Windows
Analysis Report
hesaphareketi-01.pdf.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
hesaphareketi-01.pdf.exe (PID: 6992 cmdline:
"C:\Users\ user\Deskt op\hesapha reketi-01. pdf.exe" MD5: 8F184DAF4D3D0FAC93DB93C798E616ED) conhost.exe (PID: 7156 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) RegAsm.exe (PID: 6596 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\reg asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Agent Tesla, AgentTesla | A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel. |
{"C2 url": "https://api.telegram.org/bot7043330881:AAFq19dRSS-89_wbwEvbuucof5Z3tCHG2NY/sendMessage"}
{"Exfil Mode": "Telegram", "Telegram Url": "https://api.telegram.org/bot7043330881:AAFq19dRSS-89_wbwEvbuucof5Z3tCHG2NY/sendMessage?chat_id=6553028274"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | ||
INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCMD | Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | ||
Click to see the 15 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID | Detects executables referencing Windows vault credential objects. Observed in infostealers | ditekSHen |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 23 entries |
System Summary |
---|
Source: | Author: Florian Roth (Nextron Systems), @blu3_team (idea), Nasreddine Bencherchali (Nextron Systems): |
Timestamp: | 05/24/24-07:41:27.363485 |
SID: | 2851779 |
Source Port: | 49700 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: | ||
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Integrated Neural Analysis Model: |
Exploits |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Networking |
---|
Source: | Snort IDS: |
Source: | DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Windows user hook set: | Jump to behavior |
Source: | Window created: | Jump to behavior |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FF734200560 | |
Source: | Code function: | 0_2_00007FF7341E8F50 | |
Source: | Code function: | 0_2_00007FF7341FC160 | |
Source: | Code function: | 0_2_00007FF7341FEB10 | |
Source: | Code function: | 0_2_00007FF7341F8D40 | |
Source: | Code function: | 0_2_00007FF7341EFDA0 | |
Source: | Code function: | 0_2_00007FF734203600 | |
Source: | Code function: | 0_2_00007FF7341D7EC0 | |
Source: | Code function: | 0_2_00007FF734202700 | |
Source: | Code function: | 0_2_00007FF7341F7F10 | |
Source: | Code function: | 0_2_00007FF7341E3720 | |
Source: | Code function: | 0_2_00007FF734203F70 | |
Source: | Code function: | 0_2_00007FF734201800 | |
Source: | Code function: | 0_2_00007FF7341F3010 | |
Source: | Code function: | 0_2_00007FF7341EF7F4 | |
Source: | Code function: | 0_2_00007FF7341F57F0 | |
Source: | Code function: | 0_2_00007FF7341F4890 | |
Source: | Code function: | 0_2_00007FF7341F88C0 | |
Source: | Code function: | 0_2_00007FF7341F40D0 | |
Source: | Code function: | 0_2_00007FF7341F2934 | |
Source: | Code function: | 0_2_00007FF7342089D0 | |
Source: | Code function: | 0_2_00007FF7341E69D0 | |
Source: | Code function: | 0_2_00007FF7341F69D0 | |
Source: | Code function: | 0_2_00007FF734202290 | |
Source: | Code function: | 0_2_00007FF7341E2A60 | |
Source: | Code function: | 0_2_00007FF7341EE2F0 | |
Source: | Code function: | 0_2_00007FF7341FF360 | |
Source: | Code function: | 0_2_00007FF7341FDC30 | |
Source: | Code function: | 3_2_00E54178 | |
Source: | Code function: | 3_2_00E5E511 | |
Source: | Code function: | 3_2_00E54A48 | |
Source: | Code function: | 3_2_00E5DC90 | |
Source: | Code function: | 3_2_00E53E30 | |
Source: | Code function: | 3_2_061D1BA8 | |
Source: | Code function: | 3_2_061D1BA6 | |
Source: | Code function: | 3_2_061E7D78 | |
Source: | Code function: | 3_2_061E5598 | |
Source: | Code function: | 3_2_061E65E8 | |
Source: | Code function: | 3_2_061EB228 | |
Source: | Code function: | 3_2_061E3050 | |
Source: | Code function: | 3_2_061EC188 | |
Source: | Code function: | 3_2_061E7698 | |
Source: | Code function: | 3_2_061E5CDB | |
Source: | Code function: | 3_2_061E2340 | |
Source: | Code function: | 3_2_061EE3A0 | |
Source: | Code function: | 3_2_061E0040 | |
Source: | Code function: | 3_2_061E0006 |
Source: | Code function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | Code function: | 0_2_00007FF7341E2890 |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 3_2_00E50C7A | |
Source: | Code function: | 3_2_00E50C52 | |
Source: | Code function: | 3_2_00E50C52 | |
Source: | Code function: | 3_2_061D9419 | |
Source: | Code function: | 3_2_061DB530 | |
Source: | Code function: | 3_2_061D7060 |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Last function: |
Source: | Code function: | 0_2_00007FF7341E24C0 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 0_2_00007FF7341D55C0 | |
Source: | Code function: | 0_2_00007FF734239808 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory allocated: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00007FF7341D5270 |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_00007FF7341DDD30 |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 121 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | 2 OS Credential Dumping | 1 System Time Discovery | Remote Services | 11 Archive Collected Data | 1 Web Service | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Access Token Manipulation | 11 Deobfuscate/Decode Files or Information | 21 Input Capture | 1 File and Directory Discovery | Remote Desktop Protocol | 2 Data from Local System | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 311 Process Injection | 12 Obfuscated Files or Information | 1 Credentials in Registry | 36 System Information Discovery | SMB/Windows Admin Shares | 1 Email Collection | 11 Encrypted Channel | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Software Packing | NTDS | 111 Security Software Discovery | Distributed Component Object Model | 21 Input Capture | 3 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 1 Process Discovery | SSH | 1 Clipboard Data | 14 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Masquerading | Cached Domain Credentials | 141 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 141 Virtualization/Sandbox Evasion | DCSync | 1 Application Window Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 Access Token Manipulation | Proc Filesystem | 1 System Network Configuration Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 311 Process Injection | /etc/passwd and /etc/shadow | Network Sniffing | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
34% | ReversingLabs | Win64.Trojan.GenSteal | ||
39% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
api.ipify.org | 104.26.13.205 | true | false | unknown | |
api.telegram.org | 149.154.167.220 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | true | |
104.26.13.205 | api.ipify.org | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1446992 |
Start date and time: | 2024-05-24 07:40:31 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 8m 19s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 19 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | hesaphareketi-01.pdf.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.expl.evad.winEXE@4/0@2/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
01:41:25 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
149.154.167.220 | Get hash | malicious | AgentTesla, DBatLoader, PureLog Stealer | Browse | ||
Get hash | malicious | AgentTesla, DBatLoader, PureLog Stealer | Browse | |||
Get hash | malicious | AgentTesla, DBatLoader, PureLog Stealer, zgRAT | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla, PureLog Stealer, XWorm | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AsyncRAT, DcRat, StormKitty, VenomRAT | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
104.26.13.205 | Get hash | malicious | Stealit | Browse |
| |
Get hash | malicious | PureLog Stealer, Targeted Ransomware | Browse |
| ||
Get hash | malicious | Stealit | Browse |
| ||
Get hash | malicious | Stealit | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | PureLog Stealer, Targeted Ransomware | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
api.ipify.org | Get hash | malicious | AgentTesla, DBatLoader, PureLog Stealer, zgRAT | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
api.telegram.org | Get hash | malicious | AgentTesla, DBatLoader, PureLog Stealer | Browse |
| |
Get hash | malicious | AgentTesla, DBatLoader, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer, XWorm | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AsyncRAT, DcRat, StormKitty, VenomRAT | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
TELEGRAMRU | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla, DBatLoader, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, DBatLoader, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, DBatLoader, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer, XWorm | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | AgentTesla, DBatLoader, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | AgentTesla, DBatLoader, PureLog Stealer, zgRAT | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
File type: | |
Entropy (8bit): | 7.009149672773074 |
TrID: |
|
File name: | hesaphareketi-01.pdf.exe |
File size: | 2'066'432 bytes |
MD5: | 8f184daf4d3d0fac93db93c798e616ed |
SHA1: | f8c6c99b7e0572347ed1bee3ddb425e31f6cb643 |
SHA256: | 97fa9df0ae7536db7c2427ff65ba51db3bbd22ebe957bf406ebe3f4ba4a46f7f |
SHA512: | 652d87c3ce83e960f3aa0edc2b16d8003b8b8a52d6025afb2818303b2d92ea4d123f3269249b751dff3d421ba46f9460d0d3c48be826808bfe4eaae9be21cd3e |
SSDEEP: | 24576:8ynjN3fi9dEoZR814OEQjls30eTFxmT4i8eMOq52AOXuq01dKqOFFSyF8FaE:9jN3CdJ81nEQhs30eouqsrOFXOaE |
TLSH: | 52A5B005A3F801E4E46BC634CA599733D3B1B41A1730E58B0A5AD7922F73EE15BBF612 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6c.IW._IW._IW._O..^EW._O..^XW._O..^gW._@/._GW._./.^BW._IW._IV._.+.^BW._.+.^.W._IW._KW._#..^HW._#.._HW._#..^HW._RichIW._....... |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x140068d5c |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x140000000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x664E7376 [Wed May 22 22:36:38 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 79856d4b034c49dc3dd3e403b25b6bbf |
Instruction |
---|
dec eax |
sub esp, 28h |
call 00007FE618D6D65Ch |
dec eax |
add esp, 28h |
jmp 00007FE618D6CF57h |
int3 |
int3 |
inc eax |
push ebx |
dec eax |
sub esp, 20h |
dec eax |
mov ebx, ecx |
jmp 00007FE618D6D0F1h |
dec eax |
mov ecx, ebx |
call 00007FE618D75795h |
test eax, eax |
je 00007FE618D6D0F5h |
dec eax |
mov ecx, ebx |
call 00007FE618D6CE07h |
dec eax |
test eax, eax |
je 00007FE618D6D0C9h |
dec eax |
add esp, 20h |
pop ebx |
ret |
dec eax |
cmp ebx, FFFFFFFFh |
je 00007FE618D6D0E8h |
call 00007FE618D6DAECh |
int3 |
call 00007FE618D6DB06h |
int3 |
jmp 00007FE618D6DB34h |
int3 |
int3 |
int3 |
jmp 00007FE618D6D19Ch |
int3 |
int3 |
int3 |
dec eax |
sub esp, 28h |
dec ebp |
mov eax, dword ptr [ecx+38h] |
dec eax |
mov ecx, edx |
dec ecx |
mov edx, ecx |
call 00007FE618D6D0F2h |
mov eax, 00000001h |
dec eax |
add esp, 28h |
ret |
int3 |
int3 |
int3 |
inc eax |
push ebx |
inc ebp |
mov ebx, dword ptr [eax] |
dec eax |
mov ebx, edx |
inc ecx |
and ebx, FFFFFFF8h |
dec esp |
mov ecx, ecx |
inc ecx |
test byte ptr [eax], 00000004h |
dec esp |
mov edx, ecx |
je 00007FE618D6D0F5h |
inc ecx |
mov eax, dword ptr [eax+08h] |
dec ebp |
arpl word ptr [eax+04h], dx |
neg eax |
dec esp |
add edx, ecx |
dec eax |
arpl ax, cx |
dec esp |
and edx, ecx |
dec ecx |
arpl bx, ax |
dec edx |
mov edx, dword ptr [eax+edx] |
dec eax |
mov eax, dword ptr [ebx+10h] |
mov ecx, dword ptr [eax+08h] |
dec eax |
mov eax, dword ptr [ebx+08h] |
test byte ptr [ecx+eax+03h], 0000000Fh |
je 00007FE618D6D0EDh |
movzx eax, byte ptr [ecx+eax+00h] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x1f79a0 | 0x58 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x1f79f8 | 0xf0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x21d000 | 0x3b150 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x208000 | 0x1314c | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x259000 | 0x634 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x1ca370 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x1ca500 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x1ca230 | 0x140 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x17d000 | 0x778 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x71a88 | 0x71c00 | 5cdd54da137ec06542526019b1031732 | False | 0.4528288118131868 | data | 6.6410813091638 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.managed | 0x73000 | 0xb9168 | 0xb9200 | 2d30634d2eb96982ab12a2d431b95020 | False | 0.4601620526671168 | data | 6.463570386679756 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
hydrated | 0x12d000 | 0x4f808 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0x17d000 | 0x7c4de | 0x7c600 | f3ba60da94e9809a9aa5de6dd815cada | False | 0.469921875 | data | 6.575390299832166 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x1fa000 | 0xdc90 | 0x2200 | 5c15d417ed4d359d82911c50efdabf9a | False | 0.23793658088235295 | data | 3.6721787513471362 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0x208000 | 0x1314c | 0x13200 | 8cc774a948808419be7ca4f4b39fb78d | False | 0.4887280433006536 | data | 6.17164551981099 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
_RDATA | 0x21c000 | 0x1f4 | 0x200 | cfc28b4453f40f4f91f4a52e36529a97 | False | 0.5078125 | data | 4.172727899540164 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x21d000 | 0x3b150 | 0x3b200 | bbfbc02d9cc634be31885274c1e9d08c | False | 0.9963167283298098 | data | 7.997686186749214 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x259000 | 0x634 | 0x800 | 8b35b44373572aa9287a6c541ff3e534 | False | 0.48681640625 | data | 4.726579003687373 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
BINARY | 0x21d12c | 0x3aa84 | data | 1.000337134770665 | ||
RT_VERSION | 0x257bb0 | 0x3b4 | data | 0.35337552742616035 | ||
RT_MANIFEST | 0x257f64 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5489795918367347 |
DLL | Import |
---|---|
ADVAPI32.dll | RegCloseKey, RegEnumKeyExW, RegEnumValueW, RegOpenKeyExW, RegQueryValueExW, RegSetValueExW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegSetValueExA, GetTokenInformation, DuplicateTokenEx, OpenThreadToken, RevertToSelf, ImpersonateLoggedOnUser, CheckTokenMembership, EventWrite, EventRegister, EventEnabled |
bcrypt.dll | BCryptGenRandom, BCryptEncrypt, BCryptDecrypt, BCryptImportKey, BCryptOpenAlgorithmProvider, BCryptSetProperty, BCryptCloseAlgorithmProvider, BCryptDestroyKey |
KERNEL32.dll | TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, InitializeCriticalSectionAndSpinCount, EncodePointer, RaiseException, RtlPcToFileHeader, CloseThreadpoolIo, GetStdHandle, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToSystemTime, GetSystemTime, GetCalendarInfoEx, CompareStringOrdinal, CompareStringEx, FindNLSStringEx, GetLocaleInfoEx, ResolveLocaleName, GetUserPreferredUILanguages, FindStringOrdinal, GetTickCount64, GetCurrentProcess, GetCurrentThread, Sleep, InitializeCriticalSection, InitializeConditionVariable, DeleteCriticalSection, LocalFree, EnterCriticalSection, SleepConditionVariableCS, LeaveCriticalSection, WakeConditionVariable, QueryPerformanceCounter, WaitForMultipleObjectsEx, GetLastError, QueryPerformanceFrequency, SetLastError, GetFullPathNameW, GetLongPathNameW, MultiByteToWideChar, WideCharToMultiByte, LocalAlloc, GetConsoleOutputCP, GetProcAddress, RaiseFailFastException, CreateThreadpoolIo, StartThreadpoolIo, CancelThreadpoolIo, LocaleNameToLCID, LCMapStringEx, EnumTimeFormatsEx, EnumCalendarInfoExEx, CopyFileExW, CreateFileW, DeleteFileW, DeviceIoControl, ExpandEnvironmentStringsW, FindClose, FindFirstFileExW, FlushFileBuffers, FreeLibrary, GetFileAttributesExW, GetFileInformationByHandleEx, GetFileType, GetModuleFileNameW, GetOverlappedResult, GetSystemDirectoryW, LoadLibraryExW, ReadFile, SetFileInformationByHandle, SetThreadErrorMode, GetDynamicTimeZoneInformation, GetTimeZoneInformation, WriteFile, GetCurrentProcessorNumberEx, CloseHandle, SetEvent, CreateEventExW, GetEnvironmentVariableW, FormatMessageW, DuplicateHandle, GetThreadPriority, SetThreadPriority, GetConsoleMode, WriteConsoleW, GetExitCodeProcess, TerminateProcess, OpenProcess, K32EnumProcesses, GetProcessId, CreateProcessA, GetConsoleWindow, FreeConsole, AllocConsole, VirtualAllocEx, ResumeThread, CreateProcessW, GetThreadContext, SetThreadContext, FlushProcessWriteBuffers, GetCurrentThreadId, WaitForSingleObjectEx, VirtualQuery, RtlRestoreContext, AddVectoredExceptionHandler, FlsAlloc, FlsGetValue, FlsSetValue, CreateEventW, SwitchToThread, CreateThread, SuspendThread, FlushInstructionCache, VirtualAlloc, VirtualProtect, VirtualFree, QueryInformationJobObject, GetModuleHandleW, GetModuleHandleExW, GetProcessAffinityMask, InitializeContext, GetEnabledXStateFeatures, SetXStateFeaturesMask, InitializeCriticalSectionEx, GetSystemTimeAsFileTime, ResetEvent, DebugBreak, WaitForSingleObject, SleepEx, GlobalMemoryStatusEx, GetSystemInfo, GetLogicalProcessorInformation, GetLogicalProcessorInformationEx, GetLargePageMinimum, VirtualUnlock, VirtualAllocExNuma, IsProcessInJob, GetNumaHighestNodeNumber, GetProcessGroupAffinity, K32GetProcessMemoryInfo, RtlUnwindEx, IsProcessorFeaturePresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, IsDebuggerPresent, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, InitializeSListHead, GetCurrentProcessId |
ole32.dll | CoUninitialize, CoTaskMemAlloc, CoGetApartmentType, CoCreateGuid, CoTaskMemFree, CoWaitForMultipleHandles, CoInitializeEx |
USER32.dll | LoadStringW |
api-ms-win-crt-math-l1-1-0.dll | pow, modf, ceil, __setusermatherr |
api-ms-win-crt-heap-l1-1-0.dll | calloc, malloc, _callnewh, _set_new_mode, free |
api-ms-win-crt-string-l1-1-0.dll | wcsncmp, strncpy_s, _stricmp, strcpy_s, strcmp, _wcsicmp |
api-ms-win-crt-runtime-l1-1-0.dll | _c_exit, _register_thread_local_exe_atexit_callback, _get_initial_wide_environment, _cexit, __p___wargv, __p___argc, _exit, exit, _initterm_e, _initterm, terminate, _crt_atexit, _initialize_wide_environment, _configure_wide_argv, _register_onexit_function, _initialize_onexit_table, _set_app_type, _seh_filter_exe, abort |
api-ms-win-crt-stdio-l1-1-0.dll | __stdio_common_vsprintf_s, __stdio_common_vsscanf, __stdio_common_vfprintf, __acrt_iob_func, _set_fmode, __p__commode |
api-ms-win-crt-locale-l1-1-0.dll | _configthreadlocale |
Name | Ordinal | Address |
---|---|---|
DotNetRuntimeDebugHeader | 1 | 0x1401fb360 |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
05/24/24-07:41:27.363485 | TCP | 2851779 | ETPRO TROJAN Agent Tesla Telegram Exfil | 49700 | 443 | 192.168.2.7 | 149.154.167.220 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 24, 2024 07:41:23.924833059 CEST | 49699 | 443 | 192.168.2.7 | 104.26.13.205 |
May 24, 2024 07:41:23.924913883 CEST | 443 | 49699 | 104.26.13.205 | 192.168.2.7 |
May 24, 2024 07:41:23.925071001 CEST | 49699 | 443 | 192.168.2.7 | 104.26.13.205 |
May 24, 2024 07:41:23.934068918 CEST | 49699 | 443 | 192.168.2.7 | 104.26.13.205 |
May 24, 2024 07:41:23.934109926 CEST | 443 | 49699 | 104.26.13.205 | 192.168.2.7 |
May 24, 2024 07:41:24.427206993 CEST | 443 | 49699 | 104.26.13.205 | 192.168.2.7 |
May 24, 2024 07:41:24.430510998 CEST | 49699 | 443 | 192.168.2.7 | 104.26.13.205 |
May 24, 2024 07:41:24.433792114 CEST | 49699 | 443 | 192.168.2.7 | 104.26.13.205 |
May 24, 2024 07:41:24.433804035 CEST | 443 | 49699 | 104.26.13.205 | 192.168.2.7 |
May 24, 2024 07:41:24.434262991 CEST | 443 | 49699 | 104.26.13.205 | 192.168.2.7 |
May 24, 2024 07:41:24.484770060 CEST | 49699 | 443 | 192.168.2.7 | 104.26.13.205 |
May 24, 2024 07:41:24.550529003 CEST | 49699 | 443 | 192.168.2.7 | 104.26.13.205 |
May 24, 2024 07:41:24.594496012 CEST | 443 | 49699 | 104.26.13.205 | 192.168.2.7 |
May 24, 2024 07:41:24.727719069 CEST | 443 | 49699 | 104.26.13.205 | 192.168.2.7 |
May 24, 2024 07:41:24.727797985 CEST | 443 | 49699 | 104.26.13.205 | 192.168.2.7 |
May 24, 2024 07:41:24.727855921 CEST | 49699 | 443 | 192.168.2.7 | 104.26.13.205 |
May 24, 2024 07:41:24.762111902 CEST | 49699 | 443 | 192.168.2.7 | 104.26.13.205 |
May 24, 2024 07:41:26.351636887 CEST | 49700 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:41:26.351670027 CEST | 443 | 49700 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:41:26.351743937 CEST | 49700 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:41:26.356568098 CEST | 49700 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:41:26.356578112 CEST | 443 | 49700 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:41:27.039228916 CEST | 443 | 49700 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:41:27.039350033 CEST | 49700 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:41:27.043437004 CEST | 49700 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:41:27.043468952 CEST | 443 | 49700 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:41:27.044286013 CEST | 443 | 49700 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:41:27.045720100 CEST | 49700 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:41:27.086507082 CEST | 443 | 49700 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:41:27.363028049 CEST | 443 | 49700 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:41:27.363426924 CEST | 49700 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:41:27.363440037 CEST | 443 | 49700 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:41:27.546787024 CEST | 443 | 49700 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:41:27.554105043 CEST | 443 | 49700 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:41:27.554193020 CEST | 49700 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:41:27.561944962 CEST | 49700 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:04.491204023 CEST | 49707 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:04.491242886 CEST | 443 | 49707 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:04.491478920 CEST | 49707 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:04.491741896 CEST | 49707 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:04.491755962 CEST | 443 | 49707 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:05.140644073 CEST | 443 | 49707 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:05.153351068 CEST | 49707 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:05.153387070 CEST | 443 | 49707 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:05.458123922 CEST | 443 | 49707 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:05.463529110 CEST | 49707 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:05.463572025 CEST | 443 | 49707 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:05.463655949 CEST | 49707 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:05.463674068 CEST | 443 | 49707 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:05.463751078 CEST | 49707 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:05.463850975 CEST | 443 | 49707 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:05.824532986 CEST | 443 | 49707 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:05.827380896 CEST | 49707 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:05.827476978 CEST | 443 | 49707 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:05.827528954 CEST | 49707 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:19.526411057 CEST | 49708 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:19.526478052 CEST | 443 | 49708 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:19.526567936 CEST | 49708 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:19.526850939 CEST | 49708 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:19.526870012 CEST | 443 | 49708 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:20.041618109 CEST | 49709 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:20.041699886 CEST | 443 | 49709 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:20.041804075 CEST | 49709 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:20.042814970 CEST | 49709 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:20.042853117 CEST | 443 | 49709 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:20.048840046 CEST | 49708 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:20.094533920 CEST | 443 | 49708 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:20.166589975 CEST | 443 | 49708 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:20.166743040 CEST | 49708 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:20.166743040 CEST | 49708 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:20.166769981 CEST | 443 | 49708 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:20.174120903 CEST | 49708 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:20.685791016 CEST | 443 | 49709 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:20.685970068 CEST | 49709 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:20.688739061 CEST | 49709 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:20.688750982 CEST | 443 | 49709 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:20.689094067 CEST | 443 | 49709 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:20.690933943 CEST | 49709 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:20.734499931 CEST | 443 | 49709 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:21.006686926 CEST | 443 | 49709 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:21.007097006 CEST | 49709 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:21.007189035 CEST | 443 | 49709 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:21.007317066 CEST | 49709 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:21.007354975 CEST | 443 | 49709 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:21.007469893 CEST | 49709 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:21.007663012 CEST | 443 | 49709 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:21.360924959 CEST | 443 | 49709 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:21.361623049 CEST | 49709 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:21.361717939 CEST | 443 | 49709 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:21.361779928 CEST | 49709 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:36.938378096 CEST | 49710 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:36.938431025 CEST | 443 | 49710 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:36.938508034 CEST | 49710 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:36.938879967 CEST | 49710 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:36.938899994 CEST | 443 | 49710 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:37.569605112 CEST | 443 | 49710 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:37.569741964 CEST | 49710 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:37.571320057 CEST | 49710 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:37.571330070 CEST | 443 | 49710 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:37.572242975 CEST | 443 | 49710 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:37.573816061 CEST | 49710 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:37.618504047 CEST | 443 | 49710 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:37.761184931 CEST | 49710 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:37.761327028 CEST | 443 | 49710 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:37.761413097 CEST | 49710 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:37.761653900 CEST | 49711 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:37.761689901 CEST | 443 | 49711 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:37.761782885 CEST | 49711 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:37.762123108 CEST | 49711 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:37.762144089 CEST | 443 | 49711 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:38.396276951 CEST | 443 | 49711 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:38.396534920 CEST | 49711 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:38.397692919 CEST | 49711 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:38.397708893 CEST | 443 | 49711 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:38.398382902 CEST | 443 | 49711 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:38.399907112 CEST | 49711 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:38.446510077 CEST | 443 | 49711 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:38.669289112 CEST | 49712 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:38.669332981 CEST | 443 | 49712 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:38.669435978 CEST | 49712 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:38.669733047 CEST | 49712 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:38.669747114 CEST | 443 | 49712 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:38.707951069 CEST | 443 | 49711 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:38.708811045 CEST | 49711 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:38.708904028 CEST | 443 | 49711 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:38.709172964 CEST | 49711 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:38.709208965 CEST | 443 | 49711 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:38.709424019 CEST | 49711 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:38.709456921 CEST | 443 | 49711 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:39.067169905 CEST | 443 | 49711 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:39.067949057 CEST | 49711 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:39.068043947 CEST | 443 | 49711 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:39.068100929 CEST | 49711 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:39.299292088 CEST | 443 | 49712 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:39.299370050 CEST | 49712 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:39.301453114 CEST | 49712 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:39.301465988 CEST | 443 | 49712 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:39.302035093 CEST | 443 | 49712 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:39.303654909 CEST | 49712 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:39.350497961 CEST | 443 | 49712 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:39.619796991 CEST | 443 | 49712 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:39.620284081 CEST | 49712 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:39.620313883 CEST | 443 | 49712 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:39.620409012 CEST | 49712 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:39.620426893 CEST | 443 | 49712 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:39.620501041 CEST | 49712 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:39.620558977 CEST | 443 | 49712 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:39.976109982 CEST | 443 | 49712 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:39.976650000 CEST | 49712 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:39.976737022 CEST | 443 | 49712 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:39.976804018 CEST | 49712 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:41.667437077 CEST | 49713 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:41.667488098 CEST | 443 | 49713 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:41.667761087 CEST | 49713 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:41.667879105 CEST | 49713 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:41.667892933 CEST | 443 | 49713 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:42.294385910 CEST | 443 | 49713 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:42.294502974 CEST | 49713 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:42.297269106 CEST | 49713 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:42.297277927 CEST | 443 | 49713 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:42.297755957 CEST | 443 | 49713 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:42.302982092 CEST | 49713 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:42.346498966 CEST | 443 | 49713 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:42.656953096 CEST | 49713 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:42.656997919 CEST | 443 | 49713 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:42.657964945 CEST | 49713 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:42.657994986 CEST | 443 | 49713 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:42.658117056 CEST | 49713 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:42.658178091 CEST | 443 | 49713 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:42.662657022 CEST | 443 | 49713 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:42.828588963 CEST | 49713 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:43.008322001 CEST | 443 | 49713 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:43.008865118 CEST | 49713 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:43.008914948 CEST | 443 | 49713 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:43.009124994 CEST | 49713 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:43.009130001 CEST | 443 | 49713 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:43.009192944 CEST | 49713 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:56.914937973 CEST | 49714 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:56.914963961 CEST | 443 | 49714 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:56.915044069 CEST | 49714 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:56.915550947 CEST | 49714 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:56.915561914 CEST | 443 | 49714 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:57.603106976 CEST | 443 | 49714 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:57.603250980 CEST | 49714 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:57.608870029 CEST | 49714 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:57.608884096 CEST | 443 | 49714 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:57.609103918 CEST | 443 | 49714 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:57.612811089 CEST | 49714 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:57.654504061 CEST | 443 | 49714 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:57.955852985 CEST | 443 | 49714 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:57.956625938 CEST | 49714 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:57.956650019 CEST | 443 | 49714 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:57.956756115 CEST | 49714 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:57.956772089 CEST | 443 | 49714 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:57.956847906 CEST | 49714 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:57.956882954 CEST | 443 | 49714 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:58.322957039 CEST | 443 | 49714 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:58.323627949 CEST | 49714 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:58.323668003 CEST | 443 | 49714 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:58.323726892 CEST | 49714 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:58.768740892 CEST | 49715 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:58.768779993 CEST | 443 | 49715 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:58.768862963 CEST | 49715 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:58.769334078 CEST | 49715 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:58.769345045 CEST | 443 | 49715 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:59.491647959 CEST | 443 | 49715 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:59.491899014 CEST | 49715 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:59.493669033 CEST | 49715 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:59.493684053 CEST | 443 | 49715 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:59.494458914 CEST | 443 | 49715 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:59.498790979 CEST | 49715 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:59.546495914 CEST | 443 | 49715 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:59.844440937 CEST | 49715 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:59.844475031 CEST | 443 | 49715 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:59.844605923 CEST | 49715 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:59.844615936 CEST | 443 | 49715 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:43:59.844719887 CEST | 49715 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:43:59.844727993 CEST | 443 | 49715 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:00.004981995 CEST | 443 | 49715 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:00.047462940 CEST | 49715 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:00.340517998 CEST | 443 | 49715 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:00.341236115 CEST | 49715 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:00.341291904 CEST | 443 | 49715 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:00.341348886 CEST | 49715 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:05.862195015 CEST | 49716 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:05.862260103 CEST | 443 | 49716 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:05.862400055 CEST | 49716 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:05.863032103 CEST | 49716 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:05.863051891 CEST | 443 | 49716 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:06.492007971 CEST | 443 | 49716 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:06.492077112 CEST | 49716 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:06.494292021 CEST | 49716 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:06.494298935 CEST | 443 | 49716 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:06.494534969 CEST | 443 | 49716 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:06.496836901 CEST | 49716 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:06.542500019 CEST | 443 | 49716 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:06.834712029 CEST | 443 | 49716 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:06.835235119 CEST | 49716 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:06.835258961 CEST | 443 | 49716 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:06.835335016 CEST | 49716 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:06.835361004 CEST | 443 | 49716 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:06.835447073 CEST | 49716 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:06.835473061 CEST | 443 | 49716 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:07.187962055 CEST | 443 | 49716 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:07.188036919 CEST | 443 | 49716 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:07.189258099 CEST | 49716 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:07.193382025 CEST | 49716 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:09.302792072 CEST | 49717 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:09.302818060 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:09.308753967 CEST | 49717 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:09.310936928 CEST | 49717 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:09.310946941 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:09.943202972 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:09.945810080 CEST | 49717 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:09.945818901 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:10.263638973 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:10.264029980 CEST | 49717 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:10.264065027 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:10.264137983 CEST | 49717 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:10.264158964 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:10.264225960 CEST | 49717 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:10.264283895 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:10.630841017 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:10.630930901 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:10.630980968 CEST | 49717 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:10.631525993 CEST | 49717 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:14.439094067 CEST | 49718 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:14.439125061 CEST | 443 | 49718 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:14.439188004 CEST | 49718 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:14.439553976 CEST | 49718 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:14.439565897 CEST | 443 | 49718 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:15.085608959 CEST | 443 | 49718 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:15.094504118 CEST | 49718 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:15.094517946 CEST | 443 | 49718 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:15.438172102 CEST | 49718 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:15.438200951 CEST | 443 | 49718 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:15.438941002 CEST | 49718 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:15.438960075 CEST | 443 | 49718 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:15.439116001 CEST | 49718 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:15.439129114 CEST | 443 | 49718 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:15.440087080 CEST | 443 | 49718 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:15.625566006 CEST | 49718 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:15.802764893 CEST | 443 | 49718 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:15.804842949 CEST | 49718 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:15.804935932 CEST | 443 | 49718 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:15.805001974 CEST | 49718 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:23.453295946 CEST | 49719 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:23.453344107 CEST | 443 | 49719 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:23.454018116 CEST | 49719 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:23.457222939 CEST | 49719 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:23.457236052 CEST | 443 | 49719 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:24.095577955 CEST | 443 | 49719 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:24.102500916 CEST | 443 | 49719 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:24.102529049 CEST | 49719 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:24.106790066 CEST | 49719 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:24.149194002 CEST | 49719 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:24.149204016 CEST | 443 | 49719 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:24.149640083 CEST | 443 | 49719 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:24.153261900 CEST | 49719 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:24.198492050 CEST | 443 | 49719 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:24.399887085 CEST | 443 | 49719 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:24.400443077 CEST | 49719 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:24.400465012 CEST | 443 | 49719 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:24.400542021 CEST | 49719 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:24.400557041 CEST | 443 | 49719 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:24.400624037 CEST | 49719 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:24.400697947 CEST | 443 | 49719 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:24.400950909 CEST | 49719 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:24.400954962 CEST | 443 | 49719 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:24.754462957 CEST | 443 | 49719 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:24.755225897 CEST | 49719 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:24.755322933 CEST | 443 | 49719 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:24.755374908 CEST | 49719 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:50.598938942 CEST | 49720 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:50.598984003 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:50.599055052 CEST | 49720 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:50.599455118 CEST | 49720 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:50.599473000 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:51.224117041 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:51.224280119 CEST | 49720 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:51.226797104 CEST | 49720 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:51.226807117 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:51.227207899 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:51.230803013 CEST | 49720 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:51.274502993 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:51.536073923 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:51.536441088 CEST | 49720 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:51.536478043 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:51.537039042 CEST | 49720 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:51.537064075 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:51.537178993 CEST | 49720 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:51.537384033 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:51.892796040 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:51.893527031 CEST | 49720 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:51.893626928 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:51.893793106 CEST | 49720 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:53.592636108 CEST | 49721 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:53.592700005 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:53.593113899 CEST | 49721 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:53.593113899 CEST | 49721 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:53.593153000 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:54.213586092 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:54.213649035 CEST | 49721 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:54.215715885 CEST | 49721 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:54.215723991 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:54.215981960 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:54.217485905 CEST | 49721 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:54.258511066 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:54.531167030 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:54.531474113 CEST | 49721 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:54.531502008 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:54.531598091 CEST | 49721 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:54.531646967 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:54.531697989 CEST | 49721 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:54.531759977 CEST | 49721 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:54.531805992 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:54.874990940 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:54.875539064 CEST | 49721 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:54.875597954 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:54.875653028 CEST | 49721 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:59.874799967 CEST | 49722 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:59.874838114 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:44:59.878998041 CEST | 49722 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:59.882798910 CEST | 49722 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:44:59.882812023 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:00.564249992 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:00.564331055 CEST | 49722 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:00.566147089 CEST | 49722 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:00.566159010 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:00.566418886 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:00.567888975 CEST | 49722 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:00.610534906 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:00.902276993 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:00.902671099 CEST | 49722 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:00.902705908 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:00.902731895 CEST | 49722 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:00.902746916 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:00.902762890 CEST | 49722 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:00.902770042 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:00.902817965 CEST | 49722 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:00.902829885 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:00.902882099 CEST | 49722 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:00.902894020 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:00.902932882 CEST | 49722 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:00.902940989 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:01.258392096 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:01.258512020 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:01.258941889 CEST | 49722 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:01.258941889 CEST | 49722 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:03.082118988 CEST | 49723 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:03.082159042 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:03.082222939 CEST | 49723 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:03.082585096 CEST | 49723 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:03.082601070 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:03.755737066 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:03.762801886 CEST | 49723 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:03.762834072 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:04.065454960 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:04.066067934 CEST | 49723 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:04.066123009 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:04.066278934 CEST | 49723 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:04.066307068 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:04.066420078 CEST | 49723 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:04.066451073 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:04.412792921 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:04.413539886 CEST | 49723 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:04.413613081 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:04.413676023 CEST | 49723 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:05.310378075 CEST | 49724 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:05.310424089 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:05.315073013 CEST | 49724 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:05.315253973 CEST | 49724 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:05.315272093 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:05.959429979 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:05.959616899 CEST | 49724 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:05.975219011 CEST | 49724 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:05.975264072 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:05.975640059 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:05.982634068 CEST | 49724 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:06.030509949 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:06.312956095 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:06.313478947 CEST | 49724 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:06.313533068 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:06.313637972 CEST | 49724 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:06.313661098 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:06.313803911 CEST | 49724 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:06.313819885 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:06.675045967 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:06.675539017 CEST | 49724 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:06.675607920 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:06.675661087 CEST | 49724 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:16.947494984 CEST | 49725 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:16.947526932 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:16.947632074 CEST | 49725 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:16.947957993 CEST | 49725 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:16.947973013 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:17.581306934 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:17.581403017 CEST | 49725 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:17.584059954 CEST | 49725 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:17.584069014 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:17.584980965 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:17.586589098 CEST | 49725 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:17.630521059 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:17.904057980 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:17.904475927 CEST | 49725 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:17.904510975 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:17.904735088 CEST | 49725 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:17.904763937 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:17.904877901 CEST | 49725 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:17.905107021 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:18.268871069 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:18.268950939 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:18.269128084 CEST | 49725 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:18.272533894 CEST | 49725 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:22.047265053 CEST | 49726 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:22.047302961 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:22.047369957 CEST | 49726 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:22.048455954 CEST | 49726 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:22.048475027 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:22.694164991 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:22.696106911 CEST | 49726 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:22.696124077 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:23.014787912 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:23.015530109 CEST | 49726 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:23.015553951 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:23.015711069 CEST | 49726 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:23.015726089 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:23.015970945 CEST | 49726 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:23.016067982 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:23.404891968 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:23.404973030 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:23.405010939 CEST | 49726 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:23.405520916 CEST | 49726 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:28.794816017 CEST | 49727 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:28.794856071 CEST | 443 | 49727 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:28.795228958 CEST | 49727 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:28.795502901 CEST | 49727 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:28.795520067 CEST | 443 | 49727 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:29.414968014 CEST | 443 | 49727 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:29.469396114 CEST | 49727 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:30.140361071 CEST | 49727 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:30.140382051 CEST | 443 | 49727 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:30.197482109 CEST | 49727 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:30.197583914 CEST | 443 | 49727 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:30.197643995 CEST | 49727 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:30.197850943 CEST | 49728 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:30.197890997 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:30.198030949 CEST | 49728 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:30.198297024 CEST | 49728 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:30.198307037 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:30.832114935 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:30.832329035 CEST | 49728 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:30.833636045 CEST | 49728 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:30.833657980 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:30.833852053 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:30.835246086 CEST | 49728 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:30.878496885 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:31.168849945 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:31.169173002 CEST | 49728 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:31.169204950 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:31.169405937 CEST | 49728 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:31.169425011 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:31.169564009 CEST | 49728 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:31.169580936 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:31.531258106 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:31.531831980 CEST | 49728 | 443 | 192.168.2.7 | 149.154.167.220 |
May 24, 2024 07:45:31.531876087 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.7 |
May 24, 2024 07:45:31.532010078 CEST | 49728 | 443 | 192.168.2.7 | 149.154.167.220 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 24, 2024 07:41:23.909960032 CEST | 61092 | 53 | 192.168.2.7 | 1.1.1.1 |
May 24, 2024 07:41:23.918042898 CEST | 53 | 61092 | 1.1.1.1 | 192.168.2.7 |
May 24, 2024 07:41:26.341392994 CEST | 51294 | 53 | 192.168.2.7 | 1.1.1.1 |
May 24, 2024 07:41:26.350857019 CEST | 53 | 51294 | 1.1.1.1 | 192.168.2.7 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 24, 2024 07:41:23.909960032 CEST | 192.168.2.7 | 1.1.1.1 | 0xb4d5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 24, 2024 07:41:26.341392994 CEST | 192.168.2.7 | 1.1.1.1 | 0x8ba5 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 24, 2024 07:41:23.918042898 CEST | 1.1.1.1 | 192.168.2.7 | 0xb4d5 | No error (0) | 104.26.13.205 | A (IP address) | IN (0x0001) | false | ||
May 24, 2024 07:41:23.918042898 CEST | 1.1.1.1 | 192.168.2.7 | 0xb4d5 | No error (0) | 104.26.12.205 | A (IP address) | IN (0x0001) | false | ||
May 24, 2024 07:41:23.918042898 CEST | 1.1.1.1 | 192.168.2.7 | 0xb4d5 | No error (0) | 172.67.74.152 | A (IP address) | IN (0x0001) | false | ||
May 24, 2024 07:41:26.350857019 CEST | 1.1.1.1 | 192.168.2.7 | 0x8ba5 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.7 | 49699 | 104.26.13.205 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 05:41:24 UTC | 155 | OUT | |
2024-05-24 05:41:24 UTC | 211 | IN | |
2024-05-24 05:41:24 UTC | 12 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.7 | 49700 | 149.154.167.220 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 05:41:27 UTC | 260 | OUT | |
2024-05-24 05:41:27 UTC | 25 | IN | |
2024-05-24 05:41:27 UTC | 980 | OUT | |
2024-05-24 05:41:27 UTC | 402 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.7 | 49707 | 149.154.167.220 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 05:43:05 UTC | 238 | OUT | |
2024-05-24 05:43:05 UTC | 25 | IN | |
2024-05-24 05:43:05 UTC | 1024 | OUT | |
2024-05-24 05:43:05 UTC | 16355 | OUT | |
2024-05-24 05:43:05 UTC | 16355 | OUT | |
2024-05-24 05:43:05 UTC | 16355 | OUT | |
2024-05-24 05:43:05 UTC | 15447 | OUT | |
2024-05-24 05:43:05 UTC | 1165 | OUT | |
2024-05-24 05:43:05 UTC | 50 | OUT | |
2024-05-24 05:43:05 UTC | 402 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.7 | 49709 | 149.154.167.220 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 05:43:20 UTC | 262 | OUT | |
2024-05-24 05:43:21 UTC | 25 | IN | |
2024-05-24 05:43:21 UTC | 1024 | OUT | |
2024-05-24 05:43:21 UTC | 16355 | OUT | |
2024-05-24 05:43:21 UTC | 16355 | OUT | |
2024-05-24 05:43:21 UTC | 16355 | OUT | |
2024-05-24 05:43:21 UTC | 15447 | OUT | |
2024-05-24 05:43:21 UTC | 1165 | OUT | |
2024-05-24 05:43:21 UTC | 50 | OUT | |
2024-05-24 05:43:21 UTC | 402 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.7 | 49710 | 149.154.167.220 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 05:43:37 UTC | 238 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.7 | 49711 | 149.154.167.220 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 05:43:38 UTC | 262 | OUT | |
2024-05-24 05:43:38 UTC | 25 | IN | |
2024-05-24 05:43:38 UTC | 1024 | OUT | |
2024-05-24 05:43:38 UTC | 16355 | OUT | |
2024-05-24 05:43:38 UTC | 16355 | OUT | |
2024-05-24 05:43:38 UTC | 16355 | OUT | |
2024-05-24 05:43:38 UTC | 15447 | OUT | |
2024-05-24 05:43:38 UTC | 5117 | OUT | |
2024-05-24 05:43:38 UTC | 50 | OUT | |
2024-05-24 05:43:39 UTC | 402 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.7 | 49712 | 149.154.167.220 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 05:43:39 UTC | 262 | OUT | |
2024-05-24 05:43:39 UTC | 25 | IN | |
2024-05-24 05:43:39 UTC | 1024 | OUT | |
2024-05-24 05:43:39 UTC | 16355 | OUT | |
2024-05-24 05:43:39 UTC | 16355 | OUT | |
2024-05-24 05:43:39 UTC | 16355 | OUT | |
2024-05-24 05:43:39 UTC | 15447 | OUT | |
2024-05-24 05:43:39 UTC | 1165 | OUT | |
2024-05-24 05:43:39 UTC | 50 | OUT | |
2024-05-24 05:43:39 UTC | 402 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.7 | 49713 | 149.154.167.220 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 05:43:42 UTC | 238 | OUT | |
2024-05-24 05:43:42 UTC | 1024 | OUT | |
2024-05-24 05:43:42 UTC | 16355 | OUT | |
2024-05-24 05:43:42 UTC | 16355 | OUT | |
2024-05-24 05:43:42 UTC | 16355 | OUT | |
2024-05-24 05:43:42 UTC | 15447 | OUT | |
2024-05-24 05:43:42 UTC | 1165 | OUT | |
2024-05-24 05:43:42 UTC | 50 | OUT | |
2024-05-24 05:43:42 UTC | 25 | IN | |
2024-05-24 05:43:43 UTC | 402 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.7 | 49714 | 149.154.167.220 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 05:43:57 UTC | 262 | OUT | |
2024-05-24 05:43:57 UTC | 25 | IN | |
2024-05-24 05:43:57 UTC | 1024 | OUT | |
2024-05-24 05:43:57 UTC | 16355 | OUT | |
2024-05-24 05:43:57 UTC | 16355 | OUT | |
2024-05-24 05:43:57 UTC | 16355 | OUT | |
2024-05-24 05:43:57 UTC | 15447 | OUT | |
2024-05-24 05:43:57 UTC | 1168 | OUT | |
2024-05-24 05:43:57 UTC | 50 | OUT | |
2024-05-24 05:43:58 UTC | 402 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.7 | 49715 | 149.154.167.220 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 05:43:59 UTC | 262 | OUT | |
2024-05-24 05:43:59 UTC | 1024 | OUT | |
2024-05-24 05:43:59 UTC | 16355 | OUT | |
2024-05-24 05:43:59 UTC | 16355 | OUT | |
2024-05-24 05:43:59 UTC | 16355 | OUT | |
2024-05-24 05:43:59 UTC | 15447 | OUT | |
2024-05-24 05:43:59 UTC | 1168 | OUT | |
2024-05-24 05:43:59 UTC | 50 | OUT | |
2024-05-24 05:44:00 UTC | 25 | IN | |
2024-05-24 05:44:00 UTC | 402 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.7 | 49716 | 149.154.167.220 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 05:44:06 UTC | 262 | OUT | |
2024-05-24 05:44:06 UTC | 25 | IN | |
2024-05-24 05:44:06 UTC | 1024 | OUT | |
2024-05-24 05:44:06 UTC | 16355 | OUT | |
2024-05-24 05:44:06 UTC | 16355 | OUT | |
2024-05-24 05:44:06 UTC | 16355 | OUT | |
2024-05-24 05:44:06 UTC | 15447 | OUT | |
2024-05-24 05:44:06 UTC | 1168 | OUT | |
2024-05-24 05:44:06 UTC | 50 | OUT | |
2024-05-24 05:44:07 UTC | 402 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.7 | 49717 | 149.154.167.220 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 05:44:09 UTC | 262 | OUT | |
2024-05-24 05:44:10 UTC | 25 | IN | |
2024-05-24 05:44:10 UTC | 1024 | OUT | |
2024-05-24 05:44:10 UTC | 16355 | OUT | |
2024-05-24 05:44:10 UTC | 16355 | OUT | |
2024-05-24 05:44:10 UTC | 16355 | OUT | |
2024-05-24 05:44:10 UTC | 15447 | OUT | |
2024-05-24 05:44:10 UTC | 1643 | OUT | |
2024-05-24 05:44:10 UTC | 50 | OUT | |
2024-05-24 05:44:10 UTC | 402 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
12 | 192.168.2.7 | 49718 | 149.154.167.220 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 05:44:15 UTC | 262 | OUT | |
2024-05-24 05:44:15 UTC | 1024 | OUT | |
2024-05-24 05:44:15 UTC | 16355 | OUT | |
2024-05-24 05:44:15 UTC | 16355 | OUT | |
2024-05-24 05:44:15 UTC | 16355 | OUT | |
2024-05-24 05:44:15 UTC | 15447 | OUT | |
2024-05-24 05:44:15 UTC | 1731 | OUT | |
2024-05-24 05:44:15 UTC | 50 | OUT | |
2024-05-24 05:44:15 UTC | 25 | IN | |
2024-05-24 05:44:15 UTC | 402 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
13 | 192.168.2.7 | 49719 | 149.154.167.220 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 05:44:24 UTC | 262 | OUT | |
2024-05-24 05:44:24 UTC | 25 | IN | |
2024-05-24 05:44:24 UTC | 1024 | OUT | |
2024-05-24 05:44:24 UTC | 16355 | OUT | |
2024-05-24 05:44:24 UTC | 16355 | OUT | |
2024-05-24 05:44:24 UTC | 16355 | OUT | |
2024-05-24 05:44:24 UTC | 15447 | OUT | |
2024-05-24 05:44:24 UTC | 1168 | OUT | |
2024-05-24 05:44:24 UTC | 50 | OUT | |
2024-05-24 05:44:24 UTC | 402 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
14 | 192.168.2.7 | 49720 | 149.154.167.220 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 05:44:51 UTC | 262 | OUT | |
2024-05-24 05:44:51 UTC | 25 | IN | |
2024-05-24 05:44:51 UTC | 1024 | OUT | |
2024-05-24 05:44:51 UTC | 16355 | OUT | |
2024-05-24 05:44:51 UTC | 16355 | OUT | |
2024-05-24 05:44:51 UTC | 16355 | OUT | |
2024-05-24 05:44:51 UTC | 15447 | OUT | |
2024-05-24 05:44:51 UTC | 1179 | OUT | |
2024-05-24 05:44:51 UTC | 50 | OUT | |
2024-05-24 05:44:51 UTC | 402 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
15 | 192.168.2.7 | 49721 | 149.154.167.220 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 05:44:54 UTC | 262 | OUT | |
2024-05-24 05:44:54 UTC | 25 | IN | |
2024-05-24 05:44:54 UTC | 1024 | OUT | |
2024-05-24 05:44:54 UTC | 16355 | OUT | |
2024-05-24 05:44:54 UTC | 16355 | OUT | |
2024-05-24 05:44:54 UTC | 16355 | OUT | |
2024-05-24 05:44:54 UTC | 15447 | OUT | |
2024-05-24 05:44:54 UTC | 1179 | OUT | |
2024-05-24 05:44:54 UTC | 50 | OUT | |
2024-05-24 05:44:54 UTC | 402 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
16 | 192.168.2.7 | 49722 | 149.154.167.220 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 05:45:00 UTC | 262 | OUT | |
2024-05-24 05:45:00 UTC | 25 | IN | |
2024-05-24 05:45:00 UTC | 1024 | OUT | |
2024-05-24 05:45:00 UTC | 16355 | OUT | |
2024-05-24 05:45:00 UTC | 16355 | OUT | |
2024-05-24 05:45:00 UTC | 16355 | OUT | |
2024-05-24 05:45:00 UTC | 15447 | OUT | |
2024-05-24 05:45:00 UTC | 1179 | OUT | |
2024-05-24 05:45:00 UTC | 50 | OUT | |
2024-05-24 05:45:01 UTC | 402 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
17 | 192.168.2.7 | 49723 | 149.154.167.220 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 05:45:03 UTC | 262 | OUT | |
2024-05-24 05:45:04 UTC | 25 | IN | |
2024-05-24 05:45:04 UTC | 1024 | OUT | |
2024-05-24 05:45:04 UTC | 16355 | OUT | |
2024-05-24 05:45:04 UTC | 16355 | OUT | |
2024-05-24 05:45:04 UTC | 16355 | OUT | |
2024-05-24 05:45:04 UTC | 15447 | OUT | |
2024-05-24 05:45:04 UTC | 1179 | OUT | |
2024-05-24 05:45:04 UTC | 50 | OUT | |
2024-05-24 05:45:04 UTC | 402 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
18 | 192.168.2.7 | 49724 | 149.154.167.220 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 05:45:05 UTC | 262 | OUT | |
2024-05-24 05:45:06 UTC | 25 | IN | |
2024-05-24 05:45:06 UTC | 1024 | OUT | |
2024-05-24 05:45:06 UTC | 16355 | OUT | |
2024-05-24 05:45:06 UTC | 16355 | OUT | |
2024-05-24 05:45:06 UTC | 16355 | OUT | |
2024-05-24 05:45:06 UTC | 15447 | OUT | |
2024-05-24 05:45:06 UTC | 1179 | OUT | |
2024-05-24 05:45:06 UTC | 50 | OUT | |
2024-05-24 05:45:06 UTC | 402 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
19 | 192.168.2.7 | 49725 | 149.154.167.220 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 05:45:17 UTC | 262 | OUT | |
2024-05-24 05:45:17 UTC | 25 | IN | |
2024-05-24 05:45:17 UTC | 1024 | OUT | |
2024-05-24 05:45:17 UTC | 16355 | OUT | |
2024-05-24 05:45:17 UTC | 16355 | OUT | |
2024-05-24 05:45:17 UTC | 16355 | OUT | |
2024-05-24 05:45:17 UTC | 15447 | OUT | |
2024-05-24 05:45:17 UTC | 1403 | OUT | |
2024-05-24 05:45:17 UTC | 50 | OUT | |
2024-05-24 05:45:18 UTC | 402 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
20 | 192.168.2.7 | 49726 | 149.154.167.220 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 05:45:22 UTC | 262 | OUT | |
2024-05-24 05:45:23 UTC | 25 | IN | |
2024-05-24 05:45:23 UTC | 1024 | OUT | |
2024-05-24 05:45:23 UTC | 16355 | OUT | |
2024-05-24 05:45:23 UTC | 16355 | OUT | |
2024-05-24 05:45:23 UTC | 16355 | OUT | |
2024-05-24 05:45:23 UTC | 15447 | OUT | |
2024-05-24 05:45:23 UTC | 1179 | OUT | |
2024-05-24 05:45:23 UTC | 50 | OUT | |
2024-05-24 05:45:23 UTC | 402 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
21 | 192.168.2.7 | 49727 | 149.154.167.220 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 05:45:30 UTC | 262 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
22 | 192.168.2.7 | 49728 | 149.154.167.220 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 05:45:30 UTC | 262 | OUT | |
2024-05-24 05:45:31 UTC | 25 | IN | |
2024-05-24 05:45:31 UTC | 1024 | OUT | |
2024-05-24 05:45:31 UTC | 16355 | OUT | |
2024-05-24 05:45:31 UTC | 16355 | OUT | |
2024-05-24 05:45:31 UTC | 16355 | OUT | |
2024-05-24 05:45:31 UTC | 15447 | OUT | |
2024-05-24 05:45:31 UTC | 1179 | OUT | |
2024-05-24 05:45:31 UTC | 50 | OUT | |
2024-05-24 05:45:31 UTC | 402 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 01:41:22 |
Start date: | 24/05/2024 |
Path: | C:\Users\user\Desktop\hesaphareketi-01.pdf.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7341d0000 |
File size: | 2'066'432 bytes |
MD5 hash: | 8F184DAF4D3D0FAC93DB93C798E616ED |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 01:41:22 |
Start date: | 24/05/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff75da10000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 01:41:23 |
Start date: | 24/05/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x450000 |
File size: | 65'440 bytes |
MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | false |
Execution Graph
Execution Coverage: | 6.2% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 27.3% |
Total number of Nodes: | 961 |
Total number of Limit Nodes: | 15 |
Graph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7341D55C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 95COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF734200560 Relevance: .4, Instructions: 398COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7341FEB10 Relevance: .3, Instructions: 332COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7341E2070 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 107COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7341DAE30 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 90memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7341D6480 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88sleepCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7341E1E90 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7341D9D50 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 71COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF734238D70 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7341E27D0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7341E2890 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7341D7EC0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 248COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7341D5270 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 193COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF734202700 Relevance: .9, Instructions: 945COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF734203600 Relevance: .6, Instructions: 626COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF734203F70 Relevance: .6, Instructions: 583COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7341EFDA0 Relevance: .4, Instructions: 432COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7341F69D0 Relevance: .4, Instructions: 415COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7341F4890 Relevance: .4, Instructions: 361COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7341EF7F4 Relevance: .4, Instructions: 357COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7342089D0 Relevance: .3, Instructions: 332COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7341F2934 Relevance: .3, Instructions: 327COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7341F88C0 Relevance: .3, Instructions: 273COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF734202290 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7341F57F0 Relevance: .3, Instructions: 251COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7341F8D40 Relevance: .2, Instructions: 171COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7341F3010 Relevance: .2, Instructions: 165COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7341FF360 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7341ED9F0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 227threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7341DA990 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 85libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7341D5D00 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 83threadlibraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7341D6100 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7341D3500 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF734212DC0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 73libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7341DAF90 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7341DAFE0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF7342392DC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00007FF73423A65C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Execution Graph
Execution Coverage: | 10.7% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 169 |
Total number of Limit Nodes: | 25 |
Graph
Function 061E3050 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E7D78 Relevance: 3.0, Strings: 2, Instructions: 476COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E5598 Relevance: 1.9, Strings: 1, Instructions: 603COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E2340 Relevance: 1.0, Instructions: 1014COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E65E8 Relevance: .8, Instructions: 813COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061EC188 Relevance: .6, Instructions: 638COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061EB228 Relevance: .6, Instructions: 573COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061EACD0 Relevance: 10.4, Strings: 8, Instructions: 398COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061EB648 Relevance: 8.0, Strings: 6, Instructions: 475COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E9150 Relevance: 5.2, Strings: 4, Instructions: 230COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061ECF48 Relevance: 4.6, Strings: 3, Instructions: 800COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E4B60 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E9140 Relevance: 2.7, Strings: 2, Instructions: 160COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E4B50 Relevance: 2.6, Strings: 2, Instructions: 147COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E5E9A8 Relevance: 1.7, APIs: 1, Instructions: 154COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061D254D Relevance: 1.7, APIs: 1, Instructions: 154COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061D2598 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061D5F7C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061D9C68 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061D6470 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061D6478 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061D9BA9 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061D9BB0 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E5EA90 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061D6203 Relevance: 1.5, APIs: 1, Instructions: 49comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061D14EA Relevance: 1.5, APIs: 1, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061D14F0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061D620C Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061D5FD4 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061D7649 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061D7F19 Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061EDAB5 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E21B5 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E21C8 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E61E8 Relevance: .2, Instructions: 229COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E4291 Relevance: .2, Instructions: 228COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E45B0 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E45C8 Relevance: .2, Instructions: 210COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061EEB00 Relevance: .2, Instructions: 204COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061EEB10 Relevance: .2, Instructions: 201COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061EFB98 Relevance: .2, Instructions: 175COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061EF949 Relevance: .2, Instructions: 171COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061EF958 Relevance: .2, Instructions: 163COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E5409 Relevance: .1, Instructions: 134COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E2078 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E2088 Relevance: .1, Instructions: 91COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E3A91 Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E3AA0 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00DED005 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00DED3BC Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00DED20C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00DED044 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E6D10 Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E41F0 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E3BB0 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061EED81 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061EA308 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E3868 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00DED3B7 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00DED207 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E3870 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E4200 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E3B9F Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061EED90 Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061EA318 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00DDD8B1 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061EC7E0 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00DDD8B0 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E6469 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E7698 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061EA938 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E7098 Relevance: 7.9, Strings: 6, Instructions: 405COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E83D0 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061E87E8 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 061EACC0 Relevance: 5.2, Strings: 4, Instructions: 165COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|