Play interactive tourEdit tour
Analysis Report SKM_C3350191107102300.exe
Overview
General Information
Detection
AgentTesla GuLoader
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Potential malicious icon found
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected AgentTesla
Yara detected GuLoader
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Hides threads from debuggers
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains strange resources
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GuLoader | Yara detected GuLoader | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link |
Compliance: |
---|
Uses 32bit PE files | Show sources |
Source: | Static PE information: |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: |
Source: | ASN Name: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary: |
---|
Potential malicious icon found | Show sources |
Source: | Icon embedded in PE file: |
Source: | Code function: | 0_2_021066CF | |
Source: | Code function: | 0_2_02106A5A | |
Source: | Code function: | 0_2_02106A7E | |
Source: | Code function: | 0_2_02106A9A | |
Source: | Code function: | 0_2_02106AB6 | |
Source: | Code function: | 0_2_02106ADE | |
Source: | Code function: | 0_2_02106B0A | |
Source: | Code function: | 0_2_02106B2E | |
Source: | Code function: | 0_2_0210677A | |
Source: | Code function: | 0_2_02106B7A | |
Source: | Code function: | 0_2_02106B9E | |
Source: | Code function: | 0_2_02106BBA | |
Source: | Code function: | 0_2_02106BE2 | |
Source: | Code function: | 0_2_0210680C | |
Source: | Code function: | 0_2_02106C32 | |
Source: | Code function: | 0_2_0210687F | |
Source: | Code function: | 0_2_02106896 | |
Source: | Code function: | 0_2_02106CAA | |
Source: | Code function: | 0_2_0210693E | |
Source: | Code function: | 0_2_0210698E | |
Source: | Code function: | 0_2_021069AA | |
Source: | Code function: | 0_2_021069D6 | |
Source: | Code function: | 0_2_021069F6 | |
Source: | Code function: | 4_2_0130693A | |
Source: | Code function: | 4_2_013063BF | |
Source: | Code function: | 4_2_013069AA | |
Source: | Code function: | 4_2_0130698E | |
Source: | Code function: | 4_2_013069F6 | |
Source: | Code function: | 4_2_013069D6 | |
Source: | Code function: | 4_2_01306B2E | |
Source: | Code function: | 4_2_01306B0A | |
Source: | Code function: | 4_2_01306B7A | |
Source: | Code function: | 4_2_01306BBA | |
Source: | Code function: | 4_2_01306B9E | |
Source: | Code function: | 4_2_01306BE2 | |
Source: | Code function: | 4_2_01306A7E | |
Source: | Code function: | 4_2_01306A5A | |
Source: | Code function: | 4_2_01306AB6 | |
Source: | Code function: | 4_2_01306A9A | |
Source: | Code function: | 4_2_01306ADE | |
Source: | Code function: | 4_2_01306C32 | |
Source: | Code function: | 4_2_01306CAA |
Source: | Code function: | 4_2_00FE78D8 | |
Source: | Code function: | 4_2_00FE41E8 | |
Source: | Code function: | 4_2_00FE99C0 | |
Source: | Code function: | 4_2_00FE12F8 | |
Source: | Code function: | 4_2_00FEE588 | |
Source: | Code function: | 4_2_00FE41E0 | |
Source: | Code function: | 4_2_1D972CD8 | |
Source: | Code function: | 4_2_1D970006 | |
Source: | Code function: | 4_2_1D970040 | |
Source: | Code function: | 4_2_1D97C3B0 | |
Source: | Code function: | 4_2_1D9805D8 | |
Source: | Code function: | 4_2_1DB146A0 | |
Source: | Code function: | 4_2_1DB14690 | |
Source: | Code function: | 4_2_1DB14650 |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | WMI Queries: |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Data Obfuscation: |
---|
Yara detected GuLoader | Show sources |
Source: | File source: |
Source: | Code function: | 0_2_00408C0F | |
Source: | Code function: | 0_2_00403F29 | |
Source: | Code function: | 0_2_02105A7C | |
Source: | Code function: | 0_2_02105A7C | |
Source: | Code function: | 0_2_02101D39 | |
Source: | Code function: | 0_2_021008AC | |
Source: | Code function: | 0_2_02101D39 | |
Source: | Code function: | 0_2_02101D39 | |
Source: | Code function: | 0_2_02101D49 | |
Source: | Code function: | 0_2_02101D49 | |
Source: | Code function: | 0_2_02101D39 | |
Source: | Code function: | 0_2_021045DA | |
Source: | Code function: | 0_2_021005B0 | |
Source: | Code function: | 4_2_1D979E51 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Contains functionality to detect hardware virtualization (CPUID execution measurement) | Show sources |
Source: | Code function: | 4_2_0130210C |
Detected RDTSC dummy instruction sequence (likely for instruction hammering) | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: |
Tries to detect virtualization through RDTSC time measurements | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Source: | Code function: | 4_2_0130210C |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | Last function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Anti Debugging: |
---|
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 4_2_0130210C |
Source: | Code function: | 4_2_00FE6B68 |
Source: | Code function: | 4_2_013052A0 | |
Source: | Code function: | 4_2_01302DD2 | |
Source: | Code function: | 4_2_01305F0E | |
Source: | Code function: | 4_2_0130576C | |
Source: | Code function: | 4_2_01305EF3 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 4_2_01302214 |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to steal Mail credentials (via file access) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | DLL Side-Loading1 | Process Injection112 | Virtualization/Sandbox Evasion34 | OS Credential Dumping1 | Security Software Discovery731 | Remote Services | Email Collection1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | DLL Side-Loading1 | Disable or Modify Tools1 | LSASS Memory | Virtualization/Sandbox Evasion34 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Ingress Tool Transfer1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection112 | Security Account Manager | Process Discovery2 | SMB/Windows Admin Shares | Data from Local System1 | Automated Exfiltration | Non-Application Layer Protocol1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information1 | NTDS | Application Window Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol11 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | DLL Side-Loading1 | LSA Secrets | System Information Discovery424 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
22% | Virustotal | Browse |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
185.222.58.152 | unknown | Netherlands | 51447 | ROOTLAYERNETNL | true |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 356107 |
Start date: | 22.02.2021 |
Start time: | 15:17:08 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 56s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | SKM_C3350191107102300.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 24 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.rans.troj.spyw.evad.winEXE@4/0@0/1 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
15:18:31 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
No context |
---|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ROOTLAYERNETNL | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
No created / dropped files found |
---|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 4.793930759240635 |
TrID: |
|
File name: | SKM_C3350191107102300.exe |
File size: | 61440 |
MD5: | 58bb0368bc9cf6ec86c266f54cdefeeb |
SHA1: | 1b9beee4bf56a4d5b31654b7c7404df5ff13f2fe |
SHA256: | d8eb1f98c2e365646d4b849ce9463769f173f7b4c95ea4dc705429a1798e1cfb |
SHA512: | 3078cfa6d4bfd47981bdac73d8cd41a4d37a8a076d01920dea680f643e683d07750ad9ee623976df6f4df76ccf37d03ae8899e7a88b976a3d28409735e936343 |
SSDEEP: | 768:IZH/LgmvpoLA7SIKJrj7+I6vbfzrkEiV:mz5yLA7SIKZ6vTc |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B...B...B..L^...B...`...B...d...B..Rich.B..........PE..L...m?.V.....................0....................@................ |
File Icon |
---|
Icon Hash: | 20047c7c70f0e004 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4012c4 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x56A83F6D [Wed Jan 27 03:54:21 2016 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f8fb5be8a6ea86fb9d04da61d8bfeb3a |
Entrypoint Preview |
---|
Instruction |
---|
push 00401504h |
call 00007F7E70845993h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
cmp byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xchg eax, ebx |
mov eax, dword ptr [E42F2C80h] |
inc edi |
popfd |
add al, 37h |
adc byte ptr [eax], 0000005Ah |
mov edi, 0000006Ah |
add byte ptr [eax], al |
add byte ptr [ecx], al |
add byte ptr [eax], al |
add byte ptr [eax+00h], cl |
push es |
inc eax |
add dword ptr [ecx], 41h |
insb |
outsb |
add byte ptr [esi+000002FBh], dh |
add byte ptr [eax], al |
dec esp |
xor dword ptr [eax], eax |
pop es |
mov dh, 00h |
pop edi |
retf 9645h |
dec esi |
mov ecx, dword ptr [edi-2EF3FE6Eh] |
mov dword ptr [ebp-42h], edi |
pop es |
xchg eax, ebx |
adc al, 08h |
movsd |
loopne 00007F7E708459EAh |
stosd |
cdq |
clts |
mov ch, B4h |
clc |
ret |
cmp cl, byte ptr [edi-53h] |
xor ebx, dword ptr [ecx-48EE309Ah] |
or al, 00h |
stosb |
add byte ptr [eax-2Dh], ah |
xchg eax, ebx |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xchg eax, ebp |
add dword ptr [eax], eax |
add byte ptr [ebx+00h], cl |
add byte ptr [eax], al |
add byte ptr [ebx], cl |
add byte ptr [edx+49h], al |
dec esp |
inc ecx |
inc edi |
inc esp |
inc ebp |
push ebx |
push ebx |
dec esi |
inc ebp |
add byte ptr [52000901h], cl |
inc ebp |
inc esi |
inc ebp |
inc ebx |
push esp |
dec edi |
push edx |
dec ecx |
add byte ptr [ecx], bl |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xc024 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xf000 | 0x9b4 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x228 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0xd0 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xb3f8 | 0xc000 | False | 0.454182942708 | data | 5.50136713696 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0xd000 | 0x118c | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0xf000 | 0x9b4 | 0x1000 | False | 0.18017578125 | data | 2.10544721685 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0xf884 | 0x130 | data | ||
RT_ICON | 0xf59c | 0x2e8 | data | ||
RT_ICON | 0xf474 | 0x128 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0xf444 | 0x30 | data | ||
RT_VERSION | 0xf150 | 0x2f4 | data | Hungarian | Hungary |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | _CIcos, _adj_fptan, __vbaVarMove, __vbaAryMove, __vbaFreeVar, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, _adj_fpatan, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaErrorOverflow, __vbaNew2, __vbaVar2Vec, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaVarDup, _CIatan, __vbaCastObj, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x040e 0x04b0 |
LegalCopyright | Copyright (C) AC |
InternalName | Klysnerstorv8 |
FileVersion | 1.00 |
CompanyName | AC |
LegalTrademarks | Copyright (C) AC |
Comments | AC |
ProductName | AC |
ProductVersion | 1.00 |
FileDescription | AC |
OriginalFilename | Klysnerstorv8.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Hungarian | Hungary |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
02/22/21-15:18:23.821649 | TCP | 2018752 | ET TROJAN Generic .bin download from Dotted Quad | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 22, 2021 15:18:20.784945011 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:23.774292946 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:23.820786953 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.820916891 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:23.821649075 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:23.871231079 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.871278048 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.871300936 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.871324062 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.871339083 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.871368885 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:23.871401072 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:23.917999983 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.918077946 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.918142080 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.918162107 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:23.918201923 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:23.918204069 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.918262005 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.918268919 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:23.918320894 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.918323040 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:23.918366909 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.918392897 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:23.918406963 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.918437004 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.918438911 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:23.918500900 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:23.964941025 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.965034008 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:23.965125084 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.965145111 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.965161085 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.965177059 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:23.965183020 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.965204954 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.965220928 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.965223074 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:23.965238094 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.965255976 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.965270042 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.965282917 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.965286016 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:23.965302944 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.965315104 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:23.965323925 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.965341091 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.965358973 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:23.965361118 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.965379953 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.965396881 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:23.965415955 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:23.965428114 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:23.965451002 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.011744022 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.011780024 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.011790991 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.011991978 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.014591932 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.014625072 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.014642000 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.014662027 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.014687061 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.014705896 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.014730930 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.014756918 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.014779091 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.014800072 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.014818907 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.014842033 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.014864922 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.014889002 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.014914036 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.014939070 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.014961958 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.014978886 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.014997005 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.015012980 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.015031099 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.015048027 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.015067101 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.015083075 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.015100002 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.015115976 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.015134096 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.015150070 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.015165091 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.015181065 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.015196085 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.015415907 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.058439016 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.058478117 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.058501959 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.058525085 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.058532000 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.058543921 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.058562994 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.058626890 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.061870098 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.061903954 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.061923027 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.061944008 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.061964989 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.061985016 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.061989069 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.062011003 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062033892 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062051058 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.062053919 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062077045 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062084913 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.062098026 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062110901 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.062119961 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062140942 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062153101 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.062161922 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062186956 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062195063 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.062210083 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062216997 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.062231064 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062251091 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062259912 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.062273979 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062294960 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062298059 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.062316895 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062331915 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.062338114 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062362909 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062366009 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.062386036 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062407017 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062412024 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.062428951 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062449932 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.062455893 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062479019 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062484026 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.062500954 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062521935 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.062521935 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062549114 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062556982 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.062573910 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062596083 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062597990 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.062617064 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062633038 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.062640905 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.062690973 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.105156898 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.105214119 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.105238914 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.105263948 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.105289936 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.105312109 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.105334997 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.105356932 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.105374098 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.105402946 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.105465889 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.109148979 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109195948 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109220982 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109247923 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109272957 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109296083 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109318972 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109317064 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.109344006 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109366894 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109395981 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.109401941 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.109411955 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109428883 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.109438896 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109464884 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109481096 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.109493971 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109522104 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109536886 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.109544039 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109564066 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.109569073 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109595060 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109600067 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.109620094 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109621048 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.109643936 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109644890 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.109669924 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.109669924 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109693050 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.109699965 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109726906 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109729052 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.109743118 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.109751940 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109772921 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.109776974 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109798908 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.109805107 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109823942 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.109829903 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109857082 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109858036 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.109877110 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.109884024 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109899044 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.109914064 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109925032 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.109941006 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109954119 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.109966040 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.109977007 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.109991074 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110014915 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.110018015 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110038996 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.110047102 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110074043 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110090017 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.110097885 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110126972 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.110129118 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110157967 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110162020 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.110182047 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110187054 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.110208035 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110213041 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.110234976 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110245943 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.110260010 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110271931 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.110286951 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110310078 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110311031 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.110337973 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110344887 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.110368013 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110375881 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.110393047 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110405922 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.110419989 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110431910 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.110438108 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110465050 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110475063 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.110491991 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110508919 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110510111 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.110532999 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.110538006 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110564947 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110588074 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.110588074 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110610962 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.110615969 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110640049 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110662937 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110671043 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.110676050 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.110687971 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110697985 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.110709906 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110728025 CET | 80 | 49726 | 185.222.58.152 | 192.168.2.6 |
Feb 22, 2021 15:18:24.110733032 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
Feb 22, 2021 15:18:24.110774040 CET | 49726 | 80 | 192.168.2.6 | 185.222.58.152 |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.6 | 49726 | 185.222.58.152 | 80 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Feb 22, 2021 15:18:23.821649075 CET | 1119 | OUT | |
Feb 22, 2021 15:18:23.871231079 CET | 1120 | IN |