Windows
Analysis Report
LisectAVT_2403002A_127.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
LisectAVT_2403002A_127.exe (PID: 5396 cmdline:
"C:\Users\ user\Deskt op\LisectA VT_2403002 A_127.exe" MD5: 67CF14E98914A0AE61CDA009D3ED1DF7) LisectAVT_2403002A_127.exe (PID: 5020 cmdline:
"C:\Users\ user\Deskt op\LisectA VT_2403002 A_127.exe" MD5: 67CF14E98914A0AE61CDA009D3ED1DF7)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Agent Tesla, AgentTesla | A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel. |
{"C2 url": "https://api.telegram.org/bot6240128422:AAGfewUxVcQqKio_MV181yAuk31JpsBcgy8/sendMessage"}
{"Exfil Mode": "Telegram", "Telegram Url": "https://api.telegram.org/bot6240128422:AAGfewUxVcQqKio_MV181yAuk31JpsBcgy8/sendMessage?chat_id=1394550246"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
Click to see the 14 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID | Detects executables referencing Windows vault credential objects. Observed in infostealers | ditekSHen |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 17 entries |
Timestamp: | 2024-07-26T00:02:16.228907+0200 |
SID: | 2852815 |
Source Port: | 49745 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Timestamp: | 2024-07-26T00:01:20.476194+0200 |
SID: | 2852815 |
Source Port: | 49734 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Timestamp: | 2024-07-26T00:03:12.778554+0200 |
SID: | 2852815 |
Source Port: | 49755 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Timestamp: | 2024-07-26T00:03:04.473362+0200 |
SID: | 2852815 |
Source Port: | 49752 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Timestamp: | 2024-07-26T00:01:18.963992+0200 |
SID: | 2852815 |
Source Port: | 49733 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Timestamp: | 2024-07-26T00:02:49.873314+0200 |
SID: | 2852815 |
Source Port: | 49750 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Timestamp: | 2024-07-26T00:03:17.387586+0200 |
SID: | 2852815 |
Source Port: | 49757 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Timestamp: | 2024-07-26T00:02:30.614435+0200 |
SID: | 2852815 |
Source Port: | 49747 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Timestamp: | 2024-07-26T00:00:57.740029+0200 |
SID: | 2852815 |
Source Port: | 49730 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Timestamp: | 2024-07-26T00:00:52.810767+0200 |
SID: | 2852815 |
Source Port: | 49728 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Timestamp: | 2024-07-26T00:02:08.271354+0200 |
SID: | 2852815 |
Source Port: | 49742 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Timestamp: | 2024-07-26T00:01:35.574667+0200 |
SID: | 2852815 |
Source Port: | 49736 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Timestamp: | 2024-07-26T00:01:42.459543+0200 |
SID: | 2852815 |
Source Port: | 49738 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Timestamp: | 2024-07-25T23:59:27.125307+0200 |
SID: | 2022930 |
Source Port: | 443 |
Destination Port: | 49719 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-26T00:02:21.632702+0200 |
SID: | 2852815 |
Source Port: | 49746 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Timestamp: | 2024-07-26T00:02:59.571959+0200 |
SID: | 2852815 |
Source Port: | 49751 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Timestamp: | 2024-07-26T00:02:09.266140+0200 |
SID: | 2852815 |
Source Port: | 49743 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Timestamp: | 2024-07-26T00:00:59.090939+0200 |
SID: | 2852815 |
Source Port: | 49731 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Timestamp: | 2024-07-26T00:01:40.324857+0200 |
SID: | 2852815 |
Source Port: | 49737 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Timestamp: | 2024-07-26T00:02:00.361986+0200 |
SID: | 2852815 |
Source Port: | 49741 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Timestamp: | 2024-07-26T00:01:22.620409+0200 |
SID: | 2852815 |
Source Port: | 49735 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Timestamp: | 2024-07-26T00:03:05.972685+0200 |
SID: | 2852815 |
Source Port: | 49753 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Timestamp: | 2024-07-25T23:59:19.197358+0200 |
SID: | 2852815 |
Source Port: | 49717 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Timestamp: | 2024-07-26T00:00:04.546790+0200 |
SID: | 2022930 |
Source Port: | 443 |
Destination Port: | 49725 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-26T00:01:48.498588+0200 |
SID: | 2852815 |
Source Port: | 49740 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Timestamp: | 2024-07-26T00:01:11.484324+0200 |
SID: | 2852815 |
Source Port: | 49732 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Timestamp: | 2024-07-26T00:02:41.578349+0200 |
SID: | 2852815 |
Source Port: | 49748 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Timestamp: | 2024-07-26T00:03:08.262544+0200 |
SID: | 2852815 |
Source Port: | 49754 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Timestamp: | 2024-07-26T00:02:12.072219+0200 |
SID: | 2852815 |
Source Port: | 49744 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: | ||
Source: | Malware Configuration Extractor: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | File source: | ||
Source: | File source: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Windows user hook set: | Jump to behavior |
Source: | Window created: | Jump to behavior |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_0172D364 | |
Source: | Code function: | 0_2_02F13180 | |
Source: | Code function: | 0_2_054ABF68 | |
Source: | Code function: | 0_2_054AEAEE | |
Source: | Code function: | 3_2_0176A768 | |
Source: | Code function: | 3_2_01764A70 | |
Source: | Code function: | 3_2_0176EC68 | |
Source: | Code function: | 3_2_0176AF30 | |
Source: | Code function: | 3_2_01763E58 | |
Source: | Code function: | 3_2_017641A0 | |
Source: | Code function: | 3_2_01761978 | |
Source: | Code function: | 3_2_06CB0E0C | |
Source: | Code function: | 3_2_06CB22DB | |
Source: | Code function: | 3_2_06CB22E8 | |
Source: | Code function: | 3_2_06CB2FDE | |
Source: | Code function: | 3_2_06CC66F0 | |
Source: | Code function: | 3_2_06CC7E88 | |
Source: | Code function: | 3_2_06CCC690 | |
Source: | Code function: | 3_2_06CC56A0 | |
Source: | Code function: | 3_2_06CC2758 | |
Source: | Code function: | 3_2_06CCB338 | |
Source: | Code function: | 3_2_06CC77A8 | |
Source: | Code function: | 3_2_06CC5DF8 | |
Source: | Code function: | 3_2_06CCE8A8 | |
Source: | Code function: | 3_2_06CC0040 | |
Source: | Code function: | 3_2_06CC0007 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Static PE information: |
Source: | Code function: | 0_2_0172F4F9 | |
Source: | Code function: | 3_2_06CB2C6D | |
Source: | Code function: | 3_2_06CBBB90 |
Source: | Static PE information: |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | Registry key monitored for changes: | Jump to behavior | ||
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File source: |
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 121 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | 2 OS Credential Dumping | 1 File and Directory Discovery | Remote Services | 11 Archive Collected Data | 1 Web Service | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 11 Process Injection | 1 Deobfuscate/Decode Files or Information | 21 Input Capture | 24 System Information Discovery | Remote Desktop Protocol | 2 Data from Local System | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 2 Obfuscated Files or Information | 1 Credentials in Registry | 1 Query Registry | SMB/Windows Admin Shares | 1 Email Collection | 11 Encrypted Channel | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 12 Software Packing | NTDS | 111 Security Software Discovery | Distributed Component Object Model | 21 Input Capture | 3 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Timestomp | LSA Secrets | 1 Process Discovery | SSH | 1 Clipboard Data | 14 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | 141 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Masquerading | DCSync | 1 Application Window Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 141 Virtualization/Sandbox Evasion | Proc Filesystem | 1 System Network Configuration Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 11 Process Injection | /etc/passwd and /etc/shadow | Network Sniffing | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Spy.AgentTesla.kjtmf | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
api.ipify.org | 104.26.13.205 | true | false | unknown | |
api.telegram.org | 149.154.167.220 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | true | |
104.26.13.205 | api.ipify.org | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1482510 |
Start date and time: | 2024-07-25 23:58:18 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 9m 20s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | LisectAVT_2403002A_127.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/1@4/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- VT rate limit hit for: LisectAVT_2403002A_127.exe
Time | Type | Description |
---|---|---|
17:59:08 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
149.154.167.220 | Get hash | malicious | AgentTesla | Browse | ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | AsyncRAT, Neshta, StormKitty, WorldWind Stealer | Browse | |||
Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
104.26.13.205 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Quasar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Ficker Stealer, Rusty Stealer | Browse |
| ||
Get hash | malicious | Targeted Ransomware, TrojanRansom | Browse |
| ||
Get hash | malicious | Targeted Ransomware, TrojanRansom | Browse |
| ||
Get hash | malicious | Stealit | Browse |
| ||
Get hash | malicious | PureLog Stealer, Targeted Ransomware | Browse |
| ||
Get hash | malicious | Stealit | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
api.ipify.org | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Luna Grabber, Luna Logger | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla, Bdaejec | Browse |
| ||
api.telegram.org | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | AsyncRAT, Neshta, StormKitty, WorldWind Stealer | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
TELEGRAMRU | Get hash | malicious | Vidar | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | PrivateLoader | Browse |
| ||
Get hash | malicious | PureLog Stealer, Vidar | Browse |
| ||
Get hash | malicious | Bdaejec, Vidar | Browse |
| ||
Get hash | malicious | AsyncRAT, Neshta, StormKitty, WorldWind Stealer | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | Blank Grabber | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Luna Grabber, Luna Logger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | HTMLPhisher, Tycoon2FA | Browse |
| ||
Get hash | malicious | Python Stealer, Empyrean, Discord Token Stealer | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\LisectAVT_2403002A_127.exe.log ![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAXCAYAAAARIY8tAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyFpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTQyIDc5LjE2MDkyNCwