Edit tour
Windows
Analysis Report
Dragons Dogma 2 v1.0 Plus 36 Trainer.exe
Overview
General Information
| Sample name: | Dragons Dogma 2 v1.0 Plus 36 Trainer.exe |
| Analysis ID: | 1432170 |
| MD5: | 3412b8b059e693c1a8f0168ca0b07af0 |
| SHA1: | f12f0e1b15a6b1f1766ed891a305dc6db5d82b33 |
| SHA256: | b0b0880f99265d4dd9e98e0a771025e332b993d71808bc83049d2561e25c5a7c |
| Infos: |  |
 | |
Detection
| Score: | 60 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Found suspicious QR code URL
Machine Learning detection for sample
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
Dragons Dogma 2 v1.0 Plus 36 Trainer.exe (PID: 7404 cmdline: "C:\Users\ user\Deskt op\Dragons Dogma 2 v 1.0 Plus 3 6 Trainer. exe" MD5: 3412B8B059E693C1A8F0168CA0B07AF0)
chrome.exe (PID: 7632 cmdline: "C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t http://4 7375057156 7004317064 2305835144 6835080456 5684324378 0751596107 4209160469 8238217701 4840294657 6243013591 3242023857 7500344015 5905406094 5654540273 6388672287 9498364083 3862748912 1218513348 0703124909 9092790952 1300350742 2794384297 0399582505 875/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 7820 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2064 --fi eld-trial- handle=201 2,i,125618 1220260315 7812,13767 0101472931 51412,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction / prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
| JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
| JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security |
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Virustotal: | Perma Link | ||
| Source: | Joe Sandbox ML: | ||
Phishing | |
|---|
| Source: | URL: | ||
| Source: | URL: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
Networking | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | File written: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00007FFD9B79D2A6 | |
| Source: | Code function: | 0_2_00007FFD9B8C55DD | |
| Source: | Code function: | 0_2_00007FFD9B8C55DD | |
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Query Registry | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 2 Virtualization/Sandbox Evasion | LSASS Memory | 1 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Disable or Modify Tools | Security Account Manager | 2 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Process Injection | NTDS | 1 Process Discovery | Distributed Component Object Model | Input Capture | 3 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 2 Obfuscated Files or Information | Cached Domain Credentials | 2 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | 12 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 17% | ReversingLabs | Win64.PUA.Generic | ||
| 25% | Virustotal | Browse | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 3% | Virustotal | Browse |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 3% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 2% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 3% | Virustotal | Browse | ||
| 2% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 3% | Virustotal | Browse | ||
| 3% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 2% | Virustotal | Browse | ||
| 3% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 3% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 3% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 3% | Virustotal | Browse | ||
| 3% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 1% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 3% | Virustotal | Browse | ||
| 3% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 2% | Virustotal | Browse | ||
| 3% | Virustotal | Browse | ||
| 3% | Virustotal | Browse | ||
| 3% | Virustotal | Browse | ||
| 3% | Virustotal | Browse | ||
| 3% | Virustotal | Browse |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| flingtrainer.com | 104.21.85.118 | true | false |
| unknown |
| www.google.com | 142.250.64.196 | true | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false |
| unknown | |
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| false |
| unknown | |
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 104.21.85.118 | flingtrainer.com | United States | 13335 | CLOUDFLARENETUS | false | |
| 142.250.64.196 | www.google.com | United States | 15169 | GOOGLEUS | false | |
| 239.255.255.250 | unknown | Reserved | unknown | unknown | false |
| IP |
|---|
| 192.168.2.4 |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1432170 |
| Start date and time: | 2024-04-26 16:19:36 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 6m 23s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Run name: | Run with higher sleep bypass |
| Number of analysed new started processes analysed: | 8 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Dragons Dogma 2 v1.0 Plus 36 Trainer.exe |
| Detection: | MAL |
| Classification: | mal60.phis.troj.winEXE@16/3@3/4 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 192.178.50.67, 142.250.217.206, 142.251.107.84, 34.104.35.123, 23.45.182.104, 192.229.211.108, 142.250.217.195, 23.45.182.68, 142.250.217.174
- Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
| Time | Type | Description |
|---|---|---|
| 16:21:08 | API Interceptor |
| Source | URL |
|---|---|
| Screenshot | http://473750571567004317064230583514468350804565684324378075159610742091604698238217701484029465762430135913242023857750034401559054060945654540273638867228794983640833862748912121851334807031249099092790952130035074227943842970399582505875 |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 104.21.85.118 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| 239.255.255.250 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| flingtrainer.com | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CLOUDFLARENETUS | Get hash | malicious | HTMLPhisher | Browse |
| |
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT | Browse |
| ||
| Get hash | malicious | RisePro Stealer | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
| Get hash | malicious | AsyncRAT | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT | Browse |
| |
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | FormBook, GuLoader, Remcos | Browse |
| ||
| Get hash | malicious | GuLoader, Remcos | Browse |
| ||
| Get hash | malicious | Latrodectus | Browse |
| ||
| Get hash | malicious | Latrodectus | Browse |
| ||
| Get hash | malicious | Latrodectus | Browse |
| ||
| Get hash | malicious | Latrodectus | Browse |
|
⊘No context
| Process: | C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 37 |
| Entropy (8bit): | 4.242576676147401 |
| Encrypted: | false |
| SSDEEP: | 3:CLAoLCREg2VIqin:Kyqi |
| MD5: | A733986B23235E9DF2ED8652044F4718 |
| SHA1: | A6B37AB6584096EEE4E0BB79013773EB752BFE83 |
| SHA-256: | E34C9E06CDD656E5B901C1EEDD6D28AA595CEEBD80E3C585218980FBD5A9C473 |
| SHA-512: | 635F58EED8F3AF8E3B167B9B7825589E17F2AA638449961A11C4C54538C8D262FCA7A35001DC3BD1A86AABE7030DDD03E66757AA6B3882AE7C8F99C8AA3389C6 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 776 |
| Entropy (8bit): | 5.108896459592091 |
| Encrypted: | false |
| SSDEEP: | 24:BTuhV7/Rvcgs8BHslgT9lCuABub3m7HHHHHHHYqmffffffo:07RkeKlgZ01Bub2Eqmffffffo |
| MD5: | 8A8F4274D7EAAEFA9422B59EBBF22C29 |
| SHA1: | E2D5072E7282E2104DC2FBF7AFEB608BAD7ACEC9 |
| SHA-256: | 38EABA004A54FF048FE695C9DF96C832B0DC0AE887E8D2D0B168083E32B4BD6E |
| SHA-512: | 8E20F7F3AC93BEAF3D68BF091F59B9394201C385FCC02395E1217CA25655527AE184C4483054F594E9B486988C3B9C4668BFA2D276C3F4B91ED6B211819E40F2 |
| Malicious: | false |
| Reputation: | low |
| URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.966720721766259 |
| TrID: |
|
| File name: | Dragons Dogma 2 v1.0 Plus 36 Trainer.exe |
| File size: | 1'521'664 bytes |
| MD5: | 3412b8b059e693c1a8f0168ca0b07af0 |
| SHA1: | f12f0e1b15a6b1f1766ed891a305dc6db5d82b33 |
| SHA256: | b0b0880f99265d4dd9e98e0a771025e332b993d71808bc83049d2561e25c5a7c |
| SHA512: | 491a728f30bdccece824e4ba1c66a29757898b4fee66d3c8cf0ba405469a7108bb7cb5912d7e44ecb83a5215c2037a95cb28cbed6d2b19f4c1577cf889c76032 |
| SSDEEP: | 24576:+g03sbzROYgyOYBq95eyFpXe2adVPd9E5vPknSiFXYP039PEQs:q3d9eyF82aZ2knxXo09Rs |
| TLSH: | B6659E0767A902FDD1B7A2788D678A02E776B84A07719BCF139085663F537E05E3E720 |
| File Content Preview: | MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........x....sF..sF..sF.apG..sF.avG..sF.awG..sF..sF..sFo.wG..sFo.pG..sFo.vG..sF.K.F..sF.arG..sF..rF..sF.fvG..sF^.zG..sF^..F..sF...F..s |
 | |
| Icon Hash: | f0f8fc7a7eceea30 |
| Entrypoint: | 0x1400774b8 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x140000000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
| DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x660BECA6 [Tue Apr 2 11:31:50 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 6 |
| OS Version Minor: | 0 |
| File Version Major: | 6 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 6 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 9edd5806af294b97d904f4984e1e07fc |
| Instruction |
|---|
| dec eax |
| sub esp, 28h |
| call 00007EFC4C7F8E80h |
| dec eax |
| add esp, 28h |
| jmp 00007EFC4C7F845Fh |
| int3 |
| int3 |
| dec eax |
| sub esp, 28h |
| dec ebp |
| mov eax, dword ptr [ecx+38h] |
| dec eax |
| mov ecx, edx |
| dec ecx |
| mov edx, ecx |
| call 00007EFC4C7F85F2h |
| mov eax, 00000001h |
| dec eax |
| add esp, 28h |
| ret |
| int3 |
| int3 |
| int3 |
| inc eax |
| push ebx |
| inc ebp |
| mov ebx, dword ptr [eax] |
| dec eax |
| mov ebx, edx |
| inc ecx |
| and ebx, FFFFFFF8h |
| dec esp |
| mov ecx, ecx |
| inc ecx |
| test byte ptr [eax], 00000004h |
| dec esp |
| mov edx, ecx |
| je 00007EFC4C7F85F5h |
| inc ecx |
| mov eax, dword ptr [eax+08h] |
| dec ebp |
| arpl word ptr [eax+04h], dx |
| neg eax |
| dec esp |
| add edx, ecx |
| dec eax |
| arpl ax, cx |
| dec esp |
| and edx, ecx |
| dec ecx |
| arpl bx, ax |
| dec edx |
| mov edx, dword ptr [eax+edx] |
| dec eax |
| mov eax, dword ptr [ebx+10h] |
| mov ecx, dword ptr [eax+08h] |
| dec eax |
| mov eax, dword ptr [ebx+08h] |
| test byte ptr [ecx+eax+03h], 0000000Fh |
| je 00007EFC4C7F85EDh |
| movzx eax, byte ptr [ecx+eax+03h] |
| and eax, FFFFFFF0h |
| dec esp |
| add ecx, eax |
| dec esp |
| xor ecx, edx |
| dec ecx |
| mov ecx, ecx |
| pop ebx |
| jmp 00007EFC4C7F7E2Eh |
| int3 |
| dec eax |
| mov eax, esp |
| dec eax |
| mov dword ptr [eax+08h], ebx |
| dec eax |
| mov dword ptr [eax+10h], ebp |
| dec eax |
| mov dword ptr [eax+18h], esi |
| dec eax |
| mov dword ptr [eax+20h], edi |
| inc ecx |
| push esi |
| dec eax |
| sub esp, 20h |
| dec ecx |
| mov ebx, dword ptr [ecx+38h] |
| dec eax |
| mov esi, edx |
| dec ebp |
| mov esi, eax |
| dec eax |
| mov ebp, ecx |
| dec ecx |
| mov edx, ecx |
| dec eax |
| mov ecx, esi |
| dec ecx |
| mov edi, ecx |
| dec esp |
| lea eax, dword ptr [ebx+04h] |
| call 00007EFC4C7F8551h |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0xda268 | 0xdc | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xe9000 | 0x8fca0 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0xe1000 | 0x648c | .pdata |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x179000 | 0xcb0 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0xcc190 | 0x1c | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0xcc380 | 0x28 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xcc050 | 0x140 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0xa5000 | 0x4d8 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0xa3a38 | 0xa3c00 | b38b911c6bd5b2c12ad2780258f8a4ab | False | 0.4914778148854962 | data | 6.424427444402181 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0xa5000 | 0x362da | 0x36400 | 6ccf4f0c82ca041b16d3755bfd034665 | False | 0.4118123559907834 | data | 5.346344269734851 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xdc000 | 0x4b64 | 0x2000 | c3116d3fbc08eb9e5a95934685ed6b3d | False | 0.1710205078125 | data | 3.38544966461813 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .pdata | 0xe1000 | 0x648c | 0x6600 | d274542276dfc0b69de3ad8264f43107 | False | 0.4782092524509804 | data | 5.930921914030751 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| _RDATA | 0xe8000 | 0x1f4 | 0x200 | 4373daa7c407fcd3adc0ae4b172f6575 | False | 0.5078125 | data | 4.183176954274446 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .rsrc | 0xe9000 | 0x8fca0 | 0x8fe00 | 74b13b3b48ec1cdc59fd72395599d90e | False | 0.7977438097306689 | data | 7.6183706890330445 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x179000 | 0xcb0 | 0xe00 | 0cc1b6d3564323ca7f62b417621342ff | False | 0.46372767857142855 | data | 5.252223418677427 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| COVER | 0x13e478 | 0x17797 | data | Chinese | China | 0.9679254505933376 |
| REMOTE | 0x126648 | 0x4 | ISO-8859 text, with no line terminators | Chinese | China | 3.0 |
| REMOTE | 0x155c10 | 0x22e00 | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | English | United States | 0.5019041218637993 |
| UI | 0xe9370 | 0x37c00 | COM executable for DOS | Chinese | China | 0.8628126751681614 |
| WAVE | 0x120f70 | 0x2a02 | RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 11025 Hz | Chinese | China | 0.49386274874465314 |
| WAVE | 0x123978 | 0x2ccc | RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 11025 Hz | Chinese | China | 0.853418207185211 |
| RT_ICON | 0x1269e0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | Chinese | China | 0.8280141843971631 |
| RT_ICON | 0x126e48 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | Chinese | China | 0.7056754221388368 |
| RT_ICON | 0x127ef0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | Chinese | China | 0.6183609958506224 |
| RT_ICON | 0x12a498 | 0x13f9b | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | Chinese | China | 0.9977389114997739 |
| RT_GROUP_ICON | 0x13e438 | 0x3e | data | Chinese | China | 0.7741935483870968 |
| RT_VERSION | 0x126650 | 0x390 | data | Chinese | China | 0.3848684210526316 |
| RT_MANIFEST | 0x178a10 | 0x28d | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.552833078101072 |
| DLL | Import |
|---|---|
| KERNEL32.dll | GetCurrentProcessId, LoadLibraryW, GetProcAddress, GetLastError, CreateFileW, WriteFile, InitializeCriticalSectionEx, DeleteCriticalSection, GetModuleHandleW, DecodePointer, GetModuleFileNameW, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, GetProcessHeap, CreateProcessW, GetTickCount, GetTempPathW, WaitNamedPipeW, ReadFile, GetModuleHandleA, LoadLibraryA, Sleep, WritePrivateProfileStringW, FindResourceW, LoadResource, SizeofResource, LockResource, GetFileAttributesW, LoadLibraryExW, FreeLibrary, MultiByteToWideChar, GetCurrentProcess, IsWow64Process, GetTickCount64, SetLastError, ResumeThread, WaitForSingleObject, GetFileSizeEx, LocalFree, CreateDirectoryW, SetEndOfFile, WriteConsoleW, SetStdHandle, FreeEnvironmentStringsW, GetEnvironmentStringsW, MapViewOfFile, CreateFileMappingW, UnmapViewOfFile, GetPrivateProfileStringW, CloseHandle, GetCommandLineW, GetCommandLineA, FindNextFileW, FindFirstFileExW, FindClose, GetOEMCP, GetACP, IsValidCodePage, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, LCMapStringW, FlsFree, FlsSetValue, FlsGetValue, FlsAlloc, ReadConsoleW, GetConsoleMode, GetConsoleOutputCP, FlushFileBuffers, SetFilePointerEx, WideCharToMultiByte, GetStringTypeW, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, TryAcquireSRWLockExclusive, GetCurrentThreadId, WaitForSingleObjectEx, GetExitCodeThread, EnterCriticalSection, LeaveCriticalSection, EncodePointer, CompareStringEx, GetCPInfo, LCMapStringEx, QueryPerformanceCounter, WakeAllConditionVariable, SleepConditionVariableSRW, GetSystemTimeAsFileTime, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, InitializeSListHead, OutputDebugStringW, RaiseException, RtlUnwindEx, RtlPcToFileHeader, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, CreateThread, ExitThread, FreeLibraryAndExitThread, GetModuleHandleExW, ExitProcess, GetStdHandle, GetFileType, RtlUnwind |
| USER32.dll | MessageBoxA, SetProcessDPIAware, MessageBoxW |
| ADVAPI32.dll | SetEntriesInAclW, ConvertStringSidToSidW, GetNamedSecurityInfoW, SetNamedSecurityInfoW |
| SHELL32.dll | SHGetFolderPathW, ShellExecuteW |
| ole32.dll | CoInitializeEx, CoUninitialize |
| OLEAUT32.dll | SysFreeString, SysAllocString, VariantInit, SafeArrayCreate, SafeArrayAccessData, SafeArrayUnaccessData |
| mscoree.dll | CLRCreateInstance, CorBindToRuntime |
| WININET.dll | InternetOpenUrlA, InternetOpenA, InternetReadFile |
| VERSION.dll | GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW |
| WINMM.dll | PlaySoundW |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| Chinese | China |  |
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 26, 2024 16:20:19.133444071 CEST | 49678 | 443 | 192.168.2.4 | 104.46.162.224 |
| Apr 26, 2024 16:20:20.430378914 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
| Apr 26, 2024 16:20:28.710294008 CEST | 49732 | 443 | 192.168.2.4 | 104.21.85.118 |
| Apr 26, 2024 16:20:28.710351944 CEST | 443 | 49732 | 104.21.85.118 | 192.168.2.4 |
| Apr 26, 2024 16:20:28.710495949 CEST | 49732 | 443 | 192.168.2.4 | 104.21.85.118 |
| Apr 26, 2024 16:20:28.721940041 CEST | 49732 | 443 | 192.168.2.4 | 104.21.85.118 |
| Apr 26, 2024 16:20:28.721961021 CEST | 443 | 49732 | 104.21.85.118 | 192.168.2.4 |
| Apr 26, 2024 16:20:29.004002094 CEST | 443 | 49732 | 104.21.85.118 | 192.168.2.4 |
| Apr 26, 2024 16:20:29.004172087 CEST | 49732 | 443 | 192.168.2.4 | 104.21.85.118 |
| Apr 26, 2024 16:20:29.251521111 CEST | 49732 | 443 | 192.168.2.4 | 104.21.85.118 |
| Apr 26, 2024 16:20:29.251554966 CEST | 443 | 49732 | 104.21.85.118 | 192.168.2.4 |
| Apr 26, 2024 16:20:29.251950026 CEST | 443 | 49732 | 104.21.85.118 | 192.168.2.4 |
| Apr 26, 2024 16:20:29.252019882 CEST | 49732 | 443 | 192.168.2.4 | 104.21.85.118 |
| Apr 26, 2024 16:20:29.254122972 CEST | 49732 | 443 | 192.168.2.4 | 104.21.85.118 |
| Apr 26, 2024 16:20:29.296117067 CEST | 443 | 49732 | 104.21.85.118 | 192.168.2.4 |
| Apr 26, 2024 16:20:29.822905064 CEST | 443 | 49732 | 104.21.85.118 | 192.168.2.4 |
| Apr 26, 2024 16:20:29.822958946 CEST | 49732 | 443 | 192.168.2.4 | 104.21.85.118 |
| Apr 26, 2024 16:20:29.822973967 CEST | 443 | 49732 | 104.21.85.118 | 192.168.2.4 |
| Apr 26, 2024 16:20:29.822988987 CEST | 443 | 49732 | 104.21.85.118 | 192.168.2.4 |
| Apr 26, 2024 16:20:29.823021889 CEST | 49732 | 443 | 192.168.2.4 | 104.21.85.118 |
| Apr 26, 2024 16:20:29.823045015 CEST | 49732 | 443 | 192.168.2.4 | 104.21.85.118 |
| Apr 26, 2024 16:20:29.880256891 CEST | 49733 | 443 | 192.168.2.4 | 104.21.85.118 |
| Apr 26, 2024 16:20:29.880309105 CEST | 443 | 49733 | 104.21.85.118 | 192.168.2.4 |
| Apr 26, 2024 16:20:29.880372047 CEST | 49733 | 443 | 192.168.2.4 | 104.21.85.118 |
