Windows
Analysis Report
Documents Of DHL -BL- AWB- 8976453410.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
Documents Of DHL -BL- AWB- 8976453410.exe (PID: 3812 cmdline:
"C:\Users\ user\Deskt op\Documen ts Of DHL -BL- AWB- 8976453410 .exe" MD5: 5F73C9853E26A72D00ACB018DB8A9175) powershell.exe (PID: 4104 cmdline:
"C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" Add-MpPref erence -Ex clusionPat h "C:\User s\user\Des ktop\Docum ents Of DH L -BL- AWB - 89764534 10.exe" -F orce MD5: 04029E121A0CFA5991749937DD22A1D9) conhost.exe (PID: 4132 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) RegAsm.exe (PID: 5896 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\reg asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13) RegAsm.exe (PID: 5900 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\reg asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13) WerFault.exe (PID: 432 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 3 812 -s 132 4 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Agent Tesla, AgentTesla | A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel. |
{"C2 url": "https://api.telegram.org/bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendMessage"}
{"Exfil Mode": "Telegram", "Telegram Url": "https://api.telegram.org/bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendMessage?chat_id=7153133538"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
Click to see the 12 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID | Detects executables referencing Windows vault credential objects. Observed in infostealers | ditekSHen |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 15 entries |
System Summary |
---|
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Timestamp: | 05/23/24-20:23:48.252165 |
SID: | 2851779 |
Source Port: | 49702 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: | ||
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Exploits |
---|
Source: | File source: | ||
Source: | File source: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | Snort IDS: |
Source: | DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | .Net Code: |
Source: | Windows user hook set: | Jump to behavior |
Source: | Window created: | Jump to behavior |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Process Stats: |
Source: | Code function: | 0_2_00007FFAACCD3E60 | |
Source: | Code function: | 0_2_00007FFAACCD1E12 | |
Source: | Code function: | 0_2_00007FFAACCFF778 | |
Source: | Code function: | 0_2_00007FFAACCD1E88 | |
Source: | Code function: | 0_2_00007FFAACCD1E58 | |
Source: | Code function: | 0_2_00007FFAACCD1E50 | |
Source: | Code function: | 0_2_00007FFAACCD1E38 | |
Source: | Code function: | 0_2_00007FFAACCD31F0 | |
Source: | Code function: | 0_2_00007FFAACDE0261 | |
Source: | Code function: | 0_2_00007FFAACCD08A5 | |
Source: | Code function: | 4_2_015E4180 | |
Source: | Code function: | 4_2_015EA960 | |
Source: | Code function: | 4_2_015E4A50 | |
Source: | Code function: | 4_2_015E3E38 | |
Source: | Code function: | 4_2_015EE573 | |
Source: | Code function: | 4_2_06D55110 | |
Source: | Code function: | 4_2_06D51F21 | |
Source: | Code function: | 4_2_06D55AF9 | |
Source: | Code function: | 4_2_06D55B08 | |
Source: | Code function: | 4_2_06D66650 | |
Source: | Code function: | 4_2_06D6B27F | |
Source: | Code function: | 4_2_06D65600 | |
Source: | Code function: | 4_2_06D630B8 | |
Source: | Code function: | 4_2_06D6C1D8 | |
Source: | Code function: | 4_2_06D67DE0 | |
Source: | Code function: | 4_2_06D62380 | |
Source: | Code function: | 4_2_06D67700 | |
Source: | Code function: | 4_2_06D60040 | |
Source: | Code function: | 4_2_06D60007 | |
Source: | Code function: | 4_2_06D65D37 |
Source: | Process created: |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FFAACCD4AA1 | |
Source: | Code function: | 0_2_00007FFAACCD756A | |
Source: | Code function: | 0_2_00007FFAACCD620F | |
Source: | Code function: | 0_2_00007FFAACCD00C1 | |
Source: | Code function: | 0_2_00007FFAACDE0552 | |
Source: | Code function: | 4_2_015EC1B8 | |
Source: | Code function: | 4_2_015EC2C2 | |
Source: | Code function: | 4_2_015E0C52 | |
Source: | Code function: | 4_2_015E0C52 | |
Source: | Code function: | 4_2_015E0C7A | |
Source: | Code function: | 4_2_06D56449 | |
Source: | Code function: | 4_2_06D55101 | |
Source: | Code function: | 4_2_06D6F28E |
Source: | File created: | |||
Source: | File created: | |||
Source: | File created: | |||
Source: | File created: | |||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File source: |
Source: | WMI Queries: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 0_2_00007FFAACDE10F0 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Lowering of HIPS / PFW / Operating System Security Settings |
---|
Source: | Registry value created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 121 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 21 Disable or Modify Tools | 2 OS Credential Dumping | 1 File and Directory Discovery | Remote Services | 11 Archive Collected Data | 1 Web Service | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 211 Process Injection | 1 Deobfuscate/Decode Files or Information | 21 Input Capture | 24 System Information Discovery | Remote Desktop Protocol | 2 Data from Local System | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Obfuscated Files or Information | 1 Credentials in Registry | 231 Security Software Discovery | SMB/Windows Admin Shares | 1 Email Collection | 11 Encrypted Channel | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Timestomp | NTDS | 1 Process Discovery | Distributed Component Object Model | 21 Input Capture | 3 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 161 Virtualization/Sandbox Evasion | SSH | 1 Clipboard Data | 14 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 161 Virtualization/Sandbox Evasion | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 211 Process Injection | DCSync | 1 System Network Configuration Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
29% | ReversingLabs | Win64.Trojan.GenSteal | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
api.ipify.org | 172.67.74.152 | true | false | unknown | |
api.telegram.org | 149.154.167.220 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | true | |
172.67.74.152 | api.ipify.org | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1446731 |
Start date and time: | 2024-05-23 20:22:49 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 8m 42s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 25 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Documents Of DHL -BL- AWB- 8976453410.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.expl.evad.winEXE@9/10@2/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.189.173.21
- Excluded domains from analysis (whitelisted): login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target Documents Of DHL -BL- AWB- 8976453410.exe, PID 3812 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: Documents Of DHL -BL- AWB- 8976453410.exe
Time | Type | Description |
---|---|---|
14:23:45 | API Interceptor | |
14:23:46 | API Interceptor | |
14:24:03 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
149.154.167.220 | Get hash | malicious | AgentTesla | Browse | ||
Get hash | malicious | AgentTesla, PureLog Stealer, XWorm | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AsyncRAT, DcRat, StormKitty, VenomRAT | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | WSHRAT | Browse | |||
Get hash | malicious | Gurcu Stealer, WhiteSnake Stealer | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
172.67.74.152 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Stealit | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Stealit | Browse |
| ||
Get hash | malicious | Stealit | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
api.telegram.org | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla, PureLog Stealer, XWorm | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AsyncRAT, DcRat, StormKitty, VenomRAT | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | WSHRAT | Browse |
| ||
Get hash | malicious | Gurcu Stealer, WhiteSnake Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
api.ipify.org | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | AgentTesla, PureLog Stealer, XWorm | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
TELEGRAMRU | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla, PureLog Stealer, XWorm | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AsyncRAT, DcRat, StormKitty, VenomRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | WSHRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | FormBook | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Lokibot | Browse |
| ||
Get hash | malicious | MalLnk | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer, XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GuLoader, XWorm | Browse |
| ||
Get hash | malicious | GuLoader, XWorm | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | AsyncRAT, GuLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Documents Of DHL_a717dd2ed6cc9cb1daf8a386d324cb1affad1e_f07a7b38_8172a8de-ac37-4d37-8223-7185386ef586\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.195693117100849 |
Encrypted: | false |
SSDEEP: | 384:5+YoPUxQUqXGUnULUYam83ZzuiFMY4lO8g+6:5+YYU2RGUnULUYadzuiFMY4lO8g+ |
MD5: | 739377763B1120BB72B02830CD75748A |
SHA1: | 7601E19D1D86C39807D91EA57EB6AE81C84BBB7F |
SHA-256: | 53694AF390781701C75773EB2B8BAF912F99F92BE2577A2E8F2C5681B33D030D |
SHA-512: | 877632E2EFD554A62BEAE6F9EA6B6D4D79340FCCA54AEE32504369B4A0C04ABC3DFD453290B8391921F12F2BB800C7D439E08641DA140DCC22E195120D4E3E87 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 504659 |
Entropy (8bit): | 3.3947823055432345 |
Encrypted: | false |
SSDEEP: | 6144:EB6j9uXeqje3QIZEaKgWhTapz7DjbTLqmP8:ZOeqjeQC |
MD5: | 70B8D9A20284B893E2CEE975018170F6 |
SHA1: | 9411E3D933F9E3B8FDF49C0A617733971E34A29D |
SHA-256: | 59F952F41D7DB653D5B622378FFE6A9E437EB55F862694A94E15A37EE7571A3B |
SHA-512: | B59A4405A36815A346C15F1DE49E05AE1125301BC88D356607A3DE2EEAF0A05EE89DE89AC2DF534B0D673D418DD27CC71484F49E7F887A963961CECE1DDAC76B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8716 |
Entropy (8bit): | 3.7174409101956813 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJj+Zaw2t16YNk0hcNgmfI+RSqBprp89bbwDfbKJm:R6lXJaUh6YeocNgmf5wqqb0fbt |
MD5: | 5CD0F11184C66796BCAD0AF4489EAE4B |
SHA1: | 08208B9886AA3E883D5AD6EBE2F85BE924D7AF4B |
SHA-256: | 34767511900A5D6AF8C644FEA474FAF6F0F412BB601B8C3A0CEB995D7C850ADB |
SHA-512: | FB5927FC13586208ABDD6CD282B2FCF83CC4CD4E45449678BF2F6BC3CD6897A5B829EF233984C06123FC6D0C5D3634BF070F2E2A4837CAD87E4867E1B702D5FE |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4912 |
Entropy (8bit): | 4.572814722831904 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsgJg771I97CRWpW8VYNPYm8M4JaJgJfAFCzyq85mJMiw4d0JlT0JlWd:uIjfmI7BA7V9Jtxw4d8T8Wd |
MD5: | 5CC7D2A19D99204D987E46124D35199C |
SHA1: | 6260BCFC3110996A649BDC12B02D75C845D13B74 |
SHA-256: | 9E4B7C2491D816876997917D794437B7E0FCAC1FC21C60CF7CEE996658E5BCF7 |
SHA-512: | 070F50CA1C2A7AF0F0D5671CF706ED3572A06A76A979B1EF7779F9D1B8389F01EA38C4519BA8E7CC723CA5CDA378922B8FCB2E60DF57C0A404D119B5ED3EA042 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 64 |
Entropy (8bit): | 1.1940658735648508 |
Encrypted: | false |
SSDEEP: | 3:Nlllultnxj:NllU |
MD5: | F93358E626551B46E6ED5A0A9D29BD51 |
SHA1: | 9AECA90CCBFD1BEC2649D66DF8EBE64C13BACF03 |
SHA-256: | 0347D1DE5FEA380ADFD61737ECD6068CB69FC466AC9C77F3056275D5FCAFDC0D |
SHA-512: | D609B72F20BF726FD14D3F2EE91CCFB2A281FAD6BC88C083BFF7FCD177D2E59613E7E4E086DB73037E2B0B8702007C8F7524259D109AF64942F3E60BFCC49853 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.417331844394225 |
Encrypted: | false |
SSDEEP: | 6144:2cifpi6ceLPL9skLmb0mmSWSPtaJG8nAgex285i2MMhA20X4WABlGuN95+:Ti58mSWIZBk2MM6AFBvo |
MD5: | C2AB8232E66E190251AD8F721DA2B5A8 |
SHA1: | FB339F29DD30AE0E4EBB95591E6BA3DBF00658DB |
SHA-256: | 1A8EE583DF40931ACDC9EF4C239D537F26E184B5197DFD35B167FA805A9E2B16 |
SHA-512: | CF967E67C28982C9E601DBDA7DE7C53B5F81690483ECF00E6E919F0E843D07A322E7D621C54D79D9473F360A4B1547D3244CD32EE302A2455EC3B0CCC83034AA |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.969816501836858 |
TrID: |
|
File name: | Documents Of DHL -BL- AWB- 8976453410.exe |
File size: | 641'545 bytes |
MD5: | 5f73c9853e26a72d00acb018db8a9175 |
SHA1: | 62b92ce12a85ef418deed00c907d32660162c9e1 |
SHA256: | e470ca1515de30d455b70bdeef3b2d1cc9a479f66e245843c0a235e6f0859943 |
SHA512: | 28f71e2b9f42c2db1a3615ad31837bf2c23529bbefe0b171102be58669a2eb0809cc256cdc4200ca157f79ef554a1069d11c4c0c6d7b16ac9b5bb46557e5c61a |
SSDEEP: | 12288:6FaXafmDSosLsjGLjvo3fNnRTLr16Mtol0fLtnccS5k7TSjBS47r0BS:6FaX3zLGLroPNnRTLkMtRfLScS5ESV0M |
TLSH: | 07D423817FDC2983D37D82B48DE113E13635E7B87B629B3D20409A4F64815EAFAB1D25 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................."...0.d................ ....@...... ...............................S....`................................ |
Icon Hash: | 6c693168c8e0e0b0 |
Entrypoint: | 0x400000 |
Entrypoint Section: | |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0xF4D2168A [Sat Feb 27 10:57:14 2100 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: |
Instruction |
---|
dec ebp |
pop edx |
nop |
add byte ptr [ebx], al |
add byte ptr [eax], al |
add byte ptr [eax+eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xc000 | 0x177a | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xb948 | 0x1c | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2000 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x9964 | 0x9a00 | 8a07205e54f3166c4659b418a2432e44 | False | 0.5647575081168831 | data | 6.113327171227334 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0xc000 | 0x177a | 0x1800 | 1d3b8f087a07fde73180cbaf412f47c3 | False | 0.4724934895833333 | data | 5.385191300565514 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0xc15c | 0xc88 | Device independent bitmap graphic, 32 x 48 x 32, image size 3072 | 0.5819825436408977 | ||
RT_GROUP_ICON | 0xcde4 | 0x14 | data | 1.05 | ||
RT_VERSION | 0xcdf8 | 0x3cc | data | 0.5061728395061729 | ||
RT_VERSION | 0xd1c4 | 0x3cc | data | English | United States | 0.507201646090535 |
RT_MANIFEST | 0xd590 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5489795918367347 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
05/23/24-20:23:48.252165 | TCP | 2851779 | ETPRO TROJAN Agent Tesla Telegram Exfil | 49702 | 443 | 192.168.2.7 | 149.154.167.220 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 23, 2024 20:23:45.052680969 CEST | 49700 | 443 | 192.168.2.7 | 172.67.74.152 |
May 23, 2024 20:23:45.052716017 CEST | 443 | 49700 | 172.67.74.152 | 192.168.2.7 |
May 23, 2024 20:23:45.054647923 CEST | 49700 | 443 | 192.168.2.7 | 172.67.74.152 |
May 23, 2024 20:23:45.066507101 CEST | 49700 | 443 | 192.168.2.7 | 172.67.74.152 |
May 23, 2024 20:23:45.066529989 CEST | 443 | 49700 | 172.67.74.152 | 192.168.2.7 |
May 23, 2024 20:23:45.583684921 CEST | 443 | 49700 | 172.67.74.152 | 192.168.2.7 |
May 23, 2024 20:23:45.586502075 CEST | 49700 | 443 | 192.168.2.7 | 172.67.74.152 |
May 23, 2024 20:23:45.587321043 CEST | 49700 | 443 | 192.168.2.7 | 172.67.74.152 |
May 23, 2024 20:23:45.587327957 CEST | 443 | 49700 | 172.67.74.152 | 192.168.2.7 |
May 23, 2024 20:23:45.587579012 CEST | 443 | 49700 | 172.67.74.152 | 192.168.2.7 |
May 23, 2024 20:23:45.634509087 CEST | 49700 | 443 | 192.168.2.7 | 172.67.74.152 |
May 23, 2024 20:23:45.686501980 CEST | 49700 | 443 | 192.168.2.7 | 172.67.74.152 |
May 23, 2024 20:23:45.730499983 CEST | 443 | 49700 | 172.67.74.152 | 192.168.2.7 |
May 23, 2024 20:23:45.893743992 CEST | 443 | 49700 | 172.67.74.152 | 192.168.2.7 |
May 23, 2024 20:23:45.893806934 CEST | 443 | 49700 | 172.67.74.152 | 192.168.2.7 |
May 23, 2024 20:23:45.893861055 CEST | 49700 | 443 | 192.168.2.7 | 172.67.74.152 |
May 23, 2024 20:23:45.899708033 CEST | 49700 | 443 | 192.168.2.7 | 172.67.74.152 |
May 23, 2024 20:23:47.281743050 CEST | 49702 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:23:47.281780005 CEST | 443 | 49702 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:23:47.281884909 CEST | 49702 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:23:47.283318996 CEST | 49702 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:23:47.283339024 CEST | 443 | 49702 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:23:47.917943001 CEST | 443 | 49702 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:23:47.918026924 CEST | 49702 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:23:47.919770002 CEST | 49702 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:23:47.919780970 CEST | 443 | 49702 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:23:47.920053959 CEST | 443 | 49702 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:23:47.922935009 CEST | 49702 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:23:47.966532946 CEST | 443 | 49702 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:23:48.251708984 CEST | 443 | 49702 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:23:48.252082109 CEST | 49702 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:23:48.252099991 CEST | 443 | 49702 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:23:48.491157055 CEST | 443 | 49702 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:23:48.492289066 CEST | 49702 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:23:48.492341042 CEST | 443 | 49702 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:23:48.492396116 CEST | 49702 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:23:48.602446079 CEST | 49705 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:23:48.602494001 CEST | 443 | 49705 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:23:48.602585077 CEST | 49705 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:23:48.602819920 CEST | 49705 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:23:48.602835894 CEST | 443 | 49705 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:23:49.264678955 CEST | 443 | 49705 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:23:49.264765978 CEST | 49705 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:23:49.268006086 CEST | 49705 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:23:49.268028021 CEST | 443 | 49705 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:23:49.268285036 CEST | 443 | 49705 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:23:49.304497004 CEST | 49705 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:23:49.346508026 CEST | 443 | 49705 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:23:49.610678911 CEST | 443 | 49705 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:23:49.610930920 CEST | 49705 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:23:49.610959053 CEST | 443 | 49705 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:23:49.971270084 CEST | 443 | 49705 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:23:49.971754074 CEST | 49705 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:23:49.971812963 CEST | 443 | 49705 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:23:49.971869946 CEST | 49705 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:30.906466961 CEST | 49720 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:30.906512022 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:30.906585932 CEST | 49720 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:30.906918049 CEST | 49720 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:30.906929016 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:31.578743935 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:31.578838110 CEST | 49720 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:31.582899094 CEST | 49720 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:31.582926989 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:31.583183050 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:31.595972061 CEST | 49720 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:31.638495922 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:31.866308928 CEST | 49721 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:31.866354942 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:31.866540909 CEST | 49721 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:31.867126942 CEST | 49721 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:31.867137909 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:31.939826012 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:31.940217018 CEST | 49720 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:31.940256119 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:31.941327095 CEST | 49720 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:31.941355944 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:31.941628933 CEST | 49720 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:31.941644907 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:32.470236063 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:32.470314980 CEST | 49720 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:32.470343113 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:32.470362902 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:32.470401049 CEST | 49720 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:32.470905066 CEST | 49720 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:32.525460005 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:32.527637959 CEST | 49721 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:32.527663946 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:32.837167025 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:32.837480068 CEST | 49721 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:32.837517977 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:32.837595940 CEST | 49721 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:32.837614059 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:32.837702990 CEST | 49721 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:32.837774038 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:33.360692978 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:33.360780954 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:33.361341000 CEST | 49721 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:33.363143921 CEST | 49721 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:45.286011934 CEST | 49722 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:45.286087036 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:45.286192894 CEST | 49722 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:45.286640882 CEST | 49722 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:45.286657095 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:45.636843920 CEST | 49723 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:45.636893034 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:45.637078047 CEST | 49723 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:45.639126062 CEST | 49723 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:45.639136076 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:46.004476070 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:46.007137060 CEST | 49722 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:46.007164955 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:46.300122976 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:46.302140951 CEST | 49723 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:46.302170038 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:46.352165937 CEST | 49722 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:46.352216959 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:46.352415085 CEST | 49722 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:46.352446079 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:46.352572918 CEST | 49722 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:46.352638960 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:46.357812881 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:46.427290916 CEST | 49722 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:46.648013115 CEST | 49723 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:46.648089886 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:46.648215055 CEST | 49723 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:46.648246050 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:46.648349047 CEST | 49723 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:46.648372889 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:46.673419952 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:46.752202034 CEST | 49723 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:46.849070072 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:46.849256992 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:46.849344015 CEST | 49722 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:46.849455118 CEST | 49722 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:46.849582911 CEST | 49722 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:47.171724081 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:47.171802044 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:47.179259062 CEST | 49723 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:47.179260015 CEST | 49723 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:47.323142052 CEST | 49724 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:47.323189974 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:47.323750973 CEST | 49724 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:47.323986053 CEST | 49724 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:47.324022055 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:48.078232050 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:48.085897923 CEST | 49724 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:48.085911989 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:48.429795980 CEST | 49724 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:48.429814100 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:48.429908037 CEST | 49724 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:48.429934025 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:48.430015087 CEST | 49724 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:48.430083990 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:48.534450054 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:48.575371981 CEST | 49724 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:48.644705057 CEST | 49725 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:48.644742012 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:48.644817114 CEST | 49725 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:48.645076036 CEST | 49725 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:48.645083904 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:48.959893942 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:48.959963083 CEST | 49724 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:48.959984064 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:48.959997892 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:48.960036039 CEST | 49724 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:48.960552931 CEST | 49724 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:49.494939089 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:49.497268915 CEST | 49725 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:49.497281075 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:49.851150036 CEST | 49725 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:49.851169109 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:49.852343082 CEST | 49725 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:49.852356911 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:49.852461100 CEST | 49725 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:49.852569103 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:49.867782116 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:50.078495979 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:50.078679085 CEST | 49725 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:50.351392031 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:50.351461887 CEST | 49725 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:50.351479053 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:50.351492882 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:50.351541042 CEST | 49725 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:50.352087975 CEST | 49725 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:57.646509886 CEST | 49726 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:57.646538973 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:57.646687984 CEST | 49726 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:57.647098064 CEST | 49726 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:57.647113085 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:58.272288084 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:58.274677992 CEST | 49726 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:58.274693012 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:58.632467985 CEST | 49726 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:58.632494926 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:58.632571936 CEST | 49726 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:58.632589102 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:58.632690907 CEST | 49726 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:58.632926941 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:58.662400961 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:58.819715023 CEST | 49726 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:59.217956066 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:59.218053102 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:25:59.219901085 CEST | 49726 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:25:59.219901085 CEST | 49726 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:01.881906033 CEST | 49727 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:01.881934881 CEST | 443 | 49727 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:01.882078886 CEST | 49727 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:01.882505894 CEST | 49727 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:01.882514000 CEST | 443 | 49727 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:02.577459097 CEST | 443 | 49727 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:02.579801083 CEST | 49727 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:02.579821110 CEST | 443 | 49727 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:02.926320076 CEST | 443 | 49727 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:02.926745892 CEST | 49727 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:02.926776886 CEST | 443 | 49727 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:02.926856041 CEST | 49727 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:02.926877022 CEST | 443 | 49727 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:02.926953077 CEST | 49727 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:02.926983118 CEST | 443 | 49727 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:03.511538982 CEST | 443 | 49727 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:03.515628099 CEST | 49727 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:03.515628099 CEST | 49727 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:03.515692949 CEST | 443 | 49727 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:03.515923023 CEST | 443 | 49727 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:03.517081976 CEST | 49727 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:03.519709110 CEST | 49727 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:06.908735037 CEST | 49728 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:06.908773899 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:06.908839941 CEST | 49728 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:06.909295082 CEST | 49728 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:06.909311056 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:07.643094063 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:07.643203974 CEST | 49728 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:07.645378113 CEST | 49728 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:07.645389080 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:07.645628929 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:07.649312973 CEST | 49728 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:07.690495968 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:07.954391956 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:07.954718113 CEST | 49728 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:07.954741955 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:07.955240011 CEST | 49728 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:07.955254078 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:07.957542896 CEST | 49728 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:07.957552910 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:08.531390905 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:08.531487942 CEST | 49728 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:08.531490088 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:08.531536102 CEST | 49728 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:08.532238960 CEST | 49728 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:12.522607088 CEST | 49729 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:12.522636890 CEST | 443 | 49729 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:12.522813082 CEST | 49729 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:12.523189068 CEST | 49729 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:12.523201942 CEST | 443 | 49729 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:13.355370998 CEST | 443 | 49729 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:13.357105970 CEST | 49729 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:13.357131004 CEST | 443 | 49729 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:13.710589886 CEST | 49729 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:13.710632086 CEST | 443 | 49729 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:13.710721970 CEST | 49729 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:13.710736036 CEST | 443 | 49729 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:13.710824966 CEST | 49729 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:13.710875988 CEST | 443 | 49729 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:13.731712103 CEST | 443 | 49729 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:13.929104090 CEST | 49729 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:14.006114960 CEST | 49730 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:14.006156921 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:14.006226063 CEST | 49730 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:14.006541014 CEST | 49730 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:14.006553888 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:14.032383919 CEST | 49729 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:14.032485962 CEST | 443 | 49729 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:14.032716036 CEST | 443 | 49729 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:14.032778025 CEST | 49729 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:14.032793999 CEST | 49729 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:14.641508102 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:14.641657114 CEST | 49730 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:14.644587040 CEST | 49730 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:14.644599915 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:14.645375967 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:14.647273064 CEST | 49730 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:14.694494009 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:14.993392944 CEST | 49730 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:14.993424892 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:14.993662119 CEST | 49730 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:14.993678093 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:14.993861914 CEST | 49730 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:14.993877888 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:14.998755932 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:15.054085016 CEST | 49730 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:15.531428099 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:15.531497955 CEST | 49730 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:15.531508923 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:15.531519890 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:15.531584024 CEST | 49730 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:15.531940937 CEST | 49730 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:16.571433067 CEST | 49731 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:16.571453094 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:16.574611902 CEST | 49731 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:16.574927092 CEST | 49731 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:16.574934959 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:17.224950075 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:17.228122950 CEST | 49731 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:17.228132010 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:17.572521925 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:17.572876930 CEST | 49731 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:17.572896957 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:17.572968006 CEST | 49731 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:17.572978020 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:17.573046923 CEST | 49731 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:17.573158026 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:18.160231113 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:18.160325050 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:18.160346031 CEST | 49731 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:18.160434008 CEST | 49731 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:18.160819054 CEST | 49731 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:29.132401943 CEST | 49732 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:29.132441044 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:29.133706093 CEST | 49732 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:29.134562016 CEST | 49732 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:29.134572029 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:30.935719013 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:30.937482119 CEST | 49732 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:30.937498093 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:31.252084017 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:31.252564907 CEST | 49732 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:31.252621889 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:31.252708912 CEST | 49732 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:31.252727985 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:31.252815962 CEST | 49732 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:31.252878904 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:31.778136969 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:31.778240919 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:31.778317928 CEST | 49732 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:31.778317928 CEST | 49732 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:31.778681993 CEST | 49732 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:33.378803015 CEST | 49733 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:33.378855944 CEST | 443 | 49733 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:33.378931999 CEST | 49733 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:33.379404068 CEST | 49733 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:33.379420996 CEST | 443 | 49733 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:34.071239948 CEST | 443 | 49733 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:34.073360920 CEST | 49733 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:34.073381901 CEST | 443 | 49733 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:34.318989038 CEST | 49733 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:34.319137096 CEST | 443 | 49733 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:34.319329977 CEST | 49733 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:34.319855928 CEST | 49734 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:34.319892883 CEST | 443 | 49734 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:34.320146084 CEST | 49734 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:34.320636034 CEST | 49734 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:34.320653915 CEST | 443 | 49734 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:34.951668978 CEST | 443 | 49734 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:34.951772928 CEST | 49734 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:34.954422951 CEST | 49734 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:34.954436064 CEST | 443 | 49734 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:34.954699993 CEST | 443 | 49734 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:34.957066059 CEST | 49734 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:35.002506971 CEST | 443 | 49734 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:35.282027006 CEST | 443 | 49734 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:35.282535076 CEST | 49734 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:35.282571077 CEST | 443 | 49734 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:35.282645941 CEST | 49734 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:35.282660961 CEST | 443 | 49734 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:35.282726049 CEST | 49734 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:35.282780886 CEST | 443 | 49734 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:35.339163065 CEST | 49735 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:35.339210033 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:35.339297056 CEST | 49735 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:35.339657068 CEST | 49735 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:35.339668989 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:35.762023926 CEST | 443 | 49734 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:35.762109995 CEST | 49734 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:35.762120962 CEST | 443 | 49734 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:35.762162924 CEST | 49734 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:35.762491941 CEST | 49734 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:36.028762102 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:36.030416965 CEST | 49735 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:36.030451059 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:36.319443941 CEST | 49736 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:36.319480896 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:36.319637060 CEST | 49736 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:36.322504044 CEST | 49736 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:36.322518110 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:36.376740932 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:36.377250910 CEST | 49735 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:36.377279997 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:36.377388000 CEST | 49735 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:36.377403021 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:36.377743959 CEST | 49735 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:36.377756119 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:36.894802094 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:36.894893885 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:36.894946098 CEST | 49735 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:36.895124912 CEST | 49735 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:36.895394087 CEST | 49735 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:36.954014063 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:36.955821991 CEST | 49736 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:36.955838919 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:37.304661989 CEST | 49736 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:37.304692030 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:37.304784060 CEST | 49736 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:37.304805040 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:37.304893970 CEST | 49736 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:37.304935932 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:37.309178114 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:37.351035118 CEST | 49736 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:37.880522013 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:37.880614996 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:37.880659103 CEST | 49736 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:37.880659103 CEST | 49736 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:37.881292105 CEST | 49736 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:43.292897940 CEST | 49737 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:43.292947054 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:43.293004990 CEST | 49737 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:43.293422937 CEST | 49737 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:43.293440104 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:43.933058023 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:43.934849977 CEST | 49737 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:43.934883118 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:44.274523020 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:44.282553911 CEST | 49737 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:44.282579899 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:44.288685083 CEST | 49737 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:44.288698912 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:44.289093971 CEST | 49737 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:44.289103985 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:44.769737959 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:44.769828081 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:26:44.769857883 CEST | 49737 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:44.769951105 CEST | 49737 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:26:44.770379066 CEST | 49737 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:03.850107908 CEST | 49738 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:03.850147963 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:03.850249052 CEST | 49738 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:03.850600958 CEST | 49738 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:03.850617886 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:04.502273083 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:04.504215956 CEST | 49738 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:04.504241943 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:04.697632074 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:04.697983027 CEST | 49738 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:04.698005915 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:04.698101044 CEST | 49738 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:04.698113918 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:04.698276997 CEST | 49738 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:04.698287964 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:05.419284105 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:05.419385910 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:05.419413090 CEST | 49738 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:05.419431925 CEST | 49738 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:05.420480967 CEST | 49738 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:24.146977901 CEST | 49739 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:24.147021055 CEST | 443 | 49739 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:24.147118092 CEST | 49739 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:24.147444963 CEST | 49739 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:24.147459030 CEST | 443 | 49739 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:24.774430990 CEST | 443 | 49739 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:24.776748896 CEST | 49739 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:24.776767015 CEST | 443 | 49739 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:25.102277040 CEST | 443 | 49739 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:25.102736950 CEST | 49739 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:25.102763891 CEST | 443 | 49739 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:25.102866888 CEST | 49739 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:25.102880001 CEST | 443 | 49739 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:25.102943897 CEST | 49739 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:25.102982998 CEST | 443 | 49739 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:25.741113901 CEST | 443 | 49739 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:25.741199017 CEST | 443 | 49739 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:25.741750956 CEST | 49739 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:25.741750956 CEST | 49739 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:30.086982012 CEST | 49740 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:30.087044001 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:30.091097116 CEST | 49740 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:30.094978094 CEST | 49740 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:30.095025063 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:30.867419958 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:30.869785070 CEST | 49740 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:30.869803905 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:31.226380110 CEST | 49740 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:31.226411104 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:31.226526022 CEST | 49740 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:31.226545095 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:31.226618052 CEST | 49740 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:31.226778984 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:31.257613897 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:31.304176092 CEST | 49740 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:31.865192890 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:31.865283012 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:31.865319014 CEST | 49740 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:31.865705967 CEST | 49740 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:31.865715027 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:31.865745068 CEST | 49740 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:31.865894079 CEST | 49740 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:35.386759996 CEST | 49741 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:35.386809111 CEST | 443 | 49741 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:35.386894941 CEST | 49741 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:35.387485981 CEST | 49741 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:35.387501955 CEST | 443 | 49741 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:36.054600954 CEST | 443 | 49741 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:36.056642056 CEST | 49741 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:36.056683064 CEST | 443 | 49741 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:36.405096054 CEST | 443 | 49741 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:36.405518055 CEST | 49741 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:36.405555964 CEST | 443 | 49741 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:36.405632973 CEST | 49741 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:36.405661106 CEST | 443 | 49741 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:36.405741930 CEST | 49741 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:36.405788898 CEST | 443 | 49741 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:36.893459082 CEST | 443 | 49741 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:36.893528938 CEST | 49741 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:36.893548012 CEST | 443 | 49741 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:36.893568993 CEST | 443 | 49741 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:36.893614054 CEST | 49741 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:36.894373894 CEST | 49741 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:38.305229902 CEST | 49742 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:38.305269003 CEST | 443 | 49742 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:38.309953928 CEST | 49742 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:38.313873053 CEST | 49742 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:38.313885927 CEST | 443 | 49742 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:38.940237045 CEST | 443 | 49742 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:38.942082882 CEST | 49742 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:38.942120075 CEST | 443 | 49742 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:39.288918018 CEST | 49742 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:39.288952112 CEST | 443 | 49742 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:39.289066076 CEST | 49742 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:39.289078951 CEST | 443 | 49742 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:39.289151907 CEST | 49742 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:39.289217949 CEST | 443 | 49742 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:39.291450977 CEST | 443 | 49742 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:39.335427999 CEST | 49742 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:39.769943953 CEST | 443 | 49742 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:39.770034075 CEST | 443 | 49742 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:39.770065069 CEST | 49742 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:39.770149946 CEST | 49742 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:39.770936966 CEST | 49742 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:49.724524021 CEST | 49743 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:49.724571943 CEST | 443 | 49743 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:49.724661112 CEST | 49743 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:49.724919081 CEST | 49743 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:49.724934101 CEST | 443 | 49743 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:50.337738037 CEST | 443 | 49743 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:50.343620062 CEST | 49743 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:50.343646049 CEST | 443 | 49743 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:50.651931047 CEST | 443 | 49743 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:50.652309895 CEST | 49743 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:50.652339935 CEST | 443 | 49743 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:50.652432919 CEST | 49743 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:50.652452946 CEST | 443 | 49743 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:50.652539015 CEST | 49743 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:50.652570963 CEST | 443 | 49743 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:51.175559044 CEST | 443 | 49743 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:51.175641060 CEST | 49743 | 443 | 192.168.2.7 | 149.154.167.220 |
May 23, 2024 20:27:51.175661087 CEST | 443 | 49743 | 149.154.167.220 | 192.168.2.7 |
May 23, 2024 20:27:51.175755978 CEST | 49743 | 443 | 192.168.2.7 | 149.154.167.220 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 23, 2024 20:23:45.025135994 CEST | 51500 | 53 | 192.168.2.7 | 1.1.1.1 |
May 23, 2024 20:23:45.040985107 CEST | 53 | 51500 | 1.1.1.1 | 192.168.2.7 |
May 23, 2024 20:23:47.268920898 CEST | 53066 | 53 | 192.168.2.7 | 1.1.1.1 |
May 23, 2024 20:23:47.280045986 CEST | 53 | 53066 | 1.1.1.1 | 192.168.2.7 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 23, 2024 20:23:45.025135994 CEST | 192.168.2.7 | 1.1.1.1 | 0xcfd8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 23, 2024 20:23:47.268920898 CEST | 192.168.2.7 | 1.1.1.1 | 0x8481 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 23, 2024 20:23:45.040985107 CEST | 1.1.1.1 | 192.168.2.7 | 0xcfd8 | No error (0) | 172.67.74.152 | A (IP address) | IN (0x0001) | false | ||
May 23, 2024 20:23:45.040985107 CEST | 1.1.1.1 | 192.168.2.7 | 0xcfd8 | No error (0) | 104.26.12.205 | A (IP address) | IN (0x0001) | false | ||
May 23, 2024 20:23:45.040985107 CEST | 1.1.1.1 | 192.168.2.7 | 0xcfd8 | No error (0) | 104.26.13.205 | A (IP address) | IN (0x0001) | false | ||
May 23, 2024 20:23:47.280045986 CEST | 1.1.1.1 | 192.168.2.7 | 0x8481 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.7 | 49700 | 172.67.74.152 | 443 | 5896 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:23:45 UTC | 155 | OUT | |
2024-05-23 18:23:45 UTC | 211 | IN | |
2024-05-23 18:23:45 UTC | 12 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.7 | 49702 | 149.154.167.220 | 443 | 5896 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:23:47 UTC | 260 | OUT | |
2024-05-23 18:23:48 UTC | 25 | IN | |
2024-05-23 18:23:48 UTC | 980 | OUT | |
2024-05-23 18:23:48 UTC | 1126 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.7 | 49705 | 149.154.167.220 | 443 | 5896 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:23:49 UTC | 236 | OUT | |
2024-05-23 18:23:49 UTC | 25 | IN | |
2024-05-23 18:23:49 UTC | 918 | OUT | |
2024-05-23 18:23:49 UTC | 1126 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.7 | 49720 | 149.154.167.220 | 443 | 5896 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:25:31 UTC | 262 | OUT | |
2024-05-23 18:25:31 UTC | 25 | IN | |
2024-05-23 18:25:31 UTC | 1024 | OUT | |
2024-05-23 18:25:31 UTC | 16355 | OUT | |
2024-05-23 18:25:31 UTC | 16355 | OUT | |
2024-05-23 18:25:31 UTC | 16355 | OUT | |
2024-05-23 18:25:31 UTC | 15447 | OUT | |
2024-05-23 18:25:31 UTC | 1347 | OUT | |
2024-05-23 18:25:31 UTC | 50 | OUT | |
2024-05-23 18:25:32 UTC | 1494 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.7 | 49721 | 149.154.167.220 | 443 | 5896 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:25:32 UTC | 262 | OUT | |
2024-05-23 18:25:32 UTC | 25 | IN | |
2024-05-23 18:25:32 UTC | 1024 | OUT | |
2024-05-23 18:25:32 UTC | 16355 | OUT | |
2024-05-23 18:25:32 UTC | 16355 | OUT | |
2024-05-23 18:25:32 UTC | 16355 | OUT | |
2024-05-23 18:25:32 UTC | 15447 | OUT | |
2024-05-23 18:25:32 UTC | 1347 | OUT | |
2024-05-23 18:25:32 UTC | 50 | OUT | |
2024-05-23 18:25:33 UTC | 1494 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.7 | 49722 | 149.154.167.220 | 443 | 5896 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:25:46 UTC | 238 | OUT | |
2024-05-23 18:25:46 UTC | 1024 | OUT | |
2024-05-23 18:25:46 UTC | 16355 | OUT | |
2024-05-23 18:25:46 UTC | 16355 | OUT | |
2024-05-23 18:25:46 UTC | 16355 | OUT | |
2024-05-23 18:25:46 UTC | 15447 | OUT | |
2024-05-23 18:25:46 UTC | 1347 | OUT | |
2024-05-23 18:25:46 UTC | 50 | OUT | |
2024-05-23 18:25:46 UTC | 25 | IN | |
2024-05-23 18:25:46 UTC | 1494 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.7 | 49723 | 149.154.167.220 | 443 | 5896 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:25:46 UTC | 238 | OUT | |
2024-05-23 18:25:46 UTC | 1024 | OUT | |
2024-05-23 18:25:46 UTC | 16355 | OUT | |
2024-05-23 18:25:46 UTC | 16355 | OUT | |
2024-05-23 18:25:46 UTC | 16355 | OUT | |
2024-05-23 18:25:46 UTC | 15447 | OUT | |
2024-05-23 18:25:46 UTC | 1347 | OUT | |
2024-05-23 18:25:46 UTC | 50 | OUT | |
2024-05-23 18:25:46 UTC | 25 | IN | |
2024-05-23 18:25:47 UTC | 1494 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.7 | 49724 | 149.154.167.220 | 443 | 5896 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:25:48 UTC | 238 | OUT | |
2024-05-23 18:25:48 UTC | 1024 | OUT | |
2024-05-23 18:25:48 UTC | 16355 | OUT | |
2024-05-23 18:25:48 UTC | 16355 | OUT | |
2024-05-23 18:25:48 UTC | 16355 | OUT | |
2024-05-23 18:25:48 UTC | 15447 | OUT | |
2024-05-23 18:25:48 UTC | 1347 | OUT | |
2024-05-23 18:25:48 UTC | 50 | OUT | |
2024-05-23 18:25:48 UTC | 25 | IN | |
2024-05-23 18:25:48 UTC | 1494 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.7 | 49725 | 149.154.167.220 | 443 | 5896 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:25:49 UTC | 238 | OUT | |
2024-05-23 18:25:49 UTC | 1024 | OUT | |
2024-05-23 18:25:49 UTC | 16355 | OUT | |
2024-05-23 18:25:49 UTC | 16355 | OUT | |
2024-05-23 18:25:49 UTC | 16355 | OUT | |
2024-05-23 18:25:49 UTC | 15447 | OUT | |
2024-05-23 18:25:49 UTC | 1347 | OUT | |
2024-05-23 18:25:49 UTC | 50 | OUT | |
2024-05-23 18:25:49 UTC | 25 | IN | |
2024-05-23 18:25:50 UTC | 1494 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.7 | 49726 | 149.154.167.220 | 443 | 5896 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:25:58 UTC | 238 | OUT | |
2024-05-23 18:25:58 UTC | 1024 | OUT | |
2024-05-23 18:25:58 UTC | 16355 | OUT | |
2024-05-23 18:25:58 UTC | 16355 | OUT | |
2024-05-23 18:25:58 UTC | 16355 | OUT | |
2024-05-23 18:25:58 UTC | 15447 | OUT | |
2024-05-23 18:25:58 UTC | 1355 | OUT | |
2024-05-23 18:25:58 UTC | 50 | OUT | |
2024-05-23 18:25:58 UTC | 25 | IN | |
2024-05-23 18:25:59 UTC | 1494 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.7 | 49727 | 149.154.167.220 | 443 | 5896 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:26:02 UTC | 262 | OUT | |
2024-05-23 18:26:02 UTC | 25 | IN | |
2024-05-23 18:26:02 UTC | 1024 | OUT | |
2024-05-23 18:26:02 UTC | 16355 | OUT | |
2024-05-23 18:26:02 UTC | 16355 | OUT | |
2024-05-23 18:26:02 UTC | 16355 | OUT | |
2024-05-23 18:26:02 UTC | 15447 | OUT | |
2024-05-23 18:26:02 UTC | 1355 | OUT | |
2024-05-23 18:26:02 UTC | 50 | OUT | |
2024-05-23 18:26:03 UTC | 1494 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.7 | 49728 | 149.154.167.220 | 443 | 5896 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:26:07 UTC | 262 | OUT | |
2024-05-23 18:26:07 UTC | 25 | IN | |
2024-05-23 18:26:07 UTC | 1024 | OUT | |
2024-05-23 18:26:07 UTC | 16355 | OUT | |
2024-05-23 18:26:07 UTC | 16355 | OUT | |
2024-05-23 18:26:07 UTC | 16355 | OUT | |
2024-05-23 18:26:07 UTC | 15447 | OUT | |
2024-05-23 18:26:07 UTC | 1355 | OUT | |
2024-05-23 18:26:07 UTC | 50 | OUT | |
2024-05-23 18:26:08 UTC | 1494 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
12 | 192.168.2.7 | 49729 | 149.154.167.220 | 443 | 5896 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:26:13 UTC | 262 | OUT | |
2024-05-23 18:26:13 UTC | 1024 | OUT | |
2024-05-23 18:26:13 UTC | 16355 | OUT | |
2024-05-23 18:26:13 UTC | 16355 | OUT | |
2024-05-23 18:26:13 UTC | 16355 | OUT | |
2024-05-23 18:26:13 UTC | 15447 | OUT | |
2024-05-23 18:26:13 UTC | 1355 | OUT | |
2024-05-23 18:26:13 UTC | 50 | OUT | |
2024-05-23 18:26:13 UTC | 25 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
13 | 192.168.2.7 | 49730 | 149.154.167.220 | 443 | 5896 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:26:14 UTC | 262 | OUT | |
2024-05-23 18:26:14 UTC | 1024 | OUT | |
2024-05-23 18:26:14 UTC | 16355 | OUT | |
2024-05-23 18:26:14 UTC | 16355 | OUT | |
2024-05-23 18:26:14 UTC | 16355 | OUT | |
2024-05-23 18:26:14 UTC | 15447 | OUT | |
2024-05-23 18:26:14 UTC | 1355 | OUT | |
2024-05-23 18:26:14 UTC | 50 | OUT | |
2024-05-23 18:26:14 UTC | 25 | IN | |
2024-05-23 18:26:15 UTC | 1494 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
14 | 192.168.2.7 | 49731 | 149.154.167.220 | 443 | 5896 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:26:17 UTC | 238 | OUT | |
2024-05-23 18:26:17 UTC | 25 | IN | |
2024-05-23 18:26:17 UTC | 1024 | OUT | |
2024-05-23 18:26:17 UTC | 16355 | OUT | |
2024-05-23 18:26:17 UTC | 16355 | OUT | |
2024-05-23 18:26:17 UTC | 16355 | OUT | |
2024-05-23 18:26:17 UTC | 15447 | OUT | |
2024-05-23 18:26:17 UTC | 1355 | OUT | |
2024-05-23 18:26:17 UTC | 50 | OUT | |
2024-05-23 18:26:18 UTC | 1494 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
15 | 192.168.2.7 | 49732 | 149.154.167.220 | 443 | 5896 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:26:30 UTC | 262 | OUT | |
2024-05-23 18:26:31 UTC | 25 | IN | |
2024-05-23 18:26:31 UTC | 1024 | OUT | |
2024-05-23 18:26:31 UTC | 16355 | OUT | |
2024-05-23 18:26:31 UTC | 16355 | OUT | |
2024-05-23 18:26:31 UTC | 16355 | OUT | |
2024-05-23 18:26:31 UTC | 15447 | OUT | |
2024-05-23 18:26:31 UTC | 1355 | OUT | |
2024-05-23 18:26:31 UTC | 50 | OUT | |
2024-05-23 18:26:31 UTC | 1494 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
16 | 192.168.2.7 | 49733 | 149.154.167.220 | 443 | 5896 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:26:34 UTC | 262 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
17 | 192.168.2.7 | 49734 | 149.154.167.220 | 443 | 5896 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:26:34 UTC | 262 | OUT | |
2024-05-23 18:26:35 UTC | 25 | IN | |
2024-05-23 18:26:35 UTC | 1024 | OUT | |
2024-05-23 18:26:35 UTC | 16355 | OUT | |
2024-05-23 18:26:35 UTC | 16355 | OUT | |
2024-05-23 18:26:35 UTC | 16355 | OUT | |
2024-05-23 18:26:35 UTC | 15447 | OUT | |
2024-05-23 18:26:35 UTC | 1355 | OUT | |
2024-05-23 18:26:35 UTC | 50 | OUT | |
2024-05-23 18:26:35 UTC | 1497 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
18 | 192.168.2.7 | 49735 | 149.154.167.220 | 443 | 5896 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:26:36 UTC | 238 | OUT | |
2024-05-23 18:26:36 UTC | 25 | IN | |
2024-05-23 18:26:36 UTC | 1024 | OUT | |
2024-05-23 18:26:36 UTC | 16355 | OUT | |
2024-05-23 18:26:36 UTC | 16355 | OUT | |
2024-05-23 18:26:36 UTC | 16355 | OUT | |
2024-05-23 18:26:36 UTC | 15447 | OUT | |
2024-05-23 18:26:36 UTC | 1355 | OUT | |
2024-05-23 18:26:36 UTC | 50 | OUT | |
2024-05-23 18:26:36 UTC | 1494 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
19 | 192.168.2.7 | 49736 | 149.154.167.220 | 443 | 5896 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:26:36 UTC | 238 | OUT | |
2024-05-23 18:26:37 UTC | 1024 | OUT | |
2024-05-23 18:26:37 UTC | 16355 | OUT | |
2024-05-23 18:26:37 UTC | 16355 | OUT | |
2024-05-23 18:26:37 UTC | 16355 | OUT | |
2024-05-23 18:26:37 UTC | 15447 | OUT | |
2024-05-23 18:26:37 UTC | 6282 | OUT | |
2024-05-23 18:26:37 UTC | 50 | OUT | |
2024-05-23 18:26:37 UTC | 25 | IN | |
2024-05-23 18:26:37 UTC | 1494 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
20 | 192.168.2.7 | 49737 | 149.154.167.220 | 443 | 5896 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:26:43 UTC | 238 | OUT | |
2024-05-23 18:26:44 UTC | 25 | IN | |
2024-05-23 18:26:44 UTC | 1024 | OUT | |
2024-05-23 18:26:44 UTC | 16355 | OUT | |
2024-05-23 18:26:44 UTC | 16355 | OUT | |
2024-05-23 18:26:44 UTC | 16355 | OUT | |
2024-05-23 18:26:44 UTC | 15447 | OUT | |
2024-05-23 18:26:44 UTC | 1355 | OUT | |
2024-05-23 18:26:44 UTC | 50 | OUT | |
2024-05-23 18:26:44 UTC | 1494 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
21 | 192.168.2.7 | 49738 | 149.154.167.220 | 443 | 5896 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:27:04 UTC | 262 | OUT | |
2024-05-23 18:27:04 UTC | 25 | IN | |
2024-05-23 18:27:04 UTC | 1024 | OUT | |
2024-05-23 18:27:04 UTC | 16355 | OUT | |
2024-05-23 18:27:04 UTC | 16355 | OUT | |
2024-05-23 18:27:04 UTC | 16355 | OUT | |
2024-05-23 18:27:04 UTC | 15447 | OUT | |
2024-05-23 18:27:04 UTC | 1358 | OUT | |
2024-05-23 18:27:04 UTC | 50 | OUT | |
2024-05-23 18:27:05 UTC | 1494 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
22 | 192.168.2.7 | 49739 | 149.154.167.220 | 443 | 5896 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:27:24 UTC | 262 | OUT | |
2024-05-23 18:27:25 UTC | 25 | IN | |
2024-05-23 18:27:25 UTC | 1024 | OUT | |
2024-05-23 18:27:25 UTC | 16355 | OUT | |
2024-05-23 18:27:25 UTC | 16355 | OUT | |
2024-05-23 18:27:25 UTC | 16355 | OUT | |
2024-05-23 18:27:25 UTC | 15447 | OUT | |
2024-05-23 18:27:25 UTC | 1358 | OUT | |
2024-05-23 18:27:25 UTC | 50 | OUT | |
2024-05-23 18:27:25 UTC | 1494 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
23 | 192.168.2.7 | 49740 | 149.154.167.220 | 443 | 5896 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:27:30 UTC | 262 | OUT | |
2024-05-23 18:27:31 UTC | 1024 | OUT | |
2024-05-23 18:27:31 UTC | 16355 | OUT | |
2024-05-23 18:27:31 UTC | 16355 | OUT | |
2024-05-23 18:27:31 UTC | 16355 | OUT | |
2024-05-23 18:27:31 UTC | 15447 | OUT | |
2024-05-23 18:27:31 UTC | 1358 | OUT | |
2024-05-23 18:27:31 UTC | 50 | OUT | |
2024-05-23 18:27:31 UTC | 25 | IN | |
2024-05-23 18:27:31 UTC | 1494 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
24 | 192.168.2.7 | 49741 | 149.154.167.220 | 443 | 5896 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:27:36 UTC | 262 | OUT | |
2024-05-23 18:27:36 UTC | 25 | IN | |
2024-05-23 18:27:36 UTC | 1024 | OUT | |
2024-05-23 18:27:36 UTC | 16355 | OUT | |
2024-05-23 18:27:36 UTC | 16355 | OUT | |
2024-05-23 18:27:36 UTC | 16355 | OUT | |
2024-05-23 18:27:36 UTC | 15447 | OUT | |
2024-05-23 18:27:36 UTC | 1555 | OUT | |
2024-05-23 18:27:36 UTC | 50 | OUT | |
2024-05-23 18:27:36 UTC | 1494 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
25 | 192.168.2.7 | 49742 | 149.154.167.220 | 443 | 5896 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:27:38 UTC | 262 | OUT | |
2024-05-23 18:27:39 UTC | 1024 | OUT | |
2024-05-23 18:27:39 UTC | 16355 | OUT | |
2024-05-23 18:27:39 UTC | 16355 | OUT | |
2024-05-23 18:27:39 UTC | 16355 | OUT | |
2024-05-23 18:27:39 UTC | 15447 | OUT | |
2024-05-23 18:27:39 UTC | 1358 | OUT | |
2024-05-23 18:27:39 UTC | 50 | OUT | |
2024-05-23 18:27:39 UTC | 25 | IN | |
2024-05-23 18:27:39 UTC | 1494 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
26 | 192.168.2.7 | 49743 | 149.154.167.220 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:27:50 UTC | 262 | OUT | |
2024-05-23 18:27:50 UTC | 25 | IN | |
2024-05-23 18:27:50 UTC | 1024 | OUT | |
2024-05-23 18:27:50 UTC | 16355 | OUT | |
2024-05-23 18:27:50 UTC | 16355 | OUT | |
2024-05-23 18:27:50 UTC | 16355 | OUT | |
2024-05-23 18:27:50 UTC | 15447 | OUT | |
2024-05-23 18:27:50 UTC | 1358 | OUT | |
2024-05-23 18:27:50 UTC | 50 | OUT | |
2024-05-23 18:27:51 UTC | 1494 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 14:23:38 |
Start date: | 23/05/2024 |
Path: | C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x22037b40000 |
File size: | 641'545 bytes |
MD5 hash: | 5F73C9853E26A72D00ACB018DB8A9175 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 14:23:43 |
Start date: | 23/05/2024 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff741d30000 |
File size: | 452'608 bytes |
MD5 hash: | 04029E121A0CFA5991749937DD22A1D9 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 14:23:43 |
Start date: | 23/05/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff75da10000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 14:23:43 |
Start date: | 23/05/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xfd0000 |
File size: | 65'440 bytes |
MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | false |
Target ID: | 5 |
Start time: | 14:23:43 |
Start date: | 23/05/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x2a0000 |
File size: | 65'440 bytes |
MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 8 |
Start time: | 14:23:44 |
Start date: | 23/05/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1d0000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD08A5 Relevance: 1.6, Instructions: 1629COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD3E60 Relevance: 1.2, Instructions: 1221COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCFF778 Relevance: 1.2, Instructions: 1180COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD31A0 Relevance: .8, Instructions: 834COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCF2408 Relevance: .7, Instructions: 733COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACD04458 Relevance: .7, Instructions: 682COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD4DDD Relevance: .7, Instructions: 651COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD9558 Relevance: .6, Instructions: 616COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD0790 Relevance: .5, Instructions: 497COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCFE6D0 Relevance: .5, Instructions: 458COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD9580 Relevance: .4, Instructions: 440COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCF30F8 Relevance: .4, Instructions: 353COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD1C57 Relevance: .3, Instructions: 338COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCDC3BB Relevance: .3, Instructions: 335COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD8518 Relevance: .3, Instructions: 328COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCDBDC8 Relevance: .3, Instructions: 281COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACDE1309 Relevance: .3, Instructions: 257COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD2E88 Relevance: .2, Instructions: 234COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD3130 Relevance: .2, Instructions: 229COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD3240 Relevance: .2, Instructions: 226COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD2592 Relevance: .2, Instructions: 224COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD8180 Relevance: .2, Instructions: 218COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD35A8 Relevance: .2, Instructions: 208COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD4AA3 Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD1C80 Relevance: .2, Instructions: 199COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCDB800 Relevance: .2, Instructions: 184COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD9590 Relevance: .2, Instructions: 180COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD31D0 Relevance: .2, Instructions: 175COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCFC958 Relevance: .2, Instructions: 173COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD2F08 Relevance: .2, Instructions: 170COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCF89D0 Relevance: .2, Instructions: 168COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD35B8 Relevance: .2, Instructions: 156COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD31ED Relevance: .1, Instructions: 148COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD89A8 Relevance: .1, Instructions: 147COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD4095 Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACDE1419 Relevance: .1, Instructions: 140COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD7A0D Relevance: .1, Instructions: 137COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD9A62 Relevance: .1, Instructions: 136COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD07D0 Relevance: .1, Instructions: 133COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD3168 Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD31F8 Relevance: .1, Instructions: 127COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD9B7C Relevance: .1, Instructions: 125COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD4C65 Relevance: .1, Instructions: 124COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD3E50 Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCF3110 Relevance: .1, Instructions: 111COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCFF740 Relevance: .1, Instructions: 109COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCE38E0 Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD1D68 Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCE9F80 Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD2F00 Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD1C3F Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD3600 Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCDA719 Relevance: .1, Instructions: 83COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD31A8 Relevance: .1, Instructions: 79COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD8520 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCF2EB8 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCE3E30 Relevance: .1, Instructions: 65COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD35A0 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD7490 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCDB763 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCE40B0 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCDB46D Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCDA13A Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD8C39 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCFF730 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACD05D80 Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD8BA2 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD7508 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCF31B0 Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD357D Relevance: .0, Instructions: 40COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD2B5A Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACDE0C33 Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCF1470 Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD9D85 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD083D Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCDB290 Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCE4A80 Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACCD3238 Relevance: .0, Instructions: 1COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAACDE10F0 Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 12.8% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 177 |
Total number of Limit Nodes: | 20 |
Graph
Function 06D630B8 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D67DE0 Relevance: 3.0, Strings: 2, Instructions: 478COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D65600 Relevance: 1.9, Strings: 1, Instructions: 602COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D55110 Relevance: 1.8, APIs: 1, Instructions: 324COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D62380 Relevance: 1.0, Instructions: 1031COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D66650 Relevance: .8, Instructions: 832COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D6C1D8 Relevance: .7, Instructions: 652COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D6B27F Relevance: .6, Instructions: 585COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D6AD28 Relevance: 10.4, Strings: 8, Instructions: 397COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D6B6A8 Relevance: 8.0, Strings: 6, Instructions: 472COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D5A001 Relevance: 6.1, APIs: 4, Instructions: 134threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D5A010 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D691B0 Relevance: 5.2, Strings: 4, Instructions: 230COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D64BC8 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D691A0 Relevance: 2.7, Strings: 2, Instructions: 164COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D564A2 Relevance: 1.6, APIs: 1, Instructions: 150COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 015EE933 Relevance: 1.6, APIs: 1, Instructions: 133COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D564EC Relevance: 1.6, APIs: 1, Instructions: 120COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D564F8 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D59E0C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D5A250 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D5A258 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D5D983 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D5D988 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 015EEA10 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D55448 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D5BCE9 Relevance: 1.6, APIs: 1, Instructions: 50comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D539BC Relevance: 1.6, APIs: 1, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D5B707 Relevance: 1.5, APIs: 1, Instructions: 49comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D5B710 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D5B420 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D59E64 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB2468 Relevance: 1.5, Strings: 1, Instructions: 260COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D64BB8 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D6DB05 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D621F5 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D62208 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB0040 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB277F Relevance: 1.3, Strings: 1, Instructions: 90COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB02B0 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D642F9 Relevance: .2, Instructions: 231COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D66248 Relevance: .2, Instructions: 229COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D64618 Relevance: .2, Instructions: 222COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D64630 Relevance: .2, Instructions: 210COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D6EB78 Relevance: .2, Instructions: 201COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D6EB73 Relevance: .2, Instructions: 200COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D6EB6F Relevance: .2, Instructions: 192COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D6FC07 Relevance: .2, Instructions: 174COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D6F9BB Relevance: .2, Instructions: 166COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D6F9C0 Relevance: .2, Instructions: 163COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB25D9 Relevance: .1, Instructions: 136COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D65470 Relevance: .1, Instructions: 135COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D620B8 Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D6D9C3 Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D6D9C8 Relevance: .1, Instructions: 93COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D620C8 Relevance: .1, Instructions: 91COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB0F30 Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D63AF9 Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB1E39 Relevance: .1, Instructions: 79COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D63B08 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D655F0 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0159D006 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0159D3BC Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0159D20C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0159D044 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB27C8 Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB0006 Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB0A78 Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D64258 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D63C18 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D6EDE9 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB0A88 Relevance: .1, Instructions: 58COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D638D0 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D6A361 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D63C07 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0159D3B7 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0159D207 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D638D8 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB0210 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D64268 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D6EDF8 Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB0218 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB23A0 Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D6A370 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0158D8C9 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB23A8 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB2AED Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0158D8C8 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB2AF8 Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB2B89 Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB2C8F Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB0B40 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB2B98 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB2DC9 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB2BD8 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB2CA0 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB2DD8 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D664D1 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB2D6F Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB2BE8 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB2E68 Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB0C01 Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB1F60 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB0C08 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB2D80 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB0310 Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB1E11 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB1E18 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB0649 Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02FB0BEB Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D67700 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D6A990 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D67100 Relevance: 7.9, Strings: 6, Instructions: 405COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D68438 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D6AD1A Relevance: 5.2, Strings: 4, Instructions: 177COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06D68850 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|