Analysis Report file.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security |
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
Click to see the 2 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Antivirus / Scanner detection for submitted sample | Show sources |
Source: | Avira: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | File opened: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Installs a global keyboard hook | Show sources |
Source: | Windows user hook set: |
Source: | Window created: |
Spam, unwanted Advertisements and Ransom Demands: |
---|
Modifies the hosts file | Show sources |
Source: | File written: | Jump to behavior |
System Summary: |
---|
.NET source code contains very large array initializations | Show sources |
Source: | Large array initialization: | ||
Source: | Large array initialization: | ||
Source: | Large array initialization: |
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | Code function: | ||
Source: | Code function: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | WMI Queries: |
Source: | Key opened: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Key value queried: |
Source: | File opened: |
Source: | Key opened: |
Source: | Static PE information: |
Source: | File opened: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: |
Source: | Registry key monitored for changes: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Malware Analysis System Evasion: |
---|
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Source: | Thread delayed: |
Source: | Thread sleep time: | ||
Source: | Thread sleep count: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep count: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: |
Source: | WMI Queries: |
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: |
Source: | Code function: |
Source: | Process token adjusted: |
Source: | Memory allocated: |
HIPS / PFW / Operating System Protection Evasion: |
---|
Modifies the hosts file | Show sources |
Source: | File written: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | ||
Source: | Queries volume information: |
Source: | Key value queried: |
Lowering of HIPS / PFW / Operating System Security Settings: |
---|
Modifies the hosts file | Show sources |
Source: | File written: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | ||
Source: | File opened: |
Tries to steal Mail credentials (via file access) | Show sources |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | Key opened: | ||
Source: | Key opened: |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | Path Interception | Access Token Manipulation1 | Masquerading1 | OS Credential Dumping2 | Query Registry1 | Remote Services | Email Collection1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Process Injection1 | File and Directory Permissions Modification1 | Input Capture11 | Security Software Discovery111 | Remote Desktop Protocol | Input Capture11 | Exfiltration Over Bluetooth | Non-Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Virtualization/Sandbox Evasion13 | Credentials in Registry1 | Virtualization/Sandbox Evasion13 | SMB/Windows Admin Shares | Archive Collected Data11 | Automated Exfiltration | Application Layer Protocol11 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Disable or Modify Tools1 | NTDS | Process Discovery2 | Distributed Component Object Model | Data from Local System2 | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Access Token Manipulation1 | LSA Secrets | System Information Discovery115 | SSH | Clipboard Data1 | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Process Injection1 | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Deobfuscate/Decode Files or Information1 | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Obfuscated Files or Information1 | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
54% | Virustotal | Browse | ||
48% | ReversingLabs | ByteCode-MSIL.Infostealer.DarkStealer | ||
100% | Avira | TR/Spy.Gen8 | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1138205 | Download File | ||
100% | Avira | HEUR/AGEN.1138205 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false |
| low | ||
false |
| low | ||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
64.188.18.218 | unknown | United States | 8100 | ASN-QUADRANET-GLOBALUS | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Red Diamond |
Analysis ID: | 339128 |
Start date: | 13.01.2021 |
Start time: | 15:24:47 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 52s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | file.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 29 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.adwa.spyw.evad.winEXE@1/2@0/1 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
15:25:45 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
64.188.18.218 | Get hash | malicious | Browse |
|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ASN-QUADRANET-GLOBALUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | modified |
Size (bytes): | 20480 |
Entropy (8bit): | 0.698304057893793 |
Encrypted: | false |
SSDEEP: | 24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoIL4rtEy80:T5LLOpEO5J/Kn7U1uBoI+j |
MD5: | 3806E8153A55C1A2DA0B09461A9C882A |
SHA1: | BD98AB2FB5E18FD94DC24BCE875087B5C3BB2F72 |
SHA-256: | 366E8B53CE8CC27C0980AC532C2E9D372399877931AB0CEA075C62B3CB0F82BE |
SHA-512: | 31E96CC89795D80390432062466D542DBEA7DF31E3E8676DF370381BEDC720948085AD495A735FBDB75071DE45F3B8E470D809E863664990A79DEE8ADC648F1C |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11 |
Entropy (8bit): | 2.663532754804255 |
Encrypted: | false |
SSDEEP: | 3:iLE:iLE |
MD5: | B24D295C1F84ECBFB566103374FB91C5 |
SHA1: | 6A750D3F8B45C240637332071D34B403FA1FF55A |
SHA-256: | 4DC7B65075FBC5B5421551F0CB814CAFDC8CACA5957D393C222EE388B6F405F4 |
SHA-512: | 9BE279BFA70A859608B50EF5D30BF2345F334E5F433C410EA6A188DCAB395BFF50C95B165177E59A29261464871C11F903A9ECE55B2D900FE49A9F3C49EB88FA |
Malicious: | true |
Reputation: | moderate, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.065431778211596 |
TrID: |
|
File name: | file.exe |
File size: | 221184 |
MD5: | 2e1fcfb191508fc51320313d059bd30d |
SHA1: | 18254fc83a340ca9562844542425ed7f995bff4a |
SHA256: | 5dd60a5a2e5f074435cb438d3e229d1a3c4e4ef35c9c886a356b52aeb83265cd |
SHA512: | 3c441d1ce951aa84af2a179372445aa89a10780e51742b3d77679cd831735416040c5dfe52b1644c6b71d885a80add0264310aba9a40fed9679bee69c5f497fd |
SSDEEP: | 3072:9+6f5r9AGcfqVIN6uKWqu6XqXn1U/5aB250tS7xKrRkgF973P4tXJVgX3BmlMTSz:lrSN6uKWqu6XKUk80eQrN90tXLGB7kU |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......_.................X...........v... ........@.. ....................................@................................ |
File Icon |
---|
Icon Hash: | 00828e8e8686b000 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4376ee |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x5FFE0BD9 [Tue Jan 12 20:51:37 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v2.0.50727 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Entrypoint Preview |
---|
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x37698 | 0x53 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x38000 | 0x320 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x3a000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x356f4 | 0x35800 | False | 0.446307316005 | data | 6.08802155007 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rsrc | 0x38000 | 0x320 | 0x400 | False | 0.333984375 | data | 2.64450656248 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x3a000 | 0xc | 0x200 | False | 0.044921875 | data | 0.101910425663 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0x38058 | 0x2c4 | data |
Imports |
---|
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
LegalCopyright | |
Assembly Version | 0.0.0.0 |
InternalName | EZTKkaWdprxlDwjYETFCzOmRFvHFnuJlnmFKCb.exe |
FileVersion | 0.0.0.0 |
ProductVersion | 0.0.0.0 |
FileDescription | |
OriginalFilename | EZTKkaWdprxlDwjYETFCzOmRFvHFnuJlnmFKCb.exe |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 13, 2021 15:25:55.228244066 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:55.349989891 CET | 80 | 49723 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:55.350079060 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:55.350589037 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:55.474633932 CET | 80 | 49723 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:55.476967096 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:55.617844105 CET | 80 | 49723 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:55.666079044 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:55.905258894 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:56.027893066 CET | 80 | 49723 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:56.028623104 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:56.162298918 CET | 80 | 49723 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:56.213048935 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:56.257822990 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:56.258789062 CET | 49725 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:56.380007029 CET | 80 | 49725 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:56.380215883 CET | 49725 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:56.380515099 CET | 49725 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:56.380883932 CET | 80 | 49723 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:56.381272078 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:56.502382040 CET | 80 | 49725 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:56.503310919 CET | 49725 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:56.510795116 CET | 80 | 49723 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:56.556725025 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:56.566768885 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:56.636444092 CET | 80 | 49725 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:56.681853056 CET | 49725 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:56.689863920 CET | 80 | 49723 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:56.690540075 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:56.825656891 CET | 80 | 49723 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:56.869580030 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:56.941735983 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:56.945796967 CET | 49725 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:57.064477921 CET | 80 | 49723 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:57.065294027 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:57.067745924 CET | 80 | 49725 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:57.068332911 CET | 49725 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:57.199958086 CET | 80 | 49723 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:57.203958988 CET | 80 | 49725 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:57.244484901 CET | 49725 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:57.244498968 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:57.346235037 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:57.468792915 CET | 80 | 49723 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:57.469472885 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:57.605859041 CET | 80 | 49723 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:57.650770903 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:57.769373894 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:57.769598961 CET | 49725 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:57.772675037 CET | 49726 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:57.890934944 CET | 80 | 49725 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:57.891892910 CET | 80 | 49725 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:57.892000914 CET | 49725 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:57.892334938 CET | 80 | 49723 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:57.892963886 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:57.894346952 CET | 80 | 49726 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:57.894489050 CET | 49726 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:57.895196915 CET | 49726 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:58.027132034 CET | 80 | 49726 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:58.028126001 CET | 49726 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:58.028990984 CET | 80 | 49723 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:58.072525978 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:58.160243034 CET | 80 | 49726 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:58.201308012 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:58.213145018 CET | 49726 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:58.323940992 CET | 80 | 49723 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:58.324388981 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:58.455132008 CET | 80 | 49723 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:58.510032892 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:58.686863899 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:58.687722921 CET | 49726 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:58.809994936 CET | 80 | 49723 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:58.810381889 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:58.810641050 CET | 80 | 49726 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:58.811455011 CET | 49726 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:58.946628094 CET | 80 | 49726 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:58.946995974 CET | 80 | 49723 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:58.994509935 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:58.994509935 CET | 49726 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:59.204927921 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:59.327625990 CET | 80 | 49723 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:59.328502893 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:59.461541891 CET | 80 | 49723 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:59.510200024 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:59.753753901 CET | 49726 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:59.753940105 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:59.755278111 CET | 49727 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:59.875802994 CET | 80 | 49726 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:59.875842094 CET | 80 | 49726 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:59.876024008 CET | 49726 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:59.876847982 CET | 80 | 49723 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:59.877163887 CET | 80 | 49727 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:25:59.877552986 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:59.877672911 CET | 49727 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:25:59.879075050 CET | 49727 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:26:00.016755104 CET | 80 | 49723 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:26:00.017774105 CET | 80 | 49727 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:26:00.018773079 CET | 49727 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:26:00.057291985 CET | 49723 | 80 | 192.168.2.5 | 64.188.18.218 |
Jan 13, 2021 15:26:00.148861885 CET | 80 | 49727 | 64.188.18.218 | 192.168.2.5 |
Jan 13, 2021 15:26:00.197804928 CET | 49727 | 80 | 192.168.2.5 | 64.188.18.218 |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.5 | 49723 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 13, 2021 15:25:55.350589037 CET | 694 | OUT | |
Jan 13, 2021 15:25:55.474633932 CET | 695 | IN | |
Jan 13, 2021 15:25:55.617844105 CET | 702 | IN | |
Jan 13, 2021 15:25:55.905258894 CET | 704 | OUT | |
Jan 13, 2021 15:25:56.027893066 CET | 704 | IN | |
Jan 13, 2021 15:25:56.162298918 CET | 705 | IN | |
Jan 13, 2021 15:25:56.257822990 CET | 705 | OUT | |
Jan 13, 2021 15:25:56.380883932 CET | 706 | IN | |
Jan 13, 2021 15:25:56.510795116 CET | 707 | IN | |
Jan 13, 2021 15:25:56.566768885 CET | 707 | OUT | |
Jan 13, 2021 15:25:56.689863920 CET | 708 | IN | |
Jan 13, 2021 15:25:56.825656891 CET | 708 | IN | |
Jan 13, 2021 15:25:56.941735983 CET | 709 | OUT | |
Jan 13, 2021 15:25:57.064477921 CET | 709 | IN | |
Jan 13, 2021 15:25:57.199958086 CET | 710 | IN | |
Jan 13, 2021 15:25:57.346235037 CET | 711 | OUT | |
Jan 13, 2021 15:25:57.468792915 CET | 711 | IN | |
Jan 13, 2021 15:25:57.605859041 CET | 712 | IN | |
Jan 13, 2021 15:25:57.769373894 CET | 712 | OUT | |
Jan 13, 2021 15:25:57.892334938 CET | 713 | IN | |
Jan 13, 2021 15:25:58.028990984 CET | 714 | IN | |
Jan 13, 2021 15:25:58.201308012 CET | 715 | OUT | |
Jan 13, 2021 15:25:58.323940992 CET | 715 | IN | |
Jan 13, 2021 15:25:58.455132008 CET | 716 | IN | |
Jan 13, 2021 15:25:58.686863899 CET | 716 | OUT | |
Jan 13, 2021 15:25:58.809994936 CET | 716 | IN | |
Jan 13, 2021 15:25:58.946995974 CET | 718 | IN | |
Jan 13, 2021 15:25:59.204927921 CET | 718 | OUT | |
Jan 13, 2021 15:25:59.327625990 CET | 718 | IN | |
Jan 13, 2021 15:25:59.461541891 CET | 719 | IN | |
Jan 13, 2021 15:25:59.753940105 CET | 719 | OUT | |
Jan 13, 2021 15:25:59.876847982 CET | 720 | IN | |
Jan 13, 2021 15:26:00.016755104 CET | 721 | IN | |
Jan 13, 2021 15:26:00.315550089 CET | 722 | OUT | |
Jan 13, 2021 15:26:00.438278913 CET | 722 | IN | |
Jan 13, 2021 15:26:00.572384119 CET | 723 | IN | |
Jan 13, 2021 15:26:00.920135021 CET | 723 | OUT | |
Jan 13, 2021 15:26:01.042992115 CET | 724 | IN | |
Jan 13, 2021 15:26:01.172893047 CET | 725 | IN | |
Jan 13, 2021 15:26:01.545492887 CET | 726 | OUT | |
Jan 13, 2021 15:26:01.668401957 CET | 726 | IN | |
Jan 13, 2021 15:26:01.800360918 CET | 726 | IN | |
Jan 13, 2021 15:26:02.217320919 CET | 727 | OUT | |
Jan 13, 2021 15:26:02.339576960 CET | 728 | IN | |
Jan 13, 2021 15:26:02.472264051 CET | 741 | IN | |
Jan 13, 2021 15:26:02.904278040 CET | 754 | OUT | |
Jan 13, 2021 15:26:03.026792049 CET | 755 | IN | |
Jan 13, 2021 15:26:03.157018900 CET | 755 | IN | |
Jan 13, 2021 15:26:03.607511044 CET | 756 | OUT | |
Jan 13, 2021 15:26:03.730144978 CET | 756 | IN | |
Jan 13, 2021 15:26:03.861660957 CET | 757 | IN | |
Jan 13, 2021 15:26:04.357667923 CET | 758 | OUT | |
Jan 13, 2021 15:26:04.480194092 CET | 758 | IN | |
Jan 13, 2021 15:26:04.624820948 CET | 759 | IN | |
Jan 13, 2021 15:26:05.130968094 CET | 759 | OUT | |
Jan 13, 2021 15:26:05.253671885 CET | 760 | IN | |
Jan 13, 2021 15:26:05.385890961 CET | 761 | IN | |
Jan 13, 2021 15:26:05.904792070 CET | 762 | OUT | |
Jan 13, 2021 15:26:06.027467012 CET | 762 | IN | |
Jan 13, 2021 15:26:06.160237074 CET | 763 | IN | |
Jan 13, 2021 15:26:06.717045069 CET | 763 | OUT | |
Jan 13, 2021 15:26:06.839857101 CET | 764 | IN | |
Jan 13, 2021 15:26:06.973723888 CET | 768 | IN | |
Jan 13, 2021 15:26:07.545319080 CET | 772 | OUT | |
Jan 13, 2021 15:26:07.667931080 CET | 772 | IN | |
Jan 13, 2021 15:26:07.798209906 CET | 773 | IN | |
Jan 13, 2021 15:26:08.449904919 CET | 773 | OUT | |
Jan 13, 2021 15:26:08.572328091 CET | 774 | IN | |
Jan 13, 2021 15:26:08.704380989 CET | 775 | IN | |
Jan 13, 2021 15:26:09.374516964 CET | 776 | OUT | |
Jan 13, 2021 15:26:09.496891975 CET | 776 | IN | |
Jan 13, 2021 15:26:09.626754045 CET | 777 | IN | |
Jan 13, 2021 15:26:10.936256886 CET | 777 | OUT | |
Jan 13, 2021 15:26:11.059720993 CET | 777 | IN | |
Jan 13, 2021 15:26:11.190474987 CET | 779 | IN | |
Jan 13, 2021 15:26:12.514919043 CET | 780 | OUT | |
Jan 13, 2021 15:26:12.637964010 CET | 780 | IN | |
Jan 13, 2021 15:26:12.770670891 CET | 780 | IN | |
Jan 13, 2021 15:26:14.156102896 CET | 781 | OUT | |
Jan 13, 2021 15:26:14.278389931 CET | 782 | IN | |
Jan 13, 2021 15:26:14.408196926 CET | 783 | IN | |
Jan 13, 2021 15:26:15.799495935 CET | 783 | OUT | |
Jan 13, 2021 15:26:15.922535896 CET | 784 | IN | |
Jan 13, 2021 15:26:16.056180954 CET | 784 | IN | |
Jan 13, 2021 15:26:17.483190060 CET | 785 | OUT | |
Jan 13, 2021 15:26:17.605767012 CET | 785 | IN | |
Jan 13, 2021 15:26:17.737776041 CET | 786 | IN | |
Jan 13, 2021 15:26:19.222321987 CET | 791 | OUT | |
Jan 13, 2021 15:26:19.344747066 CET | 797 | IN | |
Jan 13, 2021 15:26:19.474870920 CET | 798 | IN | |
Jan 13, 2021 15:26:20.957669020 CET | 809 | OUT | |
Jan 13, 2021 15:26:21.080483913 CET | 811 | IN | |
Jan 13, 2021 15:26:21.211448908 CET | 814 | IN | |
Jan 13, 2021 15:26:22.702589035 CET | 823 | OUT | |
Jan 13, 2021 15:26:22.825088024 CET | 823 | IN | |
Jan 13, 2021 15:26:22.962359905 CET | 825 | IN | |
Jan 13, 2021 15:26:24.471151114 CET | 834 | OUT | |
Jan 13, 2021 15:26:24.594526052 CET | 835 | IN | |
Jan 13, 2021 15:26:24.726388931 CET | 837 | IN | |
Jan 13, 2021 15:26:26.249732018 CET | 884 | OUT | |
Jan 13, 2021 15:26:26.372431040 CET | 884 | IN | |
Jan 13, 2021 15:26:26.507236004 CET | 885 | IN | |
Jan 13, 2021 15:26:28.096009970 CET | 2977 | OUT | |
Jan 13, 2021 15:26:28.218303919 CET | 2978 | IN | |
Jan 13, 2021 15:26:28.350044966 CET | 2979 | IN | |
Jan 13, 2021 15:26:29.954413891 CET | 3510 | OUT | |
Jan 13, 2021 15:26:30.080784082 CET | 3511 | IN | |
Jan 13, 2021 15:26:30.212291002 CET | 3516 | IN | |
Jan 13, 2021 15:26:31.860501051 CET | 3519 | OUT | |
Jan 13, 2021 15:26:31.983078957 CET | 3519 | IN | |
Jan 13, 2021 15:26:32.115427971 CET | 3520 | IN | |
Jan 13, 2021 15:26:33.816489935 CET | 3521 | OUT | |
Jan 13, 2021 15:26:33.939090967 CET | 3521 | IN | |
Jan 13, 2021 15:26:34.068063021 CET | 3522 | IN | |
Jan 13, 2021 15:26:35.818058968 CET | 3522 | OUT | |
Jan 13, 2021 15:26:35.940812111 CET | 3523 | IN | |
Jan 13, 2021 15:26:36.077502966 CET | 3524 | IN | |
Jan 13, 2021 15:26:37.861300945 CET | 3525 | OUT | |
Jan 13, 2021 15:26:37.983709097 CET | 3525 | IN | |
Jan 13, 2021 15:26:38.115866899 CET | 3526 | IN | |
Jan 13, 2021 15:26:39.928486109 CET | 3526 | OUT | |
Jan 13, 2021 15:26:40.051320076 CET | 3527 | IN | |
Jan 13, 2021 15:26:40.210645914 CET | 3528 | IN | |
Jan 13, 2021 15:26:42.002931118 CET | 3529 | OUT | |
Jan 13, 2021 15:26:42.125650883 CET | 3529 | IN | |
Jan 13, 2021 15:26:42.259836912 CET | 3530 | IN | |
Jan 13, 2021 15:26:44.144761086 CET | 3530 | OUT | |
Jan 13, 2021 15:26:44.267282963 CET | 3530 | IN | |
Jan 13, 2021 15:26:44.399490118 CET | 3531 | IN | |
Jan 13, 2021 15:26:46.299314022 CET | 3533 | OUT | |
Jan 13, 2021 15:26:46.422341108 CET | 3533 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.5 | 49725 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 13, 2021 15:25:56.380515099 CET | 706 | OUT | |
Jan 13, 2021 15:25:56.502382040 CET | 706 | IN | |
Jan 13, 2021 15:25:56.636444092 CET | 708 | IN | |
Jan 13, 2021 15:25:56.945796967 CET | 709 | OUT | |
Jan 13, 2021 15:25:57.067745924 CET | 710 | IN | |
Jan 13, 2021 15:25:57.203958988 CET | 711 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.5 | 49737 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 13, 2021 15:26:11.062050104 CET | 778 | OUT | |
Jan 13, 2021 15:26:11.190917015 CET | 779 | IN | |
Jan 13, 2021 15:26:11.322704077 CET | 779 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
11 | 192.168.2.5 | 49738 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 13, 2021 15:26:14.277888060 CET | 782 | OUT | |
Jan 13, 2021 15:26:14.407361984 CET | 782 | IN | |
Jan 13, 2021 15:26:14.537626982 CET | 783 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
12 | 192.168.2.5 | 49739 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 13, 2021 15:26:17.610426903 CET | 786 | OUT | |
Jan 13, 2021 15:26:17.738689899 CET | 786 | IN | |
Jan 13, 2021 15:26:17.869286060 CET | 787 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
13 | 192.168.2.5 | 49741 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 13, 2021 15:26:21.081995010 CET | 812 | OUT | |
Jan 13, 2021 15:26:21.211977005 CET | 814 | IN | |
Jan 13, 2021 15:26:21.342246056 CET | 816 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
14 | 192.168.2.5 | 49744 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 13, 2021 15:26:24.595287085 CET | 836 | OUT | |
Jan 13, 2021 15:26:24.727329969 CET | 842 | IN | |
Jan 13, 2021 15:26:24.860471010 CET | 851 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
15 | 192.168.2.5 | 49752 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 13, 2021 15:26:28.219491005 CET | 2979 | OUT | |
Jan 13, 2021 15:26:28.349313974 CET | 2979 | IN | |
Jan 13, 2021 15:26:28.479860067 CET | 2980 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
16 | 192.168.2.5 | 49755 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 13, 2021 15:26:31.983566999 CET | 3520 | OUT | |
Jan 13, 2021 15:26:32.116180897 CET | 3520 | IN | |
Jan 13, 2021 15:26:32.246951103 CET | 3521 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
17 | 192.168.2.5 | 49756 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 13, 2021 15:26:35.942375898 CET | 3524 | OUT | |
Jan 13, 2021 15:26:36.077912092 CET | 3524 | IN | |
Jan 13, 2021 15:26:36.212615013 CET | 3525 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
18 | 192.168.2.5 | 49757 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 13, 2021 15:26:40.052512884 CET | 3527 | OUT | |
Jan 13, 2021 15:26:40.209407091 CET | 3527 | IN | |
Jan 13, 2021 15:26:40.341197968 CET | 3528 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
19 | 192.168.2.5 | 49758 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 13, 2021 15:26:44.268845081 CET | 3531 | OUT | |
Jan 13, 2021 15:26:44.398611069 CET | 3531 | IN | |
Jan 13, 2021 15:26:44.529566050 CET | 3532 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.5 | 49726 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 13, 2021 15:25:57.895196915 CET | 713 | OUT | |
Jan 13, 2021 15:25:58.027132034 CET | 713 | IN | |
Jan 13, 2021 15:25:58.160243034 CET | 714 | IN | |
Jan 13, 2021 15:25:58.687722921 CET | 716 | OUT | |
Jan 13, 2021 15:25:58.810641050 CET | 717 | IN | |
Jan 13, 2021 15:25:58.946628094 CET | 717 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
20 | 192.168.2.5 | 49759 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
21 | 192.168.2.5 | 49760 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
22 | 192.168.2.5 | 49761 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
23 | 192.168.2.5 | 49762 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
24 | 192.168.2.5 | 49764 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
25 | 192.168.2.5 | 49765 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
26 | 192.168.2.5 | 49766 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
27 | 192.168.2.5 | 49767 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
28 | 192.168.2.5 | 49768 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
29 | 192.168.2.5 | 49769 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.5 | 49727 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 13, 2021 15:25:59.879075050 CET | 720 | OUT | |
Jan 13, 2021 15:26:00.017774105 CET | 721 | IN | |
Jan 13, 2021 15:26:00.148861885 CET | 722 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
30 | 192.168.2.5 | 49770 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
31 | 192.168.2.5 | 49771 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
32 | 192.168.2.5 | 49772 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
33 | 192.168.2.5 | 49773 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
34 | 192.168.2.5 | 49777 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
35 | 192.168.2.5 | 49785 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
36 | 192.168.2.5 | 49786 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
37 | 192.168.2.5 | 49787 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.5 | 49728 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 13, 2021 15:26:01.042892933 CET | 724 | OUT | |
Jan 13, 2021 15:26:01.165296078 CET | 724 | IN | |
Jan 13, 2021 15:26:01.298976898 CET | 725 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.5 | 49729 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 13, 2021 15:26:02.342319965 CET | 729 | OUT | |
Jan 13, 2021 15:26:02.473714113 CET | 742 | IN | |
Jan 13, 2021 15:26:02.620726109 CET | 754 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.5 | 49732 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 13, 2021 15:26:03.733129025 CET | 757 | OUT | |
Jan 13, 2021 15:26:03.862329006 CET | 757 | IN | |
Jan 13, 2021 15:26:03.995359898 CET | 758 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.5 | 49733 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 13, 2021 15:26:05.254686117 CET | 761 | OUT | |
Jan 13, 2021 15:26:05.386487007 CET | 761 | IN | |
Jan 13, 2021 15:26:05.516742945 CET | 762 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.5 | 49734 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 13, 2021 15:26:06.843626022 CET | 765 | OUT | |
Jan 13, 2021 15:26:06.974791050 CET | 768 | IN | |
Jan 13, 2021 15:26:07.114841938 CET | 769 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.5 | 49736 | 64.188.18.218 | 80 | C:\Users\user\Desktop\file.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 13, 2021 15:26:08.599234104 CET | 774 | OUT | |
Jan 13, 2021 15:26:08.721358061 CET | 775 | IN | |
Jan 13, 2021 15:26:08.851656914 CET | 776 | IN |
Code Manipulations |
---|
Statistics |
---|
System Behavior |
---|
General |
---|
Start time: | 15:25:38 |
Start date: | 13/01/2021 |
Path: | C:\Users\user\Desktop\file.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8d0000 |
File size: | 221184 bytes |
MD5 hash: | 2E1FCFB191508FC51320313D059BD30D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|