| Apr 26, 2024 16:20:30.032752037 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
| Apr 26, 2024 16:20:30.120404005 CEST | 49732 | 443 | 192.168.2.4 | 104.21.85.118 |
| Apr 26, 2024 16:20:30.120426893 CEST | 443 | 49732 | 104.21.85.118 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.126323938 CEST | 49733 | 443 | 192.168.2.4 | 104.21.85.118 |
| Apr 26, 2024 16:20:30.126353025 CEST | 443 | 49733 | 104.21.85.118 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.386040926 CEST | 443 | 49733 | 104.21.85.118 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.386127949 CEST | 49733 | 443 | 192.168.2.4 | 104.21.85.118 |
| Apr 26, 2024 16:20:30.392043114 CEST | 49733 | 443 | 192.168.2.4 | 104.21.85.118 |
| Apr 26, 2024 16:20:30.392055035 CEST | 443 | 49733 | 104.21.85.118 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.392275095 CEST | 49733 | 443 | 192.168.2.4 | 104.21.85.118 |
| Apr 26, 2024 16:20:30.392282963 CEST | 443 | 49733 | 104.21.85.118 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.525537014 CEST | 49738 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.525568008 CEST | 49739 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.525614977 CEST | 443 | 49738 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.525661945 CEST | 443 | 49739 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.525717974 CEST | 49738 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.525732994 CEST | 49739 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.526124954 CEST | 49739 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.526165009 CEST | 443 | 49739 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.526330948 CEST | 49738 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.526371956 CEST | 443 | 49738 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.532902002 CEST | 49740 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.532922029 CEST | 443 | 49740 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.533097029 CEST | 49740 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.533274889 CEST | 49740 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.533287048 CEST | 443 | 49740 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.533749104 CEST | 49741 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.533771992 CEST | 443 | 49741 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.533904076 CEST | 49741 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.533994913 CEST | 49741 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.534003019 CEST | 443 | 49741 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.866194010 CEST | 443 | 49740 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.866403103 CEST | 49740 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.866410971 CEST | 443 | 49740 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.867364883 CEST | 443 | 49740 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.867423058 CEST | 49740 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.867728949 CEST | 443 | 49738 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.868187904 CEST | 49738 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.868206024 CEST | 443 | 49738 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.868477106 CEST | 49740 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.868536949 CEST | 443 | 49740 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.868637085 CEST | 49740 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.868643045 CEST | 443 | 49740 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.869653940 CEST | 443 | 49738 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.869720936 CEST | 49738 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.870744944 CEST | 49738 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.870824099 CEST | 443 | 49738 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.871033907 CEST | 49738 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.871041059 CEST | 443 | 49738 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.916843891 CEST | 443 | 49739 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.917222023 CEST | 49739 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.917283058 CEST | 443 | 49739 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.918328047 CEST | 443 | 49739 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.918390989 CEST | 49739 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.918679953 CEST | 49739 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.918757915 CEST | 443 | 49739 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.918806076 CEST | 49739 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.918840885 CEST | 49740 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.918872118 CEST | 49738 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.922689915 CEST | 443 | 49741 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.923026085 CEST | 49741 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.923036098 CEST | 443 | 49741 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.924463987 CEST | 443 | 49741 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.924571991 CEST | 49741 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.924806118 CEST | 49741 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.924881935 CEST | 443 | 49741 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.925057888 CEST | 49741 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.925062895 CEST | 443 | 49741 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.960176945 CEST | 443 | 49739 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.961898088 CEST | 49739 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:30.961954117 CEST | 443 | 49739 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:31.122154951 CEST | 443 | 49733 | 104.21.85.118 | 192.168.2.4 |
| Apr 26, 2024 16:20:31.122232914 CEST | 443 | 49733 | 104.21.85.118 | 192.168.2.4 |
| Apr 26, 2024 16:20:31.122391939 CEST | 49733 | 443 | 192.168.2.4 | 104.21.85.118 |
| Apr 26, 2024 16:20:31.132121086 CEST | 443 | 49741 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:31.134566069 CEST | 49741 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:31.154086113 CEST | 49739 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:31.210366011 CEST | 443 | 49740 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:31.210398912 CEST | 443 | 49740 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:31.210441113 CEST | 49740 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:31.210453987 CEST | 443 | 49740 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:31.211672068 CEST | 443 | 49740 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:31.211719990 CEST | 49740 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:31.565437078 CEST | 443 | 49739 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:31.565519094 CEST | 443 | 49739 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:31.565598011 CEST | 49739 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:31.565598011 CEST | 49739 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:31.607965946 CEST | 443 | 49741 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:31.608134031 CEST | 49741 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:31.608146906 CEST | 443 | 49741 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:31.608752966 CEST | 443 | 49741 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:31.608792067 CEST | 49741 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:31.673435926 CEST | 443 | 49738 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:31.673526049 CEST | 49738 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:31.673636913 CEST | 443 | 49738 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:31.673818111 CEST | 443 | 49738 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:31.673866034 CEST | 49738 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:32.182888031 CEST | 49733 | 443 | 192.168.2.4 | 104.21.85.118 |
| Apr 26, 2024 16:20:32.182941914 CEST | 443 | 49733 | 104.21.85.118 | 192.168.2.4 |
| Apr 26, 2024 16:20:32.208604097 CEST | 49738 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:32.208664894 CEST | 443 | 49738 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:32.336611032 CEST | 49741 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:32.336630106 CEST | 443 | 49741 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:32.337302923 CEST | 49739 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:32.337380886 CEST | 443 | 49739 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:32.341870070 CEST | 49740 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:32.341882944 CEST | 443 | 49740 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:32.345422029 CEST | 49743 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:32.345458984 CEST | 443 | 49743 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:32.345510960 CEST | 49743 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:32.346101046 CEST | 49744 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:32.346107960 CEST | 443 | 49744 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:32.346157074 CEST | 49744 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:32.346591949 CEST | 49743 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:32.346606016 CEST | 443 | 49743 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:32.346801996 CEST | 49744 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:32.346808910 CEST | 443 | 49744 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:32.677767038 CEST | 443 | 49743 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:32.678050995 CEST | 49743 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:32.678076029 CEST | 443 | 49743 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:32.678786039 CEST | 443 | 49743 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:32.679693937 CEST | 49743 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:32.679785967 CEST | 443 | 49743 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:32.679938078 CEST | 49743 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:32.720156908 CEST | 443 | 49743 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:32.737673044 CEST | 443 | 49744 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:32.737885952 CEST | 49744 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:32.737894058 CEST | 443 | 49744 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:32.738212109 CEST | 443 | 49744 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:32.738481045 CEST | 49744 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:32.738534927 CEST | 443 | 49744 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:32.738645077 CEST | 49744 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:32.780114889 CEST | 443 | 49744 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:33.008954048 CEST | 443 | 49743 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:33.009007931 CEST | 443 | 49743 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:33.009054899 CEST | 49743 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:33.009073973 CEST | 443 | 49743 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:33.009160995 CEST | 443 | 49743 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:33.009222984 CEST | 49743 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:33.010157108 CEST | 49743 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:33.010174990 CEST | 443 | 49743 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:33.049576998 CEST | 49746 | 443 | 192.168.2.4 | 23.204.76.112 |
| Apr 26, 2024 16:20:33.049621105 CEST | 443 | 49746 | 23.204.76.112 | 192.168.2.4 |
| Apr 26, 2024 16:20:33.049689054 CEST | 49746 | 443 | 192.168.2.4 | 23.204.76.112 |
| Apr 26, 2024 16:20:33.050695896 CEST | 49746 | 443 | 192.168.2.4 | 23.204.76.112 |
| Apr 26, 2024 16:20:33.050713062 CEST | 443 | 49746 | 23.204.76.112 | 192.168.2.4 |
| Apr 26, 2024 16:20:33.127366066 CEST | 443 | 49744 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:33.127409935 CEST | 443 | 49744 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:33.127444029 CEST | 49744 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:33.127451897 CEST | 443 | 49744 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:33.127516031 CEST | 443 | 49744 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:33.127554893 CEST | 49744 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:33.131567955 CEST | 49744 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:33.131573915 CEST | 443 | 49744 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:33.314933062 CEST | 443 | 49746 | 23.204.76.112 | 192.168.2.4 |
| Apr 26, 2024 16:20:33.315001965 CEST | 49746 | 443 | 192.168.2.4 | 23.204.76.112 |
| Apr 26, 2024 16:20:33.318177938 CEST | 49746 | 443 | 192.168.2.4 | 23.204.76.112 |
| Apr 26, 2024 16:20:33.318190098 CEST | 443 | 49746 | 23.204.76.112 | 192.168.2.4 |
| Apr 26, 2024 16:20:33.318589926 CEST | 443 | 49746 | 23.204.76.112 | 192.168.2.4 |
| Apr 26, 2024 16:20:33.358352900 CEST | 49746 | 443 | 192.168.2.4 | 23.204.76.112 |
| Apr 26, 2024 16:20:33.404114962 CEST | 443 | 49746 | 23.204.76.112 | 192.168.2.4 |
| Apr 26, 2024 16:20:33.557495117 CEST | 443 | 49746 | 23.204.76.112 | 192.168.2.4 |
| Apr 26, 2024 16:20:33.557802916 CEST | 49746 | 443 | 192.168.2.4 | 23.204.76.112 |
| Apr 26, 2024 16:20:33.557840109 CEST | 443 | 49746 | 23.204.76.112 | 192.168.2.4 |
| Apr 26, 2024 16:20:33.557856083 CEST | 49746 | 443 | 192.168.2.4 | 23.204.76.112 |
| Apr 26, 2024 16:20:33.558012962 CEST | 443 | 49746 | 23.204.76.112 | 192.168.2.4 |
| Apr 26, 2024 16:20:33.558056116 CEST | 443 | 49746 | 23.204.76.112 | 192.168.2.4 |
| Apr 26, 2024 16:20:33.558114052 CEST | 49746 | 443 | 192.168.2.4 | 23.204.76.112 |
| Apr 26, 2024 16:20:33.597867966 CEST | 49747 | 443 | 192.168.2.4 | 23.204.76.112 |
| Apr 26, 2024 16:20:33.597946882 CEST | 443 | 49747 | 23.204.76.112 | 192.168.2.4 |
| Apr 26, 2024 16:20:33.598063946 CEST | 49747 | 443 | 192.168.2.4 | 23.204.76.112 |
| Apr 26, 2024 16:20:33.598534107 CEST | 49747 | 443 | 192.168.2.4 | 23.204.76.112 |
| Apr 26, 2024 16:20:33.598608017 CEST | 443 | 49747 | 23.204.76.112 | 192.168.2.4 |
| Apr 26, 2024 16:20:33.854331970 CEST | 443 | 49747 | 23.204.76.112 | 192.168.2.4 |
| Apr 26, 2024 16:20:33.854449987 CEST | 49747 | 443 | 192.168.2.4 | 23.204.76.112 |
| Apr 26, 2024 16:20:33.855551958 CEST | 49747 | 443 | 192.168.2.4 | 23.204.76.112 |
| Apr 26, 2024 16:20:33.855580091 CEST | 443 | 49747 | 23.204.76.112 | 192.168.2.4 |
| Apr 26, 2024 16:20:33.855915070 CEST | 443 | 49747 | 23.204.76.112 | 192.168.2.4 |
| Apr 26, 2024 16:20:33.856910944 CEST | 49747 | 443 | 192.168.2.4 | 23.204.76.112 |
| Apr 26, 2024 16:20:33.904115915 CEST | 443 | 49747 | 23.204.76.112 | 192.168.2.4 |
| Apr 26, 2024 16:20:34.103712082 CEST | 443 | 49747 | 23.204.76.112 | 192.168.2.4 |
| Apr 26, 2024 16:20:34.103781939 CEST | 443 | 49747 | 23.204.76.112 | 192.168.2.4 |
| Apr 26, 2024 16:20:34.103832960 CEST | 49747 | 443 | 192.168.2.4 | 23.204.76.112 |
| Apr 26, 2024 16:20:34.104490995 CEST | 49747 | 443 | 192.168.2.4 | 23.204.76.112 |
| Apr 26, 2024 16:20:34.104510069 CEST | 443 | 49747 | 23.204.76.112 | 192.168.2.4 |
| Apr 26, 2024 16:20:34.104525089 CEST | 49747 | 443 | 192.168.2.4 | 23.204.76.112 |
| Apr 26, 2024 16:20:34.104532003 CEST | 443 | 49747 | 23.204.76.112 | 192.168.2.4 |
| Apr 26, 2024 16:20:34.385025978 CEST | 49748 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:34.385103941 CEST | 443 | 49748 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:34.388220072 CEST | 49748 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:34.392616034 CEST | 49748 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:34.392687082 CEST | 443 | 49748 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:34.787046909 CEST | 443 | 49748 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:34.787482977 CEST | 49748 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:34.787524939 CEST | 443 | 49748 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:34.789010048 CEST | 443 | 49748 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:34.792618990 CEST | 49748 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:34.792696953 CEST | 443 | 49748 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:34.959986925 CEST | 49748 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:42.550079107 CEST | 49749 | 443 | 192.168.2.4 | 20.114.59.183 |
| Apr 26, 2024 16:20:42.550163984 CEST | 443 | 49749 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:20:42.550260067 CEST | 49749 | 443 | 192.168.2.4 | 20.114.59.183 |
| Apr 26, 2024 16:20:42.551604033 CEST | 49749 | 443 | 192.168.2.4 | 20.114.59.183 |
| Apr 26, 2024 16:20:42.551641941 CEST | 443 | 49749 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:20:43.173324108 CEST | 443 | 49749 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:20:43.173410892 CEST | 49749 | 443 | 192.168.2.4 | 20.114.59.183 |
| Apr 26, 2024 16:20:43.175184011 CEST | 49749 | 443 | 192.168.2.4 | 20.114.59.183 |
| Apr 26, 2024 16:20:43.175224066 CEST | 443 | 49749 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:20:43.175467968 CEST | 443 | 49749 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:20:43.314694881 CEST | 49749 | 443 | 192.168.2.4 | 20.114.59.183 |
| Apr 26, 2024 16:20:43.629059076 CEST | 49749 | 443 | 192.168.2.4 | 20.114.59.183 |
| Apr 26, 2024 16:20:43.672158957 CEST | 443 | 49749 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:20:44.032936096 CEST | 443 | 49749 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:20:44.032962084 CEST | 443 | 49749 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:20:44.032969952 CEST | 443 | 49749 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:20:44.032984972 CEST | 443 | 49749 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:20:44.032991886 CEST | 443 | 49749 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:20:44.032998085 CEST | 443 | 49749 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:20:44.033051014 CEST | 49749 | 443 | 192.168.2.4 | 20.114.59.183 |
| Apr 26, 2024 16:20:44.033137083 CEST | 443 | 49749 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:20:44.033180952 CEST | 49749 | 443 | 192.168.2.4 | 20.114.59.183 |
| Apr 26, 2024 16:20:44.033205032 CEST | 49749 | 443 | 192.168.2.4 | 20.114.59.183 |
| Apr 26, 2024 16:20:44.033502102 CEST | 443 | 49749 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:20:44.033509016 CEST | 443 | 49749 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:20:44.033565998 CEST | 49749 | 443 | 192.168.2.4 | 20.114.59.183 |
| Apr 26, 2024 16:20:44.033581972 CEST | 443 | 49749 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:20:44.033607006 CEST | 443 | 49749 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:20:44.033655882 CEST | 49749 | 443 | 192.168.2.4 | 20.114.59.183 |
| Apr 26, 2024 16:20:44.325748920 CEST | 49749 | 443 | 192.168.2.4 | 20.114.59.183 |
| Apr 26, 2024 16:20:44.325797081 CEST | 443 | 49749 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:20:44.325840950 CEST | 49749 | 443 | 192.168.2.4 | 20.114.59.183 |
| Apr 26, 2024 16:20:44.325862885 CEST | 443 | 49749 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:20:44.767432928 CEST | 443 | 49748 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:44.767606020 CEST | 443 | 49748 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:20:44.767999887 CEST | 49748 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:44.789403915 CEST | 49748 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:20:44.789433956 CEST | 443 | 49748 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:21:21.334496975 CEST | 49755 | 443 | 192.168.2.4 | 20.114.59.183 |
| Apr 26, 2024 16:21:21.334523916 CEST | 443 | 49755 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:21:21.334589005 CEST | 49755 | 443 | 192.168.2.4 | 20.114.59.183 |
| Apr 26, 2024 16:21:21.335042953 CEST | 49755 | 443 | 192.168.2.4 | 20.114.59.183 |
| Apr 26, 2024 16:21:21.335055113 CEST | 443 | 49755 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:21:21.961611986 CEST | 443 | 49755 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:21:21.961678028 CEST | 49755 | 443 | 192.168.2.4 | 20.114.59.183 |
| Apr 26, 2024 16:21:21.966972113 CEST | 49755 | 443 | 192.168.2.4 | 20.114.59.183 |
| Apr 26, 2024 16:21:21.966981888 CEST | 443 | 49755 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:21:21.967317104 CEST | 443 | 49755 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:21:21.978626013 CEST | 49755 | 443 | 192.168.2.4 | 20.114.59.183 |
| Apr 26, 2024 16:21:22.024116993 CEST | 443 | 49755 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:21:22.567640066 CEST | 443 | 49755 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:21:22.567701101 CEST | 443 | 49755 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:21:22.567758083 CEST | 443 | 49755 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:21:22.567776918 CEST | 49755 | 443 | 192.168.2.4 | 20.114.59.183 |
| Apr 26, 2024 16:21:22.567796946 CEST | 443 | 49755 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:21:22.567830086 CEST | 49755 | 443 | 192.168.2.4 | 20.114.59.183 |
| Apr 26, 2024 16:21:22.567852974 CEST | 49755 | 443 | 192.168.2.4 | 20.114.59.183 |
| Apr 26, 2024 16:21:22.567965984 CEST | 443 | 49755 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:21:22.568027020 CEST | 443 | 49755 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:21:22.568038940 CEST | 49755 | 443 | 192.168.2.4 | 20.114.59.183 |
| Apr 26, 2024 16:21:22.568058968 CEST | 443 | 49755 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:21:22.568113089 CEST | 49755 | 443 | 192.168.2.4 | 20.114.59.183 |
| Apr 26, 2024 16:21:22.568160057 CEST | 443 | 49755 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:21:22.568278074 CEST | 443 | 49755 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:21:22.568325043 CEST | 49755 | 443 | 192.168.2.4 | 20.114.59.183 |
| Apr 26, 2024 16:21:22.573985100 CEST | 49755 | 443 | 192.168.2.4 | 20.114.59.183 |
| Apr 26, 2024 16:21:22.574004889 CEST | 443 | 49755 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:21:22.574017048 CEST | 49755 | 443 | 192.168.2.4 | 20.114.59.183 |
| Apr 26, 2024 16:21:22.574023008 CEST | 443 | 49755 | 20.114.59.183 | 192.168.2.4 |
| Apr 26, 2024 16:21:34.453047037 CEST | 49757 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:21:34.453100920 CEST | 443 | 49757 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:21:34.453171015 CEST | 49757 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:21:34.456871986 CEST | 49757 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:21:34.456887007 CEST | 443 | 49757 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:21:34.845963001 CEST | 443 | 49757 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:21:34.846206903 CEST | 49757 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:21:34.846225977 CEST | 443 | 49757 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:21:34.846921921 CEST | 443 | 49757 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:21:34.847238064 CEST | 49757 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:21:34.847326040 CEST | 443 | 49757 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:21:34.897721052 CEST | 49757 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:21:38.085982084 CEST | 49723 | 80 | 192.168.2.4 | 199.232.214.172 |
| Apr 26, 2024 16:21:38.086049080 CEST | 49724 | 80 | 192.168.2.4 | 199.232.214.172 |
| Apr 26, 2024 16:21:38.217823982 CEST | 80 | 49724 | 199.232.214.172 | 192.168.2.4 |
| Apr 26, 2024 16:21:38.217881918 CEST | 80 | 49724 | 199.232.214.172 | 192.168.2.4 |
| Apr 26, 2024 16:21:38.218019962 CEST | 49724 | 80 | 192.168.2.4 | 199.232.214.172 |
| Apr 26, 2024 16:21:38.222282887 CEST | 80 | 49723 | 199.232.214.172 | 192.168.2.4 |
| Apr 26, 2024 16:21:38.222320080 CEST | 80 | 49723 | 199.232.214.172 | 192.168.2.4 |
| Apr 26, 2024 16:21:38.222378969 CEST | 49723 | 80 | 192.168.2.4 | 199.232.214.172 |
| Apr 26, 2024 16:21:44.835709095 CEST | 443 | 49757 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:21:44.835874081 CEST | 443 | 49757 | 142.250.64.196 | 192.168.2.4 |
| Apr 26, 2024 16:21:44.835937023 CEST | 49757 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:21:46.790229082 CEST | 49757 | 443 | 192.168.2.4 | 142.250.64.196 |
| Apr 26, 2024 16:21:46.790258884 CEST | 443 | 49757 | 142.250.64.196 | 192.168.2.4 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 26, 2024 16:20:28.549029112 CEST | 53188 | 53 | 192.168.2.4 | 1.1.1.1 |
| Apr 26, 2024 16:20:28.676650047 CEST | 53 | 53188 | 1.1.1.1 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.245697021 CEST | 53 | 57598 | 1.1.1.1 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.394778967 CEST | 61509 | 53 | 192.168.2.4 | 1.1.1.1 |
| Apr 26, 2024 16:20:30.394939899 CEST | 49509 | 53 | 192.168.2.4 | 1.1.1.1 |
| Apr 26, 2024 16:20:30.467047930 CEST | 53 | 62097 | 1.1.1.1 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.519711971 CEST | 53 | 49509 | 1.1.1.1 | 192.168.2.4 |
| Apr 26, 2024 16:20:30.520030975 CEST | 53 | 61509 | 1.1.1.1 | 192.168.2.4 |
| Apr 26, 2024 16:20:32.464473009 CEST | 53 | 53471 | 1.1.1.1 | 192.168.2.4 |
| Apr 26, 2024 16:20:49.706403971 CEST | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
| Apr 26, 2024 16:20:52.196911097 CEST | 53 | 51991 | 1.1.1.1 | 192.168.2.4 |
| Apr 26, 2024 16:21:10.945832014 CEST | 53 | 57873 | 1.1.1.1 | 192.168.2.4 |
| Apr 26, 2024 16:21:29.776256084 CEST | 53 | 58256 | 1.1.1.1 | 192.168.2.4 |
| Apr 26, 2024 16:21:34.191739082 CEST | 53 | 54622 | 1.1.1.1 | 192.168.2.4 |
| Apr 26, 2024 16:21:57.857764959 CEST | 53 | 55853 | 1.1.1.1 | 192.168.2.4 |
| Apr 26, 2024 16:22:44.477344990 CEST | 53 | 51236 | 1.1.1.1 | 192.168.2.4 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Apr 26, 2024 16:20:28.549029112 CEST | 192.168.2.4 | 1.1.1.1 | 0x8958 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Apr 26, 2024 16:20:30.394778967 CEST | 192.168.2.4 | 1.1.1.1 | 0x6b4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Apr 26, 2024 16:20:30.394939899 CEST | 192.168.2.4 | 1.1.1.1 | 0x7963 | Standard query (0) | 65 | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Apr 26, 2024 16:20:28.676650047 CEST | 1.1.1.1 | 192.168.2.4 | 0x8958 | No error (0) | 104.21.85.118 | A (IP address) | IN (0x0001) | false | ||
| Apr 26, 2024 16:20:28.676650047 CEST | 1.1.1.1 | 192.168.2.4 | 0x8958 | No error (0) | 172.67.205.150 | A (IP address) | IN (0x0001) | false | ||
| Apr 26, 2024 16:20:30.519711971 CEST | 1.1.1.1 | 192.168.2.4 | 0x7963 | No error (0) | 65 | IN (0x0001) | false | |||
| Apr 26, 2024 16:20:30.520030975 CEST | 1.1.1.1 | 192.168.2.4 | 0x6b4 | No error (0) | 142.250.64.196 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49732 | 104.21.85.118 | 443 | 7404 | C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-26 14:20:29 UTC | 122 | OUT | |
| 2024-04-26 14:20:29 UTC | 791 | IN | |
| 2024-04-26 14:20:29 UTC | 6 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49733 | 104.21.85.118 | 443 | 7404 | C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-26 14:20:30 UTC | 127 | OUT | |
| 2024-04-26 14:20:31 UTC | 793 | IN | |
| 2024-04-26 14:20:31 UTC | 9 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 49740 | 142.250.64.196 | 443 | 7820 | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-26 14:20:30 UTC | 607 | OUT | |
| 2024-04-26 14:20:31 UTC | 1703 | IN | |
| 2024-04-26 14:20:31 UTC | 783 | IN | |
| 2024-04-26 14:20:31 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.4 | 49738 | 142.250.64.196 | 443 | 7820 | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-26 14:20:30 UTC | 353 | OUT | |
| 2024-04-26 14:20:31 UTC | 1816 | IN | |
| 2024-04-26 14:20:31 UTC | 427 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.4 | 49739 | 142.250.64.196 | 443 | 7820 | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-26 14:20:30 UTC | 510 | OUT | |
| 2024-04-26 14:20:31 UTC | 1843 | IN | |
| 2024-04-26 14:20:31 UTC | 458 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.4 | 49741 | 142.250.64.196 | 443 | 7820 | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-26 14:20:30 UTC | 353 | OUT | |
| 2024-04-26 14:20:31 UTC | 1761 | IN | |
| 2024-04-26 14:20:31 UTC | 417 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.4 | 49743 | 142.250.64.196 | 443 | 7820 | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-26 14:20:32 UTC | 738 | OUT | |
| 2024-04-26 14:20:33 UTC | 356 | IN | |
| 2024-04-26 14:20:33 UTC | 899 | IN | |
| 2024-04-26 14:20:33 UTC | 1255 | IN | |
| 2024-04-26 14:20:33 UTC | 960 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.4 | 49744 | 142.250.64.196 | 443 | 7820 | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-26 14:20:32 UTC | 912 | OUT | |
| 2024-04-26 14:20:33 UTC | 356 | IN | |
| 2024-04-26 14:20:33 UTC | 899 | IN | |
| 2024-04-26 14:20:33 UTC | 1255 | IN | |
| 2024-04-26 14:20:33 UTC | 1032 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.4 | 49746 | 23.204.76.112 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-26 14:20:33 UTC | 161 | OUT | |
| 2024-04-26 14:20:33 UTC | 466 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.4 | 49747 | 23.204.76.112 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-26 14:20:33 UTC | 239 | OUT | |
| 2024-04-26 14:20:34 UTC | 530 | IN | |
| 2024-04-26 14:20:34 UTC | 55 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.4 | 49749 | 20.114.59.183 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-26 14:20:43 UTC | 306 | OUT | |
| 2024-04-26 14:20:44 UTC | 560 | IN | |
| 2024-04-26 14:20:44 UTC | 15824 | IN | |
| 2024-04-26 14:20:44 UTC | 8666 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.4 | 49755 | 20.114.59.183 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-26 14:21:21 UTC | 306 | OUT | |
| 2024-04-26 14:21:22 UTC | 560 | IN | |
| 2024-04-26 14:21:22 UTC | 15824 | IN | |
| 2024-04-26 14:21:22 UTC | 9633 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 16:20:23 |
| Start date: | 26/04/2024 |
| Path: | C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7c9290000 |
| File size: | 1'521'664 bytes |
| MD5 hash: | 3412B8B059E693C1A8F0168CA0B07AF0 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
| Target ID: | 2 |
| Start time: | 16:20:27 |
| Start date: | 26/04/2024 |
| Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff76e190000 |
| File size: | 3'242'272 bytes |
| MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 3 |
| Start time: | 16:20:28 |
| Start date: | 26/04/2024 |
| Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff76e190000 |
| File size: | 3'242'272 bytes |
| MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 7.6% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 0% |
| Total number of Nodes: | 5 |
| Total number of Limit Nodes: | 1 |
Graph
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9B79DF40 Relevance: .1, Instructions: 138COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |