Windows
Analysis Report
ent.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- ent.exe (PID: 7488 cmdline:
"C:\Users\ user\Deskt op\ent.exe " MD5: 211661398474B9C96A1D704823D0E552)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
XWorm | Malware with wide range of capabilities ranging from RAT to ransomware. | No Attribution |
{"C2 url": "https://pastebin.com/raw/XzLzRHpk", "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.2"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_XWorm | Yara detected XWorm | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
|
Timestamp: | 05/03/24-19:09:49.210550 |
SID: | 2852874 |
Source Port: | 14771 |
Destination Port: | 49731 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 05/03/24-19:10:01.234928 |
SID: | 2852923 |
Source Port: | 49731 |
Destination Port: | 14771 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 05/03/24-19:08:04.180945 |
SID: | 2853193 |
Source Port: | 49731 |
Destination Port: | 14771 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 05/03/24-19:06:14.763593 |
SID: | 2855924 |
Source Port: | 49731 |
Destination Port: | 14771 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 05/03/24-19:10:01.234012 |
SID: | 2852870 |
Source Port: | 14771 |
Destination Port: | 49731 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_00007FFD9BA271E6 | |
Source: | Code function: | 0_2_00007FFD9BA27F92 |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Base64 encoded string: |
Source: | Classification label: |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | Registry key monitored for changes: | Jump to behavior | ||
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior |
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 11 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Disable or Modify Tools | OS Credential Dumping | 1 Query Registry | Remote Services | 11 Archive Collected Data | 1 Web Service | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 131 Virtualization/Sandbox Evasion | LSASS Memory | 121 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Deobfuscate/Decode Files or Information | NTDS | 131 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | 2 Non-Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 2 Software Packing | Cached Domain Credentials | 13 System Information Discovery | VNC | GUI Input Capture | 13 Application Layer Protocol | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
71% | ReversingLabs | ByteCode-MSIL.Trojan.Jalapeno | ||
64% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1305769 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
16% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
pastebin.com | 172.67.19.24 | true | false | high | |
0.tcp.eu.ngrok.io | 3.124.142.205 | true | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.67.19.24 | pastebin.com | United States | 13335 | CLOUDFLARENETUS | false | |
3.124.142.205 | 0.tcp.eu.ngrok.io | United States | 16509 | AMAZON-02US | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1436084 |
Start date and time: | 2024-05-03 19:05:07 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 20s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 5 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | ent.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@1/0@2/2 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target ent.exe, PID 7488 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
19:06:01 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
172.67.19.24 | Get hash | malicious | WSHRAT | Browse |
| |
Get hash | malicious | WSHRAT | Browse |
| ||
3.124.142.205 | Get hash | malicious | CVE-2021-40444 | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
pastebin.com | Get hash | malicious | LimeRAT | Browse |
| |
Get hash | malicious | MinerDownloader, RedLine, Xmrig | Browse |
| ||
Get hash | malicious | WSHRAT | Browse |
| ||
Get hash | malicious | WSHRAT | Browse |
| ||
Get hash | malicious | WSHRAT | Browse |
| ||
Get hash | malicious | WSHRAT | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Xmrig | Browse |
| ||
Get hash | malicious | RedLine, SectopRAT | Browse |
| ||
Get hash | malicious | LimeRAT | Browse |
| ||
0.tcp.eu.ngrok.io | Get hash | malicious | Njrat | Browse |
| |
Get hash | malicious | LimeRAT | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Blank Grabber, Njrat, Umbral Stealer | Browse |
| ||
Get hash | malicious | Nanocore | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | DarkComet | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AMAZON-02US | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | LimeRAT | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | XenoRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | DarkTortilla | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
|
File type: | |
Entropy (8bit): | 5.917434667430469 |
TrID: |
|
File name: | ent.exe |
File size: | 45'056 bytes |
MD5: | 211661398474b9c96a1d704823d0e552 |
SHA1: | 5afcd1a87a69ea1c84a06fdf7079660133ceb28a |
SHA256: | c43fa1f0bbfbb8f91d9a339b97922494bf790c6b58bf973b56836ef52a3196cd |
SHA512: | 51717923b8d063874d5216db14adbe506826715773845c17961c5e52ed072380ea8b9b75d55559f855e6f42c35c8dd984c055eb3d1f7bec02c62463423c96666 |
SSDEEP: | 768:trlZa605WoOu+tpBERbGTHDUgkbZCfr2A33O3sh0l0E:tfq0u+tpKbAjXkbZCjjO3s60E |
TLSH: | 57137C0C73B44226D1FE1BF429B222429239E6175913EB5F68C951DB6B63FCCCA107E6 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5f................................. ........@.. ....................... ............@................................ |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x40c4ee |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x6635170C [Fri May 3 16:55:40 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xc49c | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xe000 | 0x4be | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x10000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0xa4f4 | 0xa600 | 115d774bbc546c22c68c84bcb27d6fab | False | 0.583019578313253 | data | 6.0441803608179345 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0xe000 | 0x4be | 0x600 | 1a10ebe532adeeda0407f6806baac2de | False | 0.3697916666666667 | data | 3.677404346999089 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x10000 | 0xc | 0x200 | 4a4ab37a5b11d854015ffe1e4f9055da | False | 0.044921875 | data | 0.08153941234324169 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0xe0a0 | 0x234 | data | 0.46808510638297873 | ||
RT_MANIFEST | 0xe2d4 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5469387755102041 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
05/03/24-19:09:49.210550 | TCP | 2852874 | ETPRO TROJAN Win32/XWorm CnC PING Command Inbound M2 | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
05/03/24-19:10:01.234928 | TCP | 2852923 | ETPRO TROJAN Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
05/03/24-19:08:04.180945 | TCP | 2853193 | ETPRO TROJAN Win32/XWorm V3 CnC Command - PING Outbound | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
05/03/24-19:06:14.763593 | TCP | 2855924 | ETPRO TROJAN Win32/XWorm V3 CnC Command - PING Outbound | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
05/03/24-19:10:01.234012 | TCP | 2852870 | ETPRO TROJAN Win32/XWorm CnC Checkin - Generic Prefix Bytes | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 3, 2024 19:06:01.441291094 CEST | 49730 | 443 | 192.168.2.4 | 172.67.19.24 |
May 3, 2024 19:06:01.441319942 CEST | 443 | 49730 | 172.67.19.24 | 192.168.2.4 |
May 3, 2024 19:06:01.441390991 CEST | 49730 | 443 | 192.168.2.4 | 172.67.19.24 |
May 3, 2024 19:06:01.477689028 CEST | 49730 | 443 | 192.168.2.4 | 172.67.19.24 |
May 3, 2024 19:06:01.477710009 CEST | 443 | 49730 | 172.67.19.24 | 192.168.2.4 |
May 3, 2024 19:06:01.666747093 CEST | 443 | 49730 | 172.67.19.24 | 192.168.2.4 |
May 3, 2024 19:06:01.666920900 CEST | 49730 | 443 | 192.168.2.4 | 172.67.19.24 |
May 3, 2024 19:06:01.670366049 CEST | 49730 | 443 | 192.168.2.4 | 172.67.19.24 |
May 3, 2024 19:06:01.670372009 CEST | 443 | 49730 | 172.67.19.24 | 192.168.2.4 |
May 3, 2024 19:06:01.670743942 CEST | 443 | 49730 | 172.67.19.24 | 192.168.2.4 |
May 3, 2024 19:06:01.711657047 CEST | 49730 | 443 | 192.168.2.4 | 172.67.19.24 |
May 3, 2024 19:06:01.726829052 CEST | 49730 | 443 | 192.168.2.4 | 172.67.19.24 |
May 3, 2024 19:06:01.772123098 CEST | 443 | 49730 | 172.67.19.24 | 192.168.2.4 |
May 3, 2024 19:06:02.299001932 CEST | 443 | 49730 | 172.67.19.24 | 192.168.2.4 |
May 3, 2024 19:06:02.299115896 CEST | 443 | 49730 | 172.67.19.24 | 192.168.2.4 |
May 3, 2024 19:06:02.299197912 CEST | 49730 | 443 | 192.168.2.4 | 172.67.19.24 |
May 3, 2024 19:06:02.316203117 CEST | 49730 | 443 | 192.168.2.4 | 172.67.19.24 |
May 3, 2024 19:06:02.535470009 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:06:02.703926086 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:06:02.704015970 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:06:02.860315084 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:06:03.028669119 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:06:14.763592958 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:06:14.932058096 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:06:15.035603046 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:06:15.086685896 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:06:15.105622053 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:06:15.273937941 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:06:19.211822033 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:06:19.258584976 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:06:26.693331957 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:06:26.862231970 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:06:26.962575912 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:06:26.964534998 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:06:27.132930994 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:06:38.587523937 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:06:38.755841017 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:06:38.895942926 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:06:38.897958040 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:06:39.069092989 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:06:49.215188026 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:06:49.258624077 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:06:50.493331909 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:06:50.663716078 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:06:50.762104988 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:06:50.764729023 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:06:50.933073044 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:02.399717093 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:02.568389893 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:02.705624104 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:02.709378004 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:02.877757072 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:14.305824995 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:14.474236965 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:14.577270031 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:14.579015970 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:14.747353077 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:19.221663952 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:19.305649042 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:20.805838108 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:20.974375963 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:21.075030088 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:21.076677084 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:21.246185064 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:25.478203058 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:25.646962881 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:25.759680033 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:25.761686087 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:25.930526018 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:31.337400913 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:31.505932093 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:31.710369110 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:31.712431908 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:31.884341002 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:35.337398052 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:35.506159067 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:35.605715036 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:35.639215946 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:35.807719946 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:41.524646997 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:41.692904949 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:41.696078062 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:41.795049906 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:41.867156982 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:41.868036032 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:41.964251995 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:42.037652016 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:42.037704945 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:42.206346035 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:46.665231943 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:46.834966898 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:46.835176945 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:46.932305098 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:46.977431059 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:47.003573895 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:47.003671885 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:47.102581978 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:47.152782917 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:47.172184944 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:47.177923918 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:47.346378088 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:49.201545000 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:49.243046999 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:51.602747917 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:51.771555901 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:51.871520042 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:51.875624895 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:52.044127941 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:54.884119987 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:55.052714109 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:55.150727987 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:55.182379961 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:55.351406097 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:56.977843046 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:57.146271944 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:57.246676922 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:07:57.252185106 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:07:57.420583963 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:04.180944920 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:08:04.350425959 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:04.350471973 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:08:04.449817896 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:04.520759106 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:04.520807981 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:08:04.618180990 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:04.689158916 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:04.689208984 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:08:04.858366966 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:14.477853060 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:08:14.647212982 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:14.746824980 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:14.750166893 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:08:14.918684959 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:19.220877886 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:19.352488995 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:08:26.384044886 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:08:26.552395105 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:26.717139959 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:26.729109049 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:08:26.897480011 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:29.618522882 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:08:29.787108898 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:29.787276983 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:08:29.917392969 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:29.955713987 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:29.955780029 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:08:30.054119110 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:30.124083042 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:30.124229908 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:08:30.292639017 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:30.297983885 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:08:30.466213942 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:30.565696955 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:30.573364973 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:08:30.743231058 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:30.744071960 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:08:30.913408041 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:31.043236017 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:31.045202971 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:08:31.213532925 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:39.727808952 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:08:39.896528006 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:39.896743059 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:08:40.024111986 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:40.065057993 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:40.065124035 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:08:40.169743061 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:40.233442068 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:40.233489990 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:08:40.401748896 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:49.207017899 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:49.352504969 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:08:51.665378094 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:08:51.834018946 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:51.932565928 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:08:51.934417963 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:08:52.102782965 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:01.759079933 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:01.927357912 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:01.927429914 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:02.030915022 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:02.030976057 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:02.095726013 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:02.095779896 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:02.199671984 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:02.211111069 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:02.221616983 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:02.221818924 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:02.238217115 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:02.240020990 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:02.241189957 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:02.290097952 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:02.305913925 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:02.306082964 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:02.371447086 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:02.371735096 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:02.383320093 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:02.383868933 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:02.390353918 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:02.396513939 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:02.409670115 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:02.482754946 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:02.527996063 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:02.553911924 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:02.605139971 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:02.848850965 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:03.017091990 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:03.868465900 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:04.036974907 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:07.196599007 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:07.364928007 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:07.364980936 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:07.465553045 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:07.534437895 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:07.534495115 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:07.642039061 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:07.705773115 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:07.705821991 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:07.874130964 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:17.306077003 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:17.474376917 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:17.474431992 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:17.579298973 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:17.642735004 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:17.642807007 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:17.742445946 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:17.811132908 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:17.899420023 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:18.922750950 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:19.091064930 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:19.221473932 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:19.303075075 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:20.759233952 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:20.927797079 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:21.026738882 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:21.028320074 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:21.197005033 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:21.978141069 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:22.147423983 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:22.269120932 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:22.273937941 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:22.442552090 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:22.587382078 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:22.755712032 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:22.837929964 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:22.879359961 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:23.006527901 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:23.006805897 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:23.105736017 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:23.175081015 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:23.175122023 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:23.343550920 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:23.915349960 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:24.083857059 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:24.185548067 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:24.189941883 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:24.358247995 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:25.603199005 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:25.773000956 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:25.872438908 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:25.874485970 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:26.044081926 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:26.292094946 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:26.460401058 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:26.559017897 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:26.561697006 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:26.730025053 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:29.243607044 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:29.413829088 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:29.510481119 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:29.512882948 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:29.681278944 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:31.462300062 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:31.630637884 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:31.734321117 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:31.736082077 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:31.904411077 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:38.180951118 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:38.349837065 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:38.449337006 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:38.454061985 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:38.623610973 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:41.134041071 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:41.302278042 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:41.402260065 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:41.403629065 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:41.572606087 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:46.587440968 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:46.755743027 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:46.856673002 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:46.858309031 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:47.028500080 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:49.210550070 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:49.292032003 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:51.087539911 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:51.256817102 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:51.362943888 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:51.368088007 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:51.538621902 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:51.556117058 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:51.724380970 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:51.828964949 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:51.836138010 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:52.004435062 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:54.712234020 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:54.881592035 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:54.991756916 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:54.994393110 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:09:55.163300991 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:09:59.931111097 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:10:00.099966049 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:10:00.100022078 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:10:00.200278044 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:10:00.268377066 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:10:00.272119045 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:10:00.367611885 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:10:00.379245043 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:10:00.380127907 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:10:00.440474033 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:10:00.442015886 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:10:00.550519943 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:10:00.610377073 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:10:00.964977026 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:10:01.133480072 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:10:01.234011889 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
May 3, 2024 19:10:01.234927893 CEST | 49731 | 14771 | 192.168.2.4 | 3.124.142.205 |
May 3, 2024 19:10:01.403354883 CEST | 14771 | 49731 | 3.124.142.205 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 3, 2024 19:06:01.296482086 CEST | 58651 | 53 | 192.168.2.4 | 1.1.1.1 |
May 3, 2024 19:06:01.386296988 CEST | 53 | 58651 | 1.1.1.1 | 192.168.2.4 |
May 3, 2024 19:06:02.441200972 CEST | 64658 | 53 | 192.168.2.4 | 1.1.1.1 |
May 3, 2024 19:06:02.533694983 CEST | 53 | 64658 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 3, 2024 19:06:01.296482086 CEST | 192.168.2.4 | 1.1.1.1 | 0x378 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 3, 2024 19:06:02.441200972 CEST | 192.168.2.4 | 1.1.1.1 | 0x603 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 3, 2024 19:06:01.386296988 CEST | 1.1.1.1 | 192.168.2.4 | 0x378 | No error (0) | 172.67.19.24 | A (IP address) | IN (0x0001) | false | ||
May 3, 2024 19:06:01.386296988 CEST | 1.1.1.1 | 192.168.2.4 | 0x378 | No error (0) | 104.20.3.235 | A (IP address) | IN (0x0001) | false | ||
May 3, 2024 19:06:01.386296988 CEST | 1.1.1.1 | 192.168.2.4 | 0x378 | No error (0) | 104.20.4.235 | A (IP address) | IN (0x0001) | false | ||
May 3, 2024 19:06:02.533694983 CEST | 1.1.1.1 | 192.168.2.4 | 0x603 | No error (0) | 3.124.142.205 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49730 | 172.67.19.24 | 443 | 7488 | C:\Users\user\Desktop\ent.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-03 17:06:01 UTC | 74 | OUT | |
2024-05-03 17:06:02 UTC | 388 | IN | |
2024-05-03 17:06:02 UTC | 29 | IN | |
2024-05-03 17:06:02 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 19:05:51 |
Start date: | 03/05/2024 |
Path: | C:\Users\user\Desktop\ent.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x670000 |
File size: | 45'056 bytes |
MD5 hash: | 211661398474B9C96A1D704823D0E552 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Function 00007FFD9BA271E6 Relevance: .5, Instructions: 473COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA27F92 Relevance: .5, Instructions: 459COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA2AC70 Relevance: 1.1, Instructions: 1053COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA23188 Relevance: .4, Instructions: 408COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA23601 Relevance: .4, Instructions: 350COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA27BA6 Relevance: .3, Instructions: 332COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA291FA Relevance: .3, Instructions: 286COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA291F8 Relevance: .3, Instructions: 283COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA29208 Relevance: .3, Instructions: 273COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA29218 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA20915 Relevance: .3, Instructions: 259COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA299DD Relevance: .3, Instructions: 252COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA294BE Relevance: .2, Instructions: 245COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA29751 Relevance: .2, Instructions: 242COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA29A30 Relevance: .2, Instructions: 222COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA29FCA Relevance: .2, Instructions: 211COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA28A1D Relevance: .2, Instructions: 207COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA23D3D Relevance: .2, Instructions: 191COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA24ADC Relevance: .2, Instructions: 191COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA22835 Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA22EDD Relevance: .2, Instructions: 167COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA28D81 Relevance: .1, Instructions: 143COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA20D41 Relevance: .1, Instructions: 124COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA22CF1 Relevance: .1, Instructions: 114COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA2B14D Relevance: .1, Instructions: 109COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA22AFB Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA20C49 Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA2A395 Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA20E89 Relevance: .1, Instructions: 91COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA2A2B9 Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA2A1A1 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA215C1 Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA286C8 Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA286F4 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA20BDE Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA21553 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA2B095 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA20540 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA20F70 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9BA288AF Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |