOQTx4q.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 03:44:54 UTC | 240 | OUT | |
2024-04-26 03:44:54 UTC | 514 | IN | |
2024-04-26 03:44:54 UTC | 741 | IN | |
2024-04-26 03:44:54 UTC | 279 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49741 | 172.67.75.166 | 443 | 6884 | C:\Users\user\Desktop\j1zkOQTx4q.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 03:44:55 UTC | 264 | OUT | |
2024-04-26 03:44:55 UTC | 660 | IN | |
2024-04-26 03:44:55 UTC | 709 | IN | |
2024-04-26 03:44:55 UTC | 7 | IN | |
2024-04-26 03:44:55 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 05:43:54 |
Start date: | 26/04/2024 |
Path: | C:\Users\user\Desktop\j1zkOQTx4q.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 8'976'008 bytes |
MD5 hash: | C49A9A589AF8DA0D09C69670B2579AB9 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |