Windows
Analysis Report
PHHOjspjmp.exe
Overview
General Information
Sample name: | PHHOjspjmp.exerenamed because original name is a hash value |
Original sample name: | 46d004a90bfc51d6447a0661f440e7a5.exe |
Analysis ID: | 1432016 |
MD5: | 46d004a90bfc51d6447a0661f440e7a5 |
SHA1: | fe33bb099ec660d4cc2607a34bcf55c92c5dc0f8 |
SHA256: | a50139923127672a8083b6d24b45e102e358aa0fcb8b558a85386cf9892605aa |
Tags: | 32exe |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- PHHOjspjmp.exe (PID: 6576 cmdline:
"C:\Users\ user\Deskt op\PHHOjsp jmp.exe" MD5: 46D004A90BFC51D6447A0661F440E7A5) - PHHOjspjmp.exe (PID: 6512 cmdline:
"C:\Users\ user\Deskt op\PHHOjsp jmp.exe" MD5: 46D004A90BFC51D6447A0661F440E7A5)
- csrss.exe (PID: 2624 cmdline:
"C:\Progra mData\Driv ers\csrss. exe" MD5: 46D004A90BFC51D6447A0661F440E7A5) - csrss.exe (PID: 2792 cmdline:
"C:\Progra mData\Driv ers\csrss. exe" MD5: 46D004A90BFC51D6447A0661F440E7A5)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
CMSBrute | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
JoeSecurity_CMSBrute | Yara detected CMSBrute | Joe Security | ||
JoeSecurity_CMSBrute | Yara detected CMSBrute | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CMSBrute | Yara detected CMSBrute | Joe Security | ||
JoeSecurity_CMSBrute | Yara detected CMSBrute | Joe Security |
System Summary |
---|
Source: | Author: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: |
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Source: | Author: vburov: |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Binary or memory string: | memstr_5f442bbf-0 |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_06020110 | |
Source: | Code function: | 3_2_061E0110 |
Source: | Code function: | 0_2_00406515 | |
Source: | Code function: | 3_2_00406515 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 0_2_044BF7C6 |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 1_2_0069D030 |
Source: | Code function: | 0_2_00407738 | |
Source: | Code function: | 0_2_04619A53 | |
Source: | Code function: | 0_2_04566A36 | |
Source: | Code function: | 0_2_0460DAEB | |
Source: | Code function: | 0_2_045322C9 | |
Source: | Code function: | 0_2_04619AB7 | |
Source: | Code function: | 0_2_0454A3F3 | |
Source: | Code function: | 1_2_006962AC | |
Source: | Code function: | 3_2_00407738 | |
Source: | Code function: | 3_2_0485AA97 | |
Source: | Code function: | 3_2_0484EACB | |
Source: | Code function: | 3_2_047A7A16 | |
Source: | Code function: | 3_2_0485AA33 | |
Source: | Code function: | 3_2_047732A9 | |
Source: | Code function: | 3_2_0478B3D3 | |
Source: | Code function: | 4_2_006962AC |
Persistence and Installation Behavior |
---|
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00406515 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Evasive API call chain: | graph_0-1360 | ||
Source: | Evasive API call chain: | graph_3-1365 |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-1362 | ||
Source: | API call chain: | graph_3-1367 |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_0040A882 |
Source: | Code function: | 1_2_0069D030 |
Source: | Code function: | 0_2_044BF0A3 | |
Source: | Code function: | 0_2_06020042 | |
Source: | Code function: | 3_2_04700083 | |
Source: | Code function: | 3_2_061E0042 |
Source: | Code function: | 0_2_00406914 |
Source: | Code function: | 0_2_0040A80D | |
Source: | Code function: | 1_2_006943E0 | |
Source: | Code function: | 1_2_00694A78 | |
Source: | Code function: | 3_2_0040A80D |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Code function: | 0_2_06020110 |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_0040A2D9 |
Source: | Key value queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Native API | 1 Registry Run Keys / Startup Folder | 211 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 11 Archive Collected Data | 12 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 Registry Run Keys / Startup Folder | 1 Virtualization/Sandbox Evasion | LSASS Memory | 121 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 211 Process Injection | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Multi-hop Proxy | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 2 Process Discovery | Distributed Component Object Model | Input Capture | 1 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | 2 Proxy | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 1 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 13 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
50% | ReversingLabs | Win32.Trojan.Generic | ||
50% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1312652 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1312652 | ||
100% | Joe Sandbox ML | |||
50% | ReversingLabs | Win32.Trojan.Generic | ||
50% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
true |
| unknown | ||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
171.25.193.9 | unknown | Sweden | 198093 | DFRI-ASForeningenfordigitalafri-ochrattigheterSE | false | |
85.10.240.250 | unknown | Germany | 24940 | HETZNER-ASDE | false | |
45.66.33.45 | unknown | Netherlands | 47482 | SPECTRENL | false | |
195.201.94.113 | unknown | Germany | 24940 | HETZNER-ASDE | false | |
8.209.79.125 | unknown | Singapore | 45102 | CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC | false | |
143.107.229.120 | unknown | Brazil | 28571 | UNIVERSIDADEDESAOPAULOBR | false | |
51.158.147.25 | unknown | France | 12876 | OnlineSASFR | false | |
95.216.154.139 | unknown | Germany | 24940 | HETZNER-ASDE | false | |
86.59.21.38 | unknown | Austria | 8437 | UTA-ASAT | false | |
93.186.202.32 | unknown | Germany | 24961 | MYLOC-ASIPBackboneofmyLocmanagedITAGDE | false | |
154.35.175.225 | unknown | United States | 14987 | RETHEMHOSTINGUS | false | |
128.31.0.39 | unknown | United States | 3 | MIT-GATEWAYSUS | false | |
62.78.194.4 | unknown | Finland | 16086 | DNAFI | false | |
51.91.121.255 | unknown | France | 16276 | OVHFR | false | |
195.154.106.60 | unknown | France | 12876 | OnlineSASFR | false | |
47.56.94.99 | unknown | United States | 45102 | CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC | false | |
185.220.101.205 | unknown | Germany | 208294 | ASMKNL | false | |
204.13.164.118 | unknown | United States | 25700 | 25700US | false | |
109.70.100.14 | unknown | Austria | 208323 | APPLIEDPRIVACY-ASAT | false | |
188.195.109.45 | unknown | Germany | 31334 | KABELDEUTSCHLAND-ASDE | false | |
46.105.227.109 | unknown | France | 16276 | OVHFR | false | |
151.197.240.154 | unknown | United States | 701 | UUNETUS | false | |
23.129.64.239 | unknown | United States | 396507 | EMERALD-ONIONUS | false | |
185.65.205.10 | unknown | Turkey | 59895 | CITYNETHOST-ASTR | false | |
104.149.129.210 | unknown | United States | 40676 | AS40676US | false | |
37.187.23.232 | unknown | France | 16276 | OVHFR | false | |
167.86.94.107 | unknown | Germany | 51167 | CONTABODE | false | |
217.160.255.217 | unknown | Germany | 8560 | ONEANDONE-ASBrauerstrasse48DE | false | |
149.56.98.216 | unknown | Canada | 16276 | OVHFR | false | |
88.88.79.90 | unknown | Norway | 2119 | TELENOR-NEXTELTelenorNorgeASNO | false | |
198.245.49.18 | unknown | Canada | 16276 | OVHFR | false | |
31.127.34.9 | unknown | United Kingdom | 12576 | EELtdGB | false | |
193.218.118.100 | unknown | Ukraine | 207656 | EPINATURAUA | false | |
212.8.243.229 | unknown | Netherlands | 49981 | WORLDSTREAMNL | false | |
80.66.135.13 | unknown | Belgium | 1239 | SPRINTLINKUS | false | |
131.188.40.189 | unknown | Germany | 680 | DFNVereinzurFoerderungeinesDeutschenForschungsnetzese | false | |
188.68.53.92 | unknown | Germany | 197540 | NETCUP-ASnetcupGmbHDE | false | |
185.220.101.20 | unknown | Germany | 208294 | ASMKNL | false | |
46.188.6.64 | unknown | Russian Federation | 8334 | CO-2COM-ASMoscowRU | false | |
45.153.160.131 | unknown | Czech Republic | 55933 | CLOUDIE-AS-APCloudieLimitedHK | false | |
134.249.185.176 | unknown | Ukraine | 15895 | KSNET-ASUA | false | |
130.225.244.90 | unknown | Denmark | 1835 | FSKNET-DKForskningsnettet-DanishnetworkforResearchand | false | |
199.58.81.140 | unknown | Canada | 7765 | KOUMBITCA | false | |
212.47.227.71 | unknown | France | 12876 | OnlineSASFR | false | |
192.0.128.86 | unknown | Canada | 5645 | TEKSAVVYCA | false | |
91.121.160.6 | unknown | France | 16276 | OVHFR | false | |
75.176.45.87 | unknown | United States | 11426 | TWC-11426-CAROLINASUS | false | |
209.58.180.90 | unknown | Singapore | 59253 | LEASEWEB-APAC-SIN-11LeasewebAsiaPacificpteltdSG | false | |
50.7.8.141 | unknown | United States | 174 | COGENT-174US | false | |
51.15.246.170 | unknown | France | 12876 | OnlineSASFR | false | |
51.38.65.160 | unknown | France | 16276 | OVHFR | false | |
173.249.63.227 | unknown | Germany | 51167 | CONTABODE | false |
IP |
---|
127.0.0.1 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1432016 |
Start date and time: | 2024-04-26 09:40:06 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 9m 22s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | PHHOjspjmp.exerenamed because original name is a hash value |
Original Sample Name: | 46d004a90bfc51d6447a0661f440e7a5.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@6/3@0/53 |
EGA Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target csrss.exe, PID 2792 because there are no executed function
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
09:40:56 | Autostart | |
09:41:31 | API Interceptor | |
09:41:41 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
171.25.193.9 | Get hash | malicious | SystemBC | Browse |
| |
Get hash | malicious | SystemBC | Browse |
| ||
Get hash | malicious | SystemBC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | TinyNuke | Browse |
| ||
Get hash | malicious | Kronos | Browse |
| ||
Get hash | malicious | Kronos | Browse |
| ||
Get hash | malicious | Kronos | Browse |
| ||
85.10.240.250 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Glupteba, SmokeLoader, Socks5Systemz, Stealc, Vidar | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
45.66.33.45 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, SmokeLoader, Stealc, Xmrig | Browse | |||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Stealc, Vidar | Browse | |||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, Stealc | Browse | |||
Get hash | malicious | Glupteba, LummaC Stealer, SmokeLoader, Stealc | Browse | |||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, SmokeLoader, Stealc, SystemBC | Browse | |||
Get hash | malicious | Glupteba, LummaC Stealer, SmokeLoader, Stealc, SystemBC, Xmrig | Browse | |||
Get hash | malicious | Glupteba, LummaC Stealer, SmokeLoader, Stealc, Xmrig | Browse | |||
Get hash | malicious | Glupteba, LummaC Stealer, SmokeLoader, Stealc | Browse | |||
Get hash | malicious | Glupteba, SmokeLoader, Stealc | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
HETZNER-ASDE | Get hash | malicious | Phisher | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GRQ Scam | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Babuk, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
SPECTRENL | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, SmokeLoader, Stealc, Xmrig | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, Stealc | Browse |
| ||
Get hash | malicious | Glupteba, LummaC Stealer, SmokeLoader, Stealc | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, SmokeLoader, Stealc, SystemBC | Browse |
| ||
Get hash | malicious | Glupteba, LummaC Stealer, SmokeLoader, Stealc, SystemBC, Xmrig | Browse |
| ||
Get hash | malicious | Glupteba, LummaC Stealer, SmokeLoader, Stealc, Xmrig | Browse |
| ||
Get hash | malicious | Glupteba, LummaC Stealer, SmokeLoader, Stealc | Browse |
| ||
DFRI-ASForeningenfordigitalafri-ochrattigheterSE | Get hash | malicious | Xmrig | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Amadey, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Socks5Systemz, Stealc | Browse |
| ||
Get hash | malicious | Amadey, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, SmokeLoader, Stealc, Xmrig | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, Stealc, Xmrig | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Socks5Systemz, Stealc | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Glupteba, LummaC Stealer, SmokeLoader, Stealc | Browse |
| ||
HETZNER-ASDE | Get hash | malicious | Phisher | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GRQ Scam | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Babuk, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Djvu, Vidar | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
83d60721ecc423892660e275acc4dffd | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Amadey, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Socks5Systemz, Stealc | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Glupteba, LummaC Stealer, Mars Stealer, RedLine, SmokeLoader | Browse |
| ||
Get hash | malicious | Amadey, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Socks5Systemz, Stealc | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, SmokeLoader, Stealc, Xmrig | Browse |
| ||
Get hash | malicious | Glupteba, LummaC Stealer, SmokeLoader, Stealc, Xmrig | Browse |
|
Process: | C:\Users\user\Desktop\PHHOjspjmp.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1984000 |
Entropy (8bit): | 7.929315097580162 |
Encrypted: | false |
SSDEEP: | 49152:nLxAcJhTYQsED8CC4C7xgFXlS/Gd5cRGrbnnSr:n1A89sIrC7xqSOd1Pn |
MD5: | 46D004A90BFC51D6447A0661F440E7A5 |
SHA1: | FE33BB099EC660D4CC2607A34BCF55C92C5DC0F8 |
SHA-256: | A50139923127672A8083B6D24B45E102E358AA0FCB8B558A85386CF9892605AA |
SHA-512: | D3D98C10323BB70867899D710333D06A0B47FC289D13E755FEA5C411E11AF236D066F8F44635F8D38BD71CE9173A56C9D3FC5E9FC5A624D2D3835119C962D355 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\PHHOjspjmp.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 209 |
Entropy (8bit): | 4.751493858603209 |
Encrypted: | false |
SSDEEP: | 6:SbdWwxXrMdznXr87+QVe2vwR/Ep5fM8VFYQz:bwxXAdzXr87HVBvwNCdJz |
MD5: | DBFFD796E5DECCE9AFF4EF0376EB6DEF |
SHA1: | FCF1870EEBA15B82D512DF94DB94803DF0A5E449 |
SHA-256: | 6C8D917EA7563003A742C8D654D57DEB9408426A131B16FADCDFF33DF5D8F57E |
SHA-512: | 7DBA51EB1DB344F780A1BBB85C7C7EE46101D5A46A0BE57F7B4E23778C28E68930EFA37FA99868FCBA1FF1CED456B57D695B3BE292C9B696DA89D1D335C9C2F4 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\PHHOjspjmp.exe |
File Type: | |
Category: | modified |
Size (bytes): | 209 |
Entropy (8bit): | 4.751493858603209 |
Encrypted: | false |
SSDEEP: | 6:SbdWwxXrMdznXr87+QVe2vwR/Ep5fM8VFYQz:bwxXAdzXr87HVBvwNCdJz |
MD5: | DBFFD796E5DECCE9AFF4EF0376EB6DEF |
SHA1: | FCF1870EEBA15B82D512DF94DB94803DF0A5E449 |
SHA-256: | 6C8D917EA7563003A742C8D654D57DEB9408426A131B16FADCDFF33DF5D8F57E |
SHA-512: | 7DBA51EB1DB344F780A1BBB85C7C7EE46101D5A46A0BE57F7B4E23778C28E68930EFA37FA99868FCBA1FF1CED456B57D695B3BE292C9B696DA89D1D335C9C2F4 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.929315097580162 |
TrID: |
|
File name: | PHHOjspjmp.exe |
File size: | 1'984'000 bytes |
MD5: | 46d004a90bfc51d6447a0661f440e7a5 |
SHA1: | fe33bb099ec660d4cc2607a34bcf55c92c5dc0f8 |
SHA256: | a50139923127672a8083b6d24b45e102e358aa0fcb8b558a85386cf9892605aa |
SHA512: | d3d98c10323bb70867899d710333d06a0b47fc289d13e755fea5c411e11af236d066f8f44635f8d38bd71ce9173a56c9d3fc5e9fc5a624d2d3835119c962d355 |
SSDEEP: | 49152:nLxAcJhTYQsED8CC4C7xgFXlS/Gd5cRGrbnnSr:n1A89sIrC7xqSOd1Pn |
TLSH: | 04953302FEE6D0A0E1A7577A18907F21463DFD619E21B66B638C3F6D6D74A409312733 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................q.......N.......O.......=.............X/K.......u.....X/p.....Rich....................PE..L...n/.d........... |
Icon Hash: | 411145554545410d |
Entrypoint: | 0x404457 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x64C72F6E [Mon Jul 31 03:50:06 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 35d2f187a446fa7dcfd6bfdfd63133ca |
Instruction |
---|
call 00007FBD9CD763D2h |
jmp 00007FBD9CD70555h |
push 00000014h |
push 00418048h |
call 00007FBD9CD737C8h |
call 00007FBD9CD765A3h |
movzx esi, ax |
push 00000002h |
call 00007FBD9CD76365h |
pop ecx |
mov eax, 00005A4Dh |
cmp word ptr [00400000h], ax |
je 00007FBD9CD70556h |
xor ebx, ebx |
jmp 00007FBD9CD70585h |
mov eax, dword ptr [0040003Ch] |
cmp dword ptr [eax+00400000h], 00004550h |
jne 00007FBD9CD7053Dh |
mov ecx, 0000010Bh |
cmp word ptr [eax+00400018h], cx |
jne 00007FBD9CD7052Fh |
xor ebx, ebx |
cmp dword ptr [eax+00400074h], 0Eh |
jbe 00007FBD9CD7055Bh |
cmp dword ptr [eax+004000E8h], ebx |
setne bl |
mov dword ptr [ebp-1Ch], ebx |
call 00007FBD9CD7299Fh |
test eax, eax |
jne 00007FBD9CD7055Ah |
push 0000001Ch |
call 00007FBD9CD70631h |
pop ecx |
call 00007FBD9CD71F52h |
test eax, eax |
jne 00007FBD9CD7055Ah |
push 00000010h |
call 00007FBD9CD70620h |
pop ecx |
call 00007FBD9CD763DEh |
and dword ptr [ebp-04h], 00000000h |
call 00007FBD9CD74781h |
test eax, eax |
jns 00007FBD9CD7055Ah |
push 0000001Bh |
call 00007FBD9CD70606h |
pop ecx |
call dword ptr [004120B0h] |
mov dword ptr [041C52A4h], eax |
call 00007FBD9CD763F9h |
mov dword ptr [005D780Ch], eax |
call 00007FBD9CD75FB6h |
test eax, eax |
jns 00007FBD9CD7055Ah |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x18454 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x3dc6000 | 0xd5f8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x3dd4000 | 0x137c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x121f0 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x17970 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x12000 | 0x17c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x10035 | 0x10200 | dffe2d8fb38e0d1593fe6fc268529a8a | False | 0.6009114583333334 | data | 6.6896002971759545 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x12000 | 0x6ce4 | 0x6e00 | 5a414d0b57c53fcf7a644ec6d167da94 | False | 0.39147727272727273 | data | 4.729783722836041 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x19000 | 0x3dac2a8 | 0x1be800 | c05b89c9fa7c65518e2e5e63f9ebdc90 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x3dc6000 | 0xd5f8 | 0xd600 | b6f07f7386462f0049219f160416f5ae | False | 0.5152234228971962 | data | 5.491653671420701 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x3dd4000 | 0x137c | 0x1400 | a2aace44608a5bb5aa85da63c5cc59de | False | 0.74765625 | data | 6.462085016602893 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
AFX_DIALOG_LAYOUT | 0x3dd2e38 | 0xe | data | 1.5714285714285714 | ||
RT_ICON | 0x3dc64a0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Romanian | Romania | 0.5671641791044776 |
RT_ICON | 0x3dc7348 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Romanian | Romania | 0.5496389891696751 |
RT_ICON | 0x3dc7bf0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Romanian | Romania | 0.6170520231213873 |
RT_ICON | 0x3dc8158 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Romanian | Romania | 0.4631742738589212 |
RT_ICON | 0x3dca700 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Romanian | Romania | 0.4873358348968105 |
RT_ICON | 0x3dcb7a8 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Romanian | Romania | 0.49631147540983606 |
RT_ICON | 0x3dcc130 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Romanian | Romania | 0.4530141843971631 |
RT_ICON | 0x3dcc600 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Romanian | Romania | 0.4240405117270789 |
RT_ICON | 0x3dcd4a8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Romanian | Romania | 0.4833032490974729 |
RT_ICON | 0x3dcdd50 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Romanian | Romania | 0.5835253456221198 |
RT_ICON | 0x3dce418 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Romanian | Romania | 0.4913294797687861 |
RT_ICON | 0x3dce980 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Romanian | Romania | 0.4701244813278008 |
RT_ICON | 0x3dd0f28 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Romanian | Romania | 0.4878048780487805 |
RT_ICON | 0x3dd1fd0 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Romanian | Romania | 0.5032786885245901 |
RT_ICON | 0x3dd2958 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Romanian | Romania | 0.5514184397163121 |
RT_STRING | 0x3dd3088 | 0x2bc | data | Romanian | Romania | 0.49142857142857144 |
RT_STRING | 0x3dd3348 | 0x2ac | data | Romanian | Romania | 0.48830409356725146 |
RT_GROUP_ICON | 0x3dcc598 | 0x68 | data | Romanian | Romania | 0.6923076923076923 |
RT_GROUP_ICON | 0x3dd2dc0 | 0x76 | data | Romanian | Romania | 0.6779661016949152 |
RT_VERSION | 0x3dd2e48 | 0x23c | data | 0.5314685314685315 |
DLL | Import |
---|---|
KERNEL32.dll | GlobalMemoryStatus, GetLocaleInfoA, FindResourceExW, LocalCompact, InterlockedDecrement, GetComputerNameW, CreateHardLinkA, GetSystemDefaultLCID, BackupSeek, GetTickCount, GetConsoleAliasesA, GetWindowsDirectoryA, EnumTimeFormatsW, GetUserDefaultLangID, SetCommState, GlobalAlloc, LoadLibraryW, ReadConsoleInputA, WriteConsoleW, GetModuleFileNameW, MultiByteToWideChar, GetLastError, ChangeTimerQueueTimer, SetLastError, GetThreadLocale, GetProcAddress, RemoveDirectoryA, SetFileAttributesA, BuildCommDCBW, LoadLibraryA, SetCalendarInfoW, GetExitCodeThread, AddAtomW, GlobalFindAtomW, GetOEMCP, LoadLibraryExA, VirtualProtect, GetConsoleProcessList, GetTempPathA, GetVolumeInformationW, HeapAlloc, EncodePointer, DecodePointer, IsProcessorFeaturePresent, GetCommandLineA, RaiseException, RtlUnwind, IsDebuggerPresent, IsValidCodePage, GetACP, GetCPInfo, GetCurrentThreadId, HeapFree, ExitProcess, GetModuleHandleExW, WideCharToMultiByte, GetStdHandle, WriteFile, GetProcessHeap, EnterCriticalSection, LeaveCriticalSection, FlushFileBuffers, GetConsoleCP, GetConsoleMode, DeleteCriticalSection, HeapSize, GetFileType, GetStartupInfoW, CloseHandle, GetModuleFileNameA, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, GetEnvironmentStringsW, FreeEnvironmentStringsW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, InitializeCriticalSectionAndSpinCount, Sleep, GetCurrentProcess, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetModuleHandleW, GetStringTypeW, LoadLibraryExW, OutputDebugStringW, LCMapStringW, SetStdHandle, SetFilePointerEx, HeapReAlloc, CreateFileW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Romanian | Romania |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 09:40:58.116678953 CEST | 49706 | 443 | 192.168.2.5 | 46.105.227.109 |
Apr 26, 2024 09:40:58.116717100 CEST | 443 | 49706 | 46.105.227.109 | 192.168.2.5 |
Apr 26, 2024 09:40:58.116802931 CEST | 49706 | 443 | 192.168.2.5 | 46.105.227.109 |
Apr 26, 2024 09:40:58.121822119 CEST | 49706 | 443 | 192.168.2.5 | 46.105.227.109 |
Apr 26, 2024 09:40:58.121850014 CEST | 443 | 49706 | 46.105.227.109 | 192.168.2.5 |
Apr 26, 2024 09:40:58.956267118 CEST | 49707 | 9001 | 192.168.2.5 | 31.127.34.9 |
Apr 26, 2024 09:40:59.971399069 CEST | 49707 | 9001 | 192.168.2.5 | 31.127.34.9 |
Apr 26, 2024 09:41:00.956336975 CEST | 49708 | 9001 | 192.168.2.5 | 75.176.45.87 |
Apr 26, 2024 09:41:01.971421003 CEST | 49708 | 9001 | 192.168.2.5 | 75.176.45.87 |
Apr 26, 2024 09:41:01.971555948 CEST | 49707 | 9001 | 192.168.2.5 | 31.127.34.9 |
Apr 26, 2024 09:41:03.971407890 CEST | 49708 | 9001 | 192.168.2.5 | 75.176.45.87 |
Apr 26, 2024 09:41:05.971374035 CEST | 49707 | 9001 | 192.168.2.5 | 31.127.34.9 |
Apr 26, 2024 09:41:07.971452951 CEST | 49708 | 9001 | 192.168.2.5 | 75.176.45.87 |
Apr 26, 2024 09:41:13.971407890 CEST | 49707 | 9001 | 192.168.2.5 | 31.127.34.9 |
Apr 26, 2024 09:41:15.971388102 CEST | 49708 | 9001 | 192.168.2.5 | 75.176.45.87 |
Apr 26, 2024 09:41:19.972317934 CEST | 49719 | 443 | 192.168.2.5 | 51.15.246.170 |
Apr 26, 2024 09:41:19.972397089 CEST | 49720 | 443 | 192.168.2.5 | 204.13.164.118 |
Apr 26, 2024 09:41:19.972410917 CEST | 443 | 49719 | 51.15.246.170 | 192.168.2.5 |
Apr 26, 2024 09:41:19.972435951 CEST | 443 | 49720 | 204.13.164.118 | 192.168.2.5 |
Apr 26, 2024 09:41:19.972543955 CEST | 49719 | 443 | 192.168.2.5 | 51.15.246.170 |
Apr 26, 2024 09:41:19.972744942 CEST | 49720 | 443 | 192.168.2.5 | 204.13.164.118 |
Apr 26, 2024 09:41:19.972754002 CEST | 49719 | 443 | 192.168.2.5 | 51.15.246.170 |
Apr 26, 2024 09:41:19.972793102 CEST | 443 | 49719 | 51.15.246.170 | 192.168.2.5 |
Apr 26, 2024 09:41:19.972863913 CEST | 49720 | 443 | 192.168.2.5 | 204.13.164.118 |
Apr 26, 2024 09:41:19.972872019 CEST | 443 | 49720 | 204.13.164.118 | 192.168.2.5 |
Apr 26, 2024 09:41:20.611978054 CEST | 443 | 49720 | 204.13.164.118 | 192.168.2.5 |
Apr 26, 2024 09:41:20.612072945 CEST | 49720 | 443 | 192.168.2.5 | 204.13.164.118 |
Apr 26, 2024 09:41:20.615999937 CEST | 49720 | 443 | 192.168.2.5 | 204.13.164.118 |
Apr 26, 2024 09:41:20.616008043 CEST | 443 | 49720 | 204.13.164.118 | 192.168.2.5 |
Apr 26, 2024 09:41:20.616447926 CEST | 443 | 49720 | 204.13.164.118 | 192.168.2.5 |
Apr 26, 2024 09:41:20.620009899 CEST | 49720 | 443 | 192.168.2.5 | 204.13.164.118 |
Apr 26, 2024 09:41:20.664119959 CEST | 443 | 49720 | 204.13.164.118 | 192.168.2.5 |
Apr 26, 2024 09:41:21.035801888 CEST | 443 | 49719 | 51.15.246.170 | 192.168.2.5 |
Apr 26, 2024 09:41:21.035986900 CEST | 49719 | 443 | 192.168.2.5 | 51.15.246.170 |
Apr 26, 2024 09:41:21.039870024 CEST | 49719 | 443 | 192.168.2.5 | 51.15.246.170 |
Apr 26, 2024 09:41:21.039901018 CEST | 443 | 49719 | 51.15.246.170 | 192.168.2.5 |
Apr 26, 2024 09:41:21.040144920 CEST | 443 | 49719 | 51.15.246.170 | 192.168.2.5 |
Apr 26, 2024 09:41:21.040462017 CEST | 49719 | 443 | 192.168.2.5 | 51.15.246.170 |
Apr 26, 2024 09:41:21.088124990 CEST | 443 | 49719 | 51.15.246.170 | 192.168.2.5 |
Apr 26, 2024 09:42:10.206613064 CEST | 49722 | 9001 | 192.168.2.5 | 51.91.121.255 |
Apr 26, 2024 09:42:11.221463919 CEST | 49722 | 9001 | 192.168.2.5 | 51.91.121.255 |
Apr 26, 2024 09:42:13.128273010 CEST | 49723 | 443 | 192.168.2.5 | 198.245.49.18 |
Apr 26, 2024 09:42:13.128371954 CEST | 443 | 49723 | 198.245.49.18 | 192.168.2.5 |
Apr 26, 2024 09:42:13.128446102 CEST | 49723 | 443 | 192.168.2.5 | 198.245.49.18 |
Apr 26, 2024 09:42:13.128524065 CEST | 49724 | 443 | 192.168.2.5 | 154.35.175.225 |
Apr 26, 2024 09:42:13.128554106 CEST | 443 | 49724 | 154.35.175.225 | 192.168.2.5 |
Apr 26, 2024 09:42:13.128597975 CEST | 49724 | 443 | 192.168.2.5 | 154.35.175.225 |
Apr 26, 2024 09:42:13.128750086 CEST | 49723 | 443 | 192.168.2.5 | 198.245.49.18 |
Apr 26, 2024 09:42:13.128768921 CEST | 443 | 49723 | 198.245.49.18 | 192.168.2.5 |
Apr 26, 2024 09:42:13.128933907 CEST | 49724 | 443 | 192.168.2.5 | 154.35.175.225 |
Apr 26, 2024 09:42:13.128940105 CEST | 443 | 49724 | 154.35.175.225 | 192.168.2.5 |
Apr 26, 2024 09:42:13.221426964 CEST | 49722 | 9001 | 192.168.2.5 | 51.91.121.255 |
Apr 26, 2024 09:42:17.221338034 CEST | 49722 | 9001 | 192.168.2.5 | 51.91.121.255 |
Apr 26, 2024 09:42:24.064701080 CEST | 49724 | 443 | 192.168.2.5 | 154.35.175.225 |
Apr 26, 2024 09:42:24.064785957 CEST | 49723 | 443 | 192.168.2.5 | 198.245.49.18 |
Apr 26, 2024 09:42:24.064918041 CEST | 49719 | 443 | 192.168.2.5 | 51.15.246.170 |
Apr 26, 2024 09:42:24.064990997 CEST | 49720 | 443 | 192.168.2.5 | 204.13.164.118 |
Apr 26, 2024 09:42:24.065062046 CEST | 443 | 49719 | 51.15.246.170 | 192.168.2.5 |
Apr 26, 2024 09:42:24.065120935 CEST | 49719 | 443 | 192.168.2.5 | 51.15.246.170 |
Apr 26, 2024 09:42:24.065190077 CEST | 443 | 49720 | 204.13.164.118 | 192.168.2.5 |
Apr 26, 2024 09:42:24.065257072 CEST | 49720 | 443 | 192.168.2.5 | 204.13.164.118 |
Apr 26, 2024 09:42:24.065289974 CEST | 49706 | 443 | 192.168.2.5 | 46.105.227.109 |
Apr 26, 2024 09:42:24.082918882 CEST | 49726 | 9001 | 192.168.2.5 | 95.216.154.139 |
Apr 26, 2024 09:42:24.083142042 CEST | 49727 | 80 | 192.168.2.5 | 171.25.193.9 |
Apr 26, 2024 09:42:24.096352100 CEST | 49728 | 443 | 192.168.2.5 | 195.201.94.113 |
Apr 26, 2024 09:42:24.096385002 CEST | 443 | 49728 | 195.201.94.113 | 192.168.2.5 |
Apr 26, 2024 09:42:24.096435070 CEST | 49728 | 443 | 192.168.2.5 | 195.201.94.113 |
Apr 26, 2024 09:42:24.096654892 CEST | 49728 | 443 | 192.168.2.5 | 195.201.94.113 |
Apr 26, 2024 09:42:24.096669912 CEST | 443 | 49728 | 195.201.94.113 | 192.168.2.5 |
Apr 26, 2024 09:42:24.108119011 CEST | 443 | 49723 | 198.245.49.18 | 192.168.2.5 |
Apr 26, 2024 09:42:24.108124971 CEST | 443 | 49724 | 154.35.175.225 | 192.168.2.5 |
Apr 26, 2024 09:42:24.108149052 CEST | 443 | 49706 | 46.105.227.109 | 192.168.2.5 |
Apr 26, 2024 09:42:24.339060068 CEST | 80 | 49727 | 171.25.193.9 | 192.168.2.5 |
Apr 26, 2024 09:42:24.340010881 CEST | 49727 | 80 | 192.168.2.5 | 171.25.193.9 |
Apr 26, 2024 09:42:24.340612888 CEST | 49727 | 80 | 192.168.2.5 | 171.25.193.9 |
Apr 26, 2024 09:42:24.341690063 CEST | 49728 | 443 | 192.168.2.5 | 195.201.94.113 |
Apr 26, 2024 09:42:24.342390060 CEST | 49729 | 9101 | 192.168.2.5 | 128.31.0.39 |
Apr 26, 2024 09:42:24.342879057 CEST | 49730 | 443 | 192.168.2.5 | 23.129.64.239 |
Apr 26, 2024 09:42:24.342926979 CEST | 443 | 49730 | 23.129.64.239 | 192.168.2.5 |
Apr 26, 2024 09:42:24.343086004 CEST | 49730 | 443 | 192.168.2.5 | 23.129.64.239 |
Apr 26, 2024 09:42:24.343794107 CEST | 49730 | 443 | 192.168.2.5 | 23.129.64.239 |
Apr 26, 2024 09:42:24.343821049 CEST | 443 | 49730 | 23.129.64.239 | 192.168.2.5 |
Apr 26, 2024 09:42:24.344485998 CEST | 49731 | 10020 | 192.168.2.5 | 185.220.101.20 |
Apr 26, 2024 09:42:24.347357035 CEST | 9001 | 49726 | 95.216.154.139 | 192.168.2.5 |
Apr 26, 2024 09:42:24.388113976 CEST | 443 | 49728 | 195.201.94.113 | 192.168.2.5 |
Apr 26, 2024 09:42:24.506947994 CEST | 9101 | 49729 | 128.31.0.39 | 192.168.2.5 |
Apr 26, 2024 09:42:24.589322090 CEST | 10020 | 49731 | 185.220.101.20 | 192.168.2.5 |
Apr 26, 2024 09:42:24.598270893 CEST | 80 | 49727 | 171.25.193.9 | 192.168.2.5 |
Apr 26, 2024 09:42:24.602351904 CEST | 49727 | 80 | 192.168.2.5 | 171.25.193.9 |
Apr 26, 2024 09:42:24.617652893 CEST | 49730 | 443 | 192.168.2.5 | 23.129.64.239 |
Apr 26, 2024 09:42:24.617892027 CEST | 49727 | 80 | 192.168.2.5 | 171.25.193.9 |
Apr 26, 2024 09:42:24.637928009 CEST | 443 | 49730 | 23.129.64.239 | 192.168.2.5 |
Apr 26, 2024 09:42:24.649780989 CEST | 49732 | 9001 | 192.168.2.5 | 193.218.118.100 |
Apr 26, 2024 09:42:24.650038958 CEST | 49733 | 443 | 192.168.2.5 | 45.66.33.45 |
Apr 26, 2024 09:42:24.650078058 CEST | 443 | 49733 | 45.66.33.45 | 192.168.2.5 |
Apr 26, 2024 09:42:24.650160074 CEST | 49733 | 443 | 192.168.2.5 | 45.66.33.45 |
Apr 26, 2024 09:42:24.658953905 CEST | 49733 | 443 | 192.168.2.5 | 45.66.33.45 |
Apr 26, 2024 09:42:24.658982992 CEST | 443 | 49733 | 45.66.33.45 | 192.168.2.5 |
Apr 26, 2024 09:42:24.847742081 CEST | 443 | 49728 | 195.201.94.113 | 192.168.2.5 |
Apr 26, 2024 09:42:24.847817898 CEST | 49728 | 443 | 192.168.2.5 | 195.201.94.113 |
Apr 26, 2024 09:42:24.847817898 CEST | 49728 | 443 | 192.168.2.5 | 195.201.94.113 |
Apr 26, 2024 09:42:24.858779907 CEST | 80 | 49727 | 171.25.193.9 | 192.168.2.5 |
Apr 26, 2024 09:42:24.859889030 CEST | 49727 | 80 | 192.168.2.5 | 171.25.193.9 |
Apr 26, 2024 09:42:24.862214088 CEST | 49733 | 443 | 192.168.2.5 | 45.66.33.45 |
Apr 26, 2024 09:42:24.873933077 CEST | 80 | 49727 | 171.25.193.9 | 192.168.2.5 |
Apr 26, 2024 09:42:24.873969078 CEST | 80 | 49727 | 171.25.193.9 | 192.168.2.5 |
Apr 26, 2024 09:42:24.873985052 CEST | 49727 | 80 | 192.168.2.5 | 171.25.193.9 |
Apr 26, 2024 09:42:24.874021053 CEST | 49727 | 80 | 192.168.2.5 | 171.25.193.9 |
Apr 26, 2024 09:42:24.874927998 CEST | 49734 | 443 | 192.168.2.5 | 217.160.255.217 |
Apr 26, 2024 09:42:24.875003099 CEST | 443 | 49734 | 217.160.255.217 | 192.168.2.5 |
Apr 26, 2024 09:42:24.875093937 CEST | 49734 | 443 | 192.168.2.5 | 217.160.255.217 |
Apr 26, 2024 09:42:24.875194073 CEST | 49735 | 443 | 192.168.2.5 | 199.58.81.140 |
Apr 26, 2024 09:42:24.875228882 CEST | 443 | 49735 | 199.58.81.140 | 192.168.2.5 |
Apr 26, 2024 09:42:24.875376940 CEST | 49734 | 443 | 192.168.2.5 | 217.160.255.217 |
Apr 26, 2024 09:42:24.875396013 CEST | 49735 | 443 | 192.168.2.5 | 199.58.81.140 |
Apr 26, 2024 09:42:24.875423908 CEST | 443 | 49734 | 217.160.255.217 | 192.168.2.5 |
Apr 26, 2024 09:42:24.875528097 CEST | 49735 | 443 | 192.168.2.5 | 199.58.81.140 |
Apr 26, 2024 09:42:24.875569105 CEST | 443 | 49735 | 199.58.81.140 | 192.168.2.5 |
Apr 26, 2024 09:42:24.904115915 CEST | 443 | 49733 | 45.66.33.45 | 192.168.2.5 |
Apr 26, 2024 09:42:24.918163061 CEST | 9001 | 49732 | 193.218.118.100 | 192.168.2.5 |
Apr 26, 2024 09:42:25.443141937 CEST | 443 | 49735 | 199.58.81.140 | 192.168.2.5 |
Apr 26, 2024 09:42:25.443238974 CEST | 49735 | 443 | 192.168.2.5 | 199.58.81.140 |
Apr 26, 2024 09:42:25.446548939 CEST | 49735 | 443 | 192.168.2.5 | 199.58.81.140 |
Apr 26, 2024 09:42:25.446566105 CEST | 443 | 49735 | 199.58.81.140 | 192.168.2.5 |
Apr 26, 2024 09:42:25.446966887 CEST | 443 | 49735 | 199.58.81.140 | 192.168.2.5 |
Apr 26, 2024 09:42:25.486932993 CEST | 49735 | 443 | 192.168.2.5 | 199.58.81.140 |
Apr 26, 2024 09:42:25.487994909 CEST | 49735 | 443 | 192.168.2.5 | 199.58.81.140 |
Apr 26, 2024 09:42:25.503854990 CEST | 49734 | 443 | 192.168.2.5 | 217.160.255.217 |
Apr 26, 2024 09:42:25.544116974 CEST | 443 | 49734 | 217.160.255.217 | 192.168.2.5 |
Apr 26, 2024 09:42:25.552944899 CEST | 49736 | 40233 | 192.168.2.5 | 143.107.229.120 |
Apr 26, 2024 09:42:25.800277948 CEST | 40233 | 49736 | 143.107.229.120 | 192.168.2.5 |
Apr 26, 2024 09:42:26.326419115 CEST | 49737 | 9001 | 192.168.2.5 | 192.0.128.86 |
Apr 26, 2024 09:42:26.326582909 CEST | 49738 | 443 | 192.168.2.5 | 199.58.81.140 |
Apr 26, 2024 09:42:26.326634884 CEST | 443 | 49738 | 199.58.81.140 | 192.168.2.5 |
Apr 26, 2024 09:42:26.326692104 CEST | 49738 | 443 | 192.168.2.5 | 199.58.81.140 |
Apr 26, 2024 09:42:26.327111006 CEST | 49738 | 443 | 192.168.2.5 | 199.58.81.140 |
Apr 26, 2024 09:42:26.327126980 CEST | 443 | 49738 | 199.58.81.140 | 192.168.2.5 |
Apr 26, 2024 09:42:26.855554104 CEST | 443 | 49738 | 199.58.81.140 | 192.168.2.5 |
Apr 26, 2024 09:42:26.855660915 CEST | 49738 | 443 | 192.168.2.5 | 199.58.81.140 |
Apr 26, 2024 09:42:26.861443043 CEST | 49738 | 443 | 192.168.2.5 | 199.58.81.140 |
Apr 26, 2024 09:42:26.861479998 CEST | 443 | 49738 | 199.58.81.140 | 192.168.2.5 |
Apr 26, 2024 09:42:26.861989021 CEST | 443 | 49738 | 199.58.81.140 | 192.168.2.5 |
Apr 26, 2024 09:42:26.883654118 CEST | 49738 | 443 | 192.168.2.5 | 199.58.81.140 |
Apr 26, 2024 09:42:26.887180090 CEST | 49739 | 443 | 192.168.2.5 | 154.35.175.225 |
Apr 26, 2024 09:42:26.887227058 CEST | 443 | 49739 | 154.35.175.225 | 192.168.2.5 |
Apr 26, 2024 09:42:26.887283087 CEST | 49739 | 443 | 192.168.2.5 | 154.35.175.225 |
Apr 26, 2024 09:42:26.887367964 CEST | 49740 | 9001 | 192.168.2.5 | 151.197.240.154 |
Apr 26, 2024 09:42:26.887495041 CEST | 49739 | 443 | 192.168.2.5 | 154.35.175.225 |
Apr 26, 2024 09:42:26.887514114 CEST | 443 | 49739 | 154.35.175.225 | 192.168.2.5 |
Apr 26, 2024 09:42:27.879890919 CEST | 49740 | 9001 | 192.168.2.5 | 151.197.240.154 |
Apr 26, 2024 09:42:27.935189009 CEST | 49739 | 443 | 192.168.2.5 | 154.35.175.225 |
Apr 26, 2024 09:42:27.976124048 CEST | 443 | 49739 | 154.35.175.225 | 192.168.2.5 |
Apr 26, 2024 09:42:29.060456991 CEST | 49741 | 9001 | 192.168.2.5 | 46.188.6.64 |
Apr 26, 2024 09:42:32.474675894 CEST | 49742 | 9001 | 192.168.2.5 | 173.249.63.227 |
Apr 26, 2024 09:42:32.720665932 CEST | 9001 | 49742 | 173.249.63.227 | 192.168.2.5 |
Apr 26, 2024 09:42:34.392432928 CEST | 49743 | 9001 | 192.168.2.5 | 47.56.94.99 |
Apr 26, 2024 09:42:35.393187046 CEST | 49743 | 9001 | 192.168.2.5 | 47.56.94.99 |
Apr 26, 2024 09:42:35.430202961 CEST | 49744 | 9001 | 192.168.2.5 | 80.66.135.13 |
Apr 26, 2024 09:42:36.468961954 CEST | 49745 | 80 | 192.168.2.5 | 88.88.79.90 |
Apr 26, 2024 09:42:36.469266891 CEST | 49746 | 9001 | 192.168.2.5 | 8.209.79.125 |
Apr 26, 2024 09:42:37.471318960 CEST | 49746 | 9001 | 192.168.2.5 | 8.209.79.125 |
Apr 26, 2024 09:42:37.471329927 CEST | 49745 | 80 | 192.168.2.5 | 88.88.79.90 |
Apr 26, 2024 09:42:37.542545080 CEST | 49747 | 443 | 192.168.2.5 | 104.149.129.210 |
Apr 26, 2024 09:42:37.542591095 CEST | 443 | 49747 | 104.149.129.210 | 192.168.2.5 |
Apr 26, 2024 09:42:37.542710066 CEST | 49747 | 443 | 192.168.2.5 | 104.149.129.210 |
Apr 26, 2024 09:42:37.542901993 CEST | 49747 | 443 | 192.168.2.5 | 104.149.129.210 |
Apr 26, 2024 09:42:37.542916059 CEST | 443 | 49747 | 104.149.129.210 | 192.168.2.5 |
Apr 26, 2024 09:42:38.179908991 CEST | 49747 | 443 | 192.168.2.5 | 104.149.129.210 |
Apr 26, 2024 09:42:38.184957981 CEST | 49748 | 9001 | 192.168.2.5 | 167.86.94.107 |
Apr 26, 2024 09:42:38.224118948 CEST | 443 | 49747 | 104.149.129.210 | 192.168.2.5 |
Apr 26, 2024 09:42:39.279866934 CEST | 49749 | 443 | 192.168.2.5 | 50.7.8.141 |
Apr 26, 2024 09:42:39.279917955 CEST | 443 | 49749 | 50.7.8.141 | 192.168.2.5 |
Apr 26, 2024 09:42:39.279993057 CEST | 49749 | 443 | 192.168.2.5 | 50.7.8.141 |
Apr 26, 2024 09:42:39.280205011 CEST | 49749 | 443 | 192.168.2.5 | 50.7.8.141 |
Apr 26, 2024 09:42:39.280220032 CEST | 443 | 49749 | 50.7.8.141 | 192.168.2.5 |
Apr 26, 2024 09:42:40.293611050 CEST | 49749 | 443 | 192.168.2.5 | 50.7.8.141 |
Apr 26, 2024 09:42:40.298737049 CEST | 49750 | 443 | 192.168.2.5 | 85.10.240.250 |
Apr 26, 2024 09:42:40.298787117 CEST | 443 | 49750 | 85.10.240.250 | 192.168.2.5 |
Apr 26, 2024 09:42:40.298841000 CEST | 49750 | 443 | 192.168.2.5 | 85.10.240.250 |
Apr 26, 2024 09:42:40.299113989 CEST | 49750 | 443 | 192.168.2.5 | 85.10.240.250 |
Apr 26, 2024 09:42:40.299129009 CEST | 443 | 49750 | 85.10.240.250 | 192.168.2.5 |
Apr 26, 2024 09:42:40.336159945 CEST | 443 | 49749 | 50.7.8.141 | 192.168.2.5 |
Apr 26, 2024 09:42:41.065591097 CEST | 443 | 49750 | 85.10.240.250 | 192.168.2.5 |
Apr 26, 2024 09:42:41.065680027 CEST | 49750 | 443 | 192.168.2.5 | 85.10.240.250 |
Apr 26, 2024 09:42:41.071650982 CEST | 49750 | 443 | 192.168.2.5 | 85.10.240.250 |
Apr 26, 2024 09:42:41.071676970 CEST | 443 | 49750 | 85.10.240.250 | 192.168.2.5 |
Apr 26, 2024 09:42:41.072024107 CEST | 443 | 49750 | 85.10.240.250 | 192.168.2.5 |
Apr 26, 2024 09:42:41.072160959 CEST | 49750 | 443 | 192.168.2.5 | 85.10.240.250 |
Apr 26, 2024 09:42:41.079564095 CEST | 49751 | 9001 | 192.168.2.5 | 93.186.202.32 |
Apr 26, 2024 09:42:41.327071905 CEST | 9001 | 49751 | 93.186.202.32 | 192.168.2.5 |
Apr 26, 2024 09:42:41.986932993 CEST | 49751 | 9001 | 192.168.2.5 | 93.186.202.32 |
Apr 26, 2024 09:42:42.233513117 CEST | 9001 | 49751 | 93.186.202.32 | 192.168.2.5 |
Apr 26, 2024 09:42:43.168162107 CEST | 49752 | 443 | 192.168.2.5 | 195.154.106.60 |
Apr 26, 2024 09:42:43.168241024 CEST | 443 | 49752 | 195.154.106.60 | 192.168.2.5 |
Apr 26, 2024 09:42:43.168307066 CEST | 49752 | 443 | 192.168.2.5 | 195.154.106.60 |
Apr 26, 2024 09:42:43.168463945 CEST | 49753 | 443 | 192.168.2.5 | 131.188.40.189 |
Apr 26, 2024 09:42:43.168513060 CEST | 443 | 49753 | 131.188.40.189 | 192.168.2.5 |
Apr 26, 2024 09:42:43.168559074 CEST | 49753 | 443 | 192.168.2.5 | 131.188.40.189 |
Apr 26, 2024 09:42:43.168705940 CEST | 49752 | 443 | 192.168.2.5 | 195.154.106.60 |
Apr 26, 2024 09:42:43.168732882 CEST | 443 | 49752 | 195.154.106.60 | 192.168.2.5 |
Apr 26, 2024 09:42:43.168891907 CEST | 49753 | 443 | 192.168.2.5 | 131.188.40.189 |
Apr 26, 2024 09:42:43.168908119 CEST | 443 | 49753 | 131.188.40.189 | 192.168.2.5 |
Apr 26, 2024 09:42:43.648991108 CEST | 443 | 49752 | 195.154.106.60 | 192.168.2.5 |
Apr 26, 2024 09:42:43.649101973 CEST | 49752 | 443 | 192.168.2.5 | 195.154.106.60 |
Apr 26, 2024 09:42:43.653047085 CEST | 49752 | 443 | 192.168.2.5 | 195.154.106.60 |
Apr 26, 2024 09:42:43.653070927 CEST | 443 | 49752 | 195.154.106.60 | 192.168.2.5 |
Apr 26, 2024 09:42:43.653332949 CEST | 443 | 49752 | 195.154.106.60 | 192.168.2.5 |
Apr 26, 2024 09:42:43.653371096 CEST | 49753 | 443 | 192.168.2.5 | 131.188.40.189 |
Apr 26, 2024 09:42:43.681530952 CEST | 49752 | 443 | 192.168.2.5 | 195.154.106.60 |
Apr 26, 2024 09:42:43.690329075 CEST | 49754 | 9001 | 192.168.2.5 | 62.78.194.4 |
Apr 26, 2024 09:42:43.700118065 CEST | 443 | 49753 | 131.188.40.189 | 192.168.2.5 |
Apr 26, 2024 09:42:43.940874100 CEST | 443 | 49753 | 131.188.40.189 | 192.168.2.5 |
Apr 26, 2024 09:42:43.940968037 CEST | 49753 | 443 | 192.168.2.5 | 131.188.40.189 |
Apr 26, 2024 09:42:43.940968037 CEST | 49753 | 443 | 192.168.2.5 | 131.188.40.189 |
Apr 26, 2024 09:42:44.545993090 CEST | 49755 | 9001 | 192.168.2.5 | 51.38.65.160 |
Apr 26, 2024 09:42:44.797739029 CEST | 9001 | 49755 | 51.38.65.160 | 192.168.2.5 |
Apr 26, 2024 09:42:44.797832012 CEST | 49755 | 9001 | 192.168.2.5 | 51.38.65.160 |
Apr 26, 2024 09:42:44.798155069 CEST | 49755 | 9001 | 192.168.2.5 | 51.38.65.160 |
Apr 26, 2024 09:42:44.798691034 CEST | 49756 | 9001 | 192.168.2.5 | 212.8.243.229 |
Apr 26, 2024 09:42:45.032668114 CEST | 9001 | 49756 | 212.8.243.229 | 192.168.2.5 |
Apr 26, 2024 09:42:45.058219910 CEST | 9001 | 49755 | 51.38.65.160 | 192.168.2.5 |
Apr 26, 2024 09:42:45.063555956 CEST | 9001 | 49755 | 51.38.65.160 | 192.168.2.5 |
Apr 26, 2024 09:42:45.068481922 CEST | 49755 | 9001 | 192.168.2.5 | 51.38.65.160 |
Apr 26, 2024 09:42:45.068869114 CEST | 49755 | 9001 | 192.168.2.5 | 51.38.65.160 |
Apr 26, 2024 09:42:45.073894024 CEST | 49757 | 443 | 192.168.2.5 | 188.68.53.92 |
Apr 26, 2024 09:42:45.073980093 CEST | 443 | 49757 | 188.68.53.92 | 192.168.2.5 |
Apr 26, 2024 09:42:45.074059010 CEST | 49757 | 443 | 192.168.2.5 | 188.68.53.92 |
Apr 26, 2024 09:42:45.081006050 CEST | 49757 | 443 | 192.168.2.5 | 188.68.53.92 |
Apr 26, 2024 09:42:45.081036091 CEST | 443 | 49757 | 188.68.53.92 | 192.168.2.5 |
Apr 26, 2024 09:42:45.326925993 CEST | 9001 | 49755 | 51.38.65.160 | 192.168.2.5 |
Apr 26, 2024 09:42:45.326971054 CEST | 9001 | 49755 | 51.38.65.160 | 192.168.2.5 |
Apr 26, 2024 09:42:45.327927113 CEST | 49755 | 9001 | 192.168.2.5 | 51.38.65.160 |
Apr 26, 2024 09:42:45.327927113 CEST | 49755 | 9001 | 192.168.2.5 | 51.38.65.160 |
Apr 26, 2024 09:42:45.960643053 CEST | 49757 | 443 | 192.168.2.5 | 188.68.53.92 |
Apr 26, 2024 09:42:45.970371962 CEST | 49758 | 443 | 192.168.2.5 | 109.70.100.14 |
Apr 26, 2024 09:42:45.970426083 CEST | 443 | 49758 | 109.70.100.14 | 192.168.2.5 |
Apr 26, 2024 09:42:45.973994970 CEST | 49758 | 443 | 192.168.2.5 | 109.70.100.14 |
Apr 26, 2024 09:42:45.994496107 CEST | 49758 | 443 | 192.168.2.5 | 109.70.100.14 |
Apr 26, 2024 09:42:45.994513988 CEST | 443 | 49758 | 109.70.100.14 | 192.168.2.5 |
Apr 26, 2024 09:42:46.008155107 CEST | 443 | 49757 | 188.68.53.92 | 192.168.2.5 |
Apr 26, 2024 09:42:46.096399069 CEST | 49758 | 443 | 192.168.2.5 | 109.70.100.14 |
Apr 26, 2024 09:42:46.140140057 CEST | 443 | 49758 | 109.70.100.14 | 192.168.2.5 |
Apr 26, 2024 09:42:46.261601925 CEST | 443 | 49758 | 109.70.100.14 | 192.168.2.5 |
Apr 26, 2024 09:42:47.138362885 CEST | 49759 | 443 | 192.168.2.5 | 130.225.244.90 |
Apr 26, 2024 09:42:47.138425112 CEST | 443 | 49759 | 130.225.244.90 | 192.168.2.5 |
Apr 26, 2024 09:42:47.138488054 CEST | 49759 | 443 | 192.168.2.5 | 130.225.244.90 |
Apr 26, 2024 09:42:47.138765097 CEST | 49759 | 443 | 192.168.2.5 | 130.225.244.90 |
Apr 26, 2024 09:42:47.138782978 CEST | 443 | 49759 | 130.225.244.90 | 192.168.2.5 |
Apr 26, 2024 09:42:47.954581976 CEST | 443 | 49759 | 130.225.244.90 | 192.168.2.5 |
Apr 26, 2024 09:42:47.954684019 CEST | 49759 | 443 | 192.168.2.5 | 130.225.244.90 |
Apr 26, 2024 09:42:47.963887930 CEST | 49759 | 443 | 192.168.2.5 | 130.225.244.90 |
Apr 26, 2024 09:42:47.963908911 CEST | 443 | 49759 | 130.225.244.90 | 192.168.2.5 |
Apr 26, 2024 09:42:47.964200020 CEST | 443 | 49759 | 130.225.244.90 | 192.168.2.5 |
Apr 26, 2024 09:42:48.053487062 CEST | 49759 | 443 | 192.168.2.5 | 130.225.244.90 |
Apr 26, 2024 09:42:50.928241968 CEST | 49760 | 443 | 192.168.2.5 | 51.158.147.25 |
Apr 26, 2024 09:42:50.928287983 CEST | 443 | 49760 | 51.158.147.25 | 192.168.2.5 |
Apr 26, 2024 09:42:50.928344011 CEST | 49760 | 443 | 192.168.2.5 | 51.158.147.25 |
Apr 26, 2024 09:42:50.928580046 CEST | 49760 | 443 | 192.168.2.5 | 51.158.147.25 |
Apr 26, 2024 09:42:50.928597927 CEST | 443 | 49760 | 51.158.147.25 | 192.168.2.5 |
Apr 26, 2024 09:42:51.439898968 CEST | 443 | 49760 | 51.158.147.25 | 192.168.2.5 |
Apr 26, 2024 09:42:51.440036058 CEST | 49760 | 443 | 192.168.2.5 | 51.158.147.25 |
Apr 26, 2024 09:42:51.447676897 CEST | 49760 | 443 | 192.168.2.5 | 51.158.147.25 |
Apr 26, 2024 09:42:51.447702885 CEST | 443 | 49760 | 51.158.147.25 | 192.168.2.5 |
Apr 26, 2024 09:42:51.447858095 CEST | 49760 | 443 | 192.168.2.5 | 51.158.147.25 |
Apr 26, 2024 09:42:51.448057890 CEST | 443 | 49760 | 51.158.147.25 | 192.168.2.5 |
Apr 26, 2024 09:42:51.448260069 CEST | 443 | 49760 | 51.158.147.25 | 192.168.2.5 |
Apr 26, 2024 09:42:51.448260069 CEST | 49760 | 443 | 192.168.2.5 | 51.158.147.25 |
Apr 26, 2024 09:42:51.449481010 CEST | 49760 | 443 | 192.168.2.5 | 51.158.147.25 |
Apr 26, 2024 09:42:52.374377012 CEST | 49761 | 9001 | 192.168.2.5 | 45.153.160.131 |
Apr 26, 2024 09:42:52.374460936 CEST | 49762 | 443 | 192.168.2.5 | 45.66.33.45 |
Apr 26, 2024 09:42:52.374500990 CEST | 443 | 49762 | 45.66.33.45 | 192.168.2.5 |
Apr 26, 2024 09:42:52.374591112 CEST | 49762 | 443 | 192.168.2.5 | 45.66.33.45 |
Apr 26, 2024 09:42:52.374768972 CEST | 49762 | 443 | 192.168.2.5 | 45.66.33.45 |
Apr 26, 2024 09:42:52.374779940 CEST | 443 | 49762 | 45.66.33.45 | 192.168.2.5 |
Apr 26, 2024 09:42:52.541320086 CEST | 9001 | 49761 | 45.153.160.131 | 192.168.2.5 |
Apr 26, 2024 09:42:52.674865007 CEST | 49762 | 443 | 192.168.2.5 | 45.66.33.45 |
Apr 26, 2024 09:42:52.679996967 CEST | 49763 | 10205 | 192.168.2.5 | 185.220.101.205 |
Apr 26, 2024 09:42:52.720119953 CEST | 443 | 49762 | 45.66.33.45 | 192.168.2.5 |
Apr 26, 2024 09:42:52.929615021 CEST | 10205 | 49763 | 185.220.101.205 | 192.168.2.5 |
Apr 26, 2024 09:42:53.487874031 CEST | 49763 | 10205 | 192.168.2.5 | 185.220.101.205 |
Apr 26, 2024 09:42:53.735579014 CEST | 10205 | 49763 | 185.220.101.205 | 192.168.2.5 |
Apr 26, 2024 09:42:54.283799887 CEST | 49763 | 10205 | 192.168.2.5 | 185.220.101.205 |
Apr 26, 2024 09:42:54.529665947 CEST | 10205 | 49763 | 185.220.101.205 | 192.168.2.5 |
Apr 26, 2024 09:42:56.386188984 CEST | 49764 | 9001 | 192.168.2.5 | 212.47.227.71 |
Apr 26, 2024 09:42:58.444003105 CEST | 49765 | 80 | 192.168.2.5 | 37.187.23.232 |
Apr 26, 2024 09:42:58.677386999 CEST | 80 | 49765 | 37.187.23.232 | 192.168.2.5 |
Apr 26, 2024 09:42:58.677475929 CEST | 49765 | 80 | 192.168.2.5 | 37.187.23.232 |
Apr 26, 2024 09:42:58.677861929 CEST | 49765 | 80 | 192.168.2.5 | 37.187.23.232 |
Apr 26, 2024 09:42:58.911151886 CEST | 80 | 49765 | 37.187.23.232 | 192.168.2.5 |
Apr 26, 2024 09:42:58.927617073 CEST | 80 | 49765 | 37.187.23.232 | 192.168.2.5 |
Apr 26, 2024 09:42:58.932523966 CEST | 49765 | 80 | 192.168.2.5 | 37.187.23.232 |
Apr 26, 2024 09:42:59.170227051 CEST | 80 | 49765 | 37.187.23.232 | 192.168.2.5 |
Apr 26, 2024 09:42:59.176306963 CEST | 49765 | 80 | 192.168.2.5 | 37.187.23.232 |
Apr 26, 2024 09:42:59.409863949 CEST | 80 | 49765 | 37.187.23.232 | 192.168.2.5 |
Apr 26, 2024 09:42:59.409929991 CEST | 80 | 49765 | 37.187.23.232 | 192.168.2.5 |
Apr 26, 2024 09:42:59.414150000 CEST | 49765 | 80 | 192.168.2.5 | 37.187.23.232 |
Apr 26, 2024 09:42:59.414150000 CEST | 49765 | 80 | 192.168.2.5 | 37.187.23.232 |
Apr 26, 2024 09:43:02.321631908 CEST | 49766 | 9001 | 192.168.2.5 | 149.56.98.216 |
Apr 26, 2024 09:43:05.131942987 CEST | 49767 | 9001 | 192.168.2.5 | 134.249.185.176 |
Apr 26, 2024 09:43:07.944817066 CEST | 443 | 49706 | 46.105.227.109 | 192.168.2.5 |
Apr 26, 2024 09:43:10.448343039 CEST | 49768 | 9001 | 192.168.2.5 | 188.195.109.45 |
Apr 26, 2024 09:43:11.471282005 CEST | 49768 | 9001 | 192.168.2.5 | 188.195.109.45 |
Apr 26, 2024 09:43:26.352849007 CEST | 49769 | 443 | 192.168.2.5 | 209.58.180.90 |
Apr 26, 2024 09:43:26.352910995 CEST | 443 | 49769 | 209.58.180.90 | 192.168.2.5 |
Apr 26, 2024 09:43:26.352977991 CEST | 49769 | 443 | 192.168.2.5 | 209.58.180.90 |
Apr 26, 2024 09:43:26.353097916 CEST | 49770 | 443 | 192.168.2.5 | 86.59.21.38 |
Apr 26, 2024 09:43:26.353136063 CEST | 443 | 49770 | 86.59.21.38 | 192.168.2.5 |
Apr 26, 2024 09:43:26.353240013 CEST | 49770 | 443 | 192.168.2.5 | 86.59.21.38 |
Apr 26, 2024 09:43:26.353401899 CEST | 49769 | 443 | 192.168.2.5 | 209.58.180.90 |
Apr 26, 2024 09:43:26.353420019 CEST | 443 | 49769 | 209.58.180.90 | 192.168.2.5 |
Apr 26, 2024 09:43:26.353634119 CEST | 49770 | 443 | 192.168.2.5 | 86.59.21.38 |
Apr 26, 2024 09:43:26.353646994 CEST | 443 | 49770 | 86.59.21.38 | 192.168.2.5 |
Apr 26, 2024 09:43:26.606384993 CEST | 443 | 49770 | 86.59.21.38 | 192.168.2.5 |
Apr 26, 2024 09:43:26.606770992 CEST | 49769 | 443 | 192.168.2.5 | 209.58.180.90 |
Apr 26, 2024 09:43:26.648159027 CEST | 443 | 49769 | 209.58.180.90 | 192.168.2.5 |
Apr 26, 2024 09:43:27.454508066 CEST | 443 | 49769 | 209.58.180.90 | 192.168.2.5 |
Apr 26, 2024 09:43:27.454719067 CEST | 443 | 49769 | 209.58.180.90 | 192.168.2.5 |
Apr 26, 2024 09:43:27.454734087 CEST | 49769 | 443 | 192.168.2.5 | 209.58.180.90 |
Apr 26, 2024 09:43:27.454735041 CEST | 49769 | 443 | 192.168.2.5 | 209.58.180.90 |
Apr 26, 2024 09:43:27.454843044 CEST | 49769 | 443 | 192.168.2.5 | 209.58.180.90 |
Apr 26, 2024 09:43:45.891865015 CEST | 49771 | 9001 | 192.168.2.5 | 91.121.160.6 |
Apr 26, 2024 09:43:45.892085075 CEST | 49772 | 80 | 192.168.2.5 | 171.25.193.9 |
Apr 26, 2024 09:43:46.126060963 CEST | 9001 | 49771 | 91.121.160.6 | 192.168.2.5 |
Apr 26, 2024 09:43:46.154262066 CEST | 80 | 49772 | 171.25.193.9 | 192.168.2.5 |
Apr 26, 2024 09:43:46.154346943 CEST | 49772 | 80 | 192.168.2.5 | 171.25.193.9 |
Apr 26, 2024 09:43:46.154720068 CEST | 49772 | 80 | 192.168.2.5 | 171.25.193.9 |
Apr 26, 2024 09:43:46.418283939 CEST | 80 | 49772 | 171.25.193.9 | 192.168.2.5 |
Apr 26, 2024 09:43:46.422144890 CEST | 49772 | 80 | 192.168.2.5 | 171.25.193.9 |
Apr 26, 2024 09:43:46.422261000 CEST | 49772 | 80 | 192.168.2.5 | 171.25.193.9 |
Apr 26, 2024 09:43:46.684336901 CEST | 80 | 49772 | 171.25.193.9 | 192.168.2.5 |
Apr 26, 2024 09:43:46.684443951 CEST | 80 | 49772 | 171.25.193.9 | 192.168.2.5 |
Apr 26, 2024 09:43:46.684480906 CEST | 80 | 49772 | 171.25.193.9 | 192.168.2.5 |
Apr 26, 2024 09:43:46.684595108 CEST | 49772 | 80 | 192.168.2.5 | 171.25.193.9 |
Apr 26, 2024 09:43:46.684595108 CEST | 49772 | 80 | 192.168.2.5 | 171.25.193.9 |
Apr 26, 2024 09:44:06.165486097 CEST | 49773 | 443 | 192.168.2.5 | 185.65.205.10 |
Apr 26, 2024 09:44:06.165594101 CEST | 443 | 49773 | 185.65.205.10 | 192.168.2.5 |
Apr 26, 2024 09:44:06.165663004 CEST | 49773 | 443 | 192.168.2.5 | 185.65.205.10 |
Apr 26, 2024 09:44:06.165834904 CEST | 49774 | 443 | 192.168.2.5 | 199.58.81.140 |
Apr 26, 2024 09:44:06.165865898 CEST | 443 | 49774 | 199.58.81.140 | 192.168.2.5 |
Apr 26, 2024 09:44:06.165911913 CEST | 49774 | 443 | 192.168.2.5 | 199.58.81.140 |
Apr 26, 2024 09:44:06.166136026 CEST | 49773 | 443 | 192.168.2.5 | 185.65.205.10 |
Apr 26, 2024 09:44:06.166176081 CEST | 443 | 49773 | 185.65.205.10 | 192.168.2.5 |
Apr 26, 2024 09:44:06.166274071 CEST | 49774 | 443 | 192.168.2.5 | 199.58.81.140 |
Apr 26, 2024 09:44:06.166286945 CEST | 443 | 49774 | 199.58.81.140 | 192.168.2.5 |
Apr 26, 2024 09:44:06.694346905 CEST | 443 | 49774 | 199.58.81.140 | 192.168.2.5 |
Apr 26, 2024 09:44:06.694495916 CEST | 49774 | 443 | 192.168.2.5 | 199.58.81.140 |
Apr 26, 2024 09:44:06.698194981 CEST | 49774 | 443 | 192.168.2.5 | 199.58.81.140 |
Apr 26, 2024 09:44:06.698194981 CEST | 49774 | 443 | 192.168.2.5 | 199.58.81.140 |
Apr 26, 2024 09:44:06.698204041 CEST | 443 | 49774 | 199.58.81.140 | 192.168.2.5 |
Apr 26, 2024 09:44:06.698587894 CEST | 443 | 49774 | 199.58.81.140 | 192.168.2.5 |
Apr 26, 2024 09:44:06.698720932 CEST | 49774 | 443 | 192.168.2.5 | 199.58.81.140 |
Apr 26, 2024 09:44:06.752274036 CEST | 49773 | 443 | 192.168.2.5 | 185.65.205.10 |
Apr 26, 2024 09:44:06.800120115 CEST | 443 | 49773 | 185.65.205.10 | 192.168.2.5 |
Apr 26, 2024 09:44:06.902483940 CEST | 443 | 49773 | 185.65.205.10 | 192.168.2.5 |
Apr 26, 2024 09:44:06.902585030 CEST | 49773 | 443 | 192.168.2.5 | 185.65.205.10 |
Apr 26, 2024 09:44:06.902585030 CEST | 49773 | 443 | 192.168.2.5 | 185.65.205.10 |
Apr 26, 2024 09:44:24.174326897 CEST | 49724 | 443 | 192.168.2.5 | 154.35.175.225 |
Apr 26, 2024 09:44:24.174329042 CEST | 49723 | 443 | 192.168.2.5 | 198.245.49.18 |
Apr 26, 2024 09:44:24.971218109 CEST | 49733 | 443 | 192.168.2.5 | 45.66.33.45 |
Apr 26, 2024 09:44:25.674331903 CEST | 49734 | 443 | 192.168.2.5 | 217.160.255.217 |
Apr 26, 2024 09:44:28.174326897 CEST | 49739 | 443 | 192.168.2.5 | 154.35.175.225 |
Apr 26, 2024 09:44:37.630269051 CEST | 49775 | 443 | 192.168.2.5 | 204.13.164.118 |
Apr 26, 2024 09:44:37.630302906 CEST | 443 | 49775 | 204.13.164.118 | 192.168.2.5 |
Apr 26, 2024 09:44:37.630358934 CEST | 49775 | 443 | 192.168.2.5 | 204.13.164.118 |
Apr 26, 2024 09:44:37.630604982 CEST | 49775 | 443 | 192.168.2.5 | 204.13.164.118 |
Apr 26, 2024 09:44:37.630614996 CEST | 443 | 49775 | 204.13.164.118 | 192.168.2.5 |
Apr 26, 2024 09:44:38.257878065 CEST | 443 | 49775 | 204.13.164.118 | 192.168.2.5 |
Apr 26, 2024 09:44:38.257951975 CEST | 49775 | 443 | 192.168.2.5 | 204.13.164.118 |
Apr 26, 2024 09:44:38.262583017 CEST | 49775 | 443 | 192.168.2.5 | 204.13.164.118 |
Apr 26, 2024 09:44:38.262593031 CEST | 443 | 49775 | 204.13.164.118 | 192.168.2.5 |
Apr 26, 2024 09:44:38.262727976 CEST | 49775 | 443 | 192.168.2.5 | 204.13.164.118 |
Apr 26, 2024 09:44:38.262989998 CEST | 443 | 49775 | 204.13.164.118 | 192.168.2.5 |
Apr 26, 2024 09:44:38.263046980 CEST | 49775 | 443 | 192.168.2.5 | 204.13.164.118 |
Apr 26, 2024 09:44:38.361804962 CEST | 49747 | 443 | 192.168.2.5 | 104.149.129.210 |
Apr 26, 2024 09:44:40.487895966 CEST | 49749 | 443 | 192.168.2.5 | 50.7.8.141 |
Apr 26, 2024 09:44:46.080575943 CEST | 49757 | 443 | 192.168.2.5 | 188.68.53.92 |
Apr 26, 2024 09:44:52.783776045 CEST | 49762 | 443 | 192.168.2.5 | 45.66.33.45 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Apr 26, 2024 09:42:38.430630922 CEST | 167.86.94.107 | 192.168.2.5 | c58b | (Unknown) | Destination Unreachable |
Apr 26, 2024 09:43:10.710418940 CEST | 188.195.109.45 | 192.168.2.5 | d2e | (Unknown) | Destination Unreachable |
Apr 26, 2024 09:43:11.729929924 CEST | 188.195.109.45 | 192.168.2.5 | d2e | (Unknown) | Destination Unreachable |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49727 | 171.25.193.9 | 80 | 6512 | C:\Users\user\Desktop\PHHOjspjmp.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 09:42:24.340612888 CEST | 201 | OUT | |
Apr 26, 2024 09:42:24.598270893 CEST | 1017 | IN | |
Apr 26, 2024 09:42:24.602351904 CEST | 126 | OUT | |
Apr 26, 2024 09:42:24.858779907 CEST | 51 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49765 | 37.187.23.232 | 80 | 6512 | C:\Users\user\Desktop\PHHOjspjmp.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 09:42:58.677861929 CEST | 203 | OUT | |
Apr 26, 2024 09:42:58.927617073 CEST | 1005 | IN | |
Apr 26, 2024 09:42:58.932523966 CEST | 126 | OUT | |
Apr 26, 2024 09:42:59.170227051 CEST | 51 | IN | |
Apr 26, 2024 09:42:59.409863949 CEST | 31 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49772 | 171.25.193.9 | 80 | 6512 | C:\Users\user\Desktop\PHHOjspjmp.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 09:43:46.154720068 CEST | 190 | OUT | |
Apr 26, 2024 09:43:46.418283939 CEST | 1017 | IN | |
Apr 26, 2024 09:43:46.422144890 CEST | 126 | OUT | |
Apr 26, 2024 09:43:46.684443951 CEST | 51 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 09:40:54 |
Start date: | 26/04/2024 |
Path: | C:\Users\user\Desktop\PHHOjspjmp.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1'984'000 bytes |
MD5 hash: | 46D004A90BFC51D6447A0661F440E7A5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 09:40:55 |
Start date: | 26/04/2024 |
Path: | C:\Users\user\Desktop\PHHOjspjmp.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1'984'000 bytes |
MD5 hash: | 46D004A90BFC51D6447A0661F440E7A5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 09:41:04 |
Start date: | 26/04/2024 |
Path: | C:\ProgramData\Drivers\csrss.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1'984'000 bytes |
MD5 hash: | 46D004A90BFC51D6447A0661F440E7A5 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 4 |
Start time: | 09:41:05 |
Start date: | 26/04/2024 |
Path: | C:\ProgramData\Drivers\csrss.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1'984'000 bytes |
MD5 hash: | 46D004A90BFC51D6447A0661F440E7A5 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 24.4% |
Dynamic/Decrypted Code Coverage: | 16.4% |
Signature Coverage: | 13.4% |
Total number of Nodes: | 232 |
Total number of Limit Nodes: | 8 |
Graph
Function 06020110 Relevance: 22.7, APIs: 15, Instructions: 248memorynativethreadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 044BF7C6 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 044BF485 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406914 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 044BF0A3 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06020042 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004050CB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMONLIBRARYCODE
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 15.6% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 27 |
Total number of Limit Nodes: | 0 |
Graph
Callgraph
Function 00694A87 Relevance: 6.0, APIs: 4, Instructions: 44memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 24.3% |
Dynamic/Decrypted Code Coverage: | 16.7% |
Signature Coverage: | 0% |
Total number of Nodes: | 233 |
Total number of Limit Nodes: | 7 |
Graph
Function 061E0110 Relevance: 22.7, APIs: 15, Instructions: 248memorynativethreadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 047007A6 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04700465 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004050CB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMONLIBRARYCODE
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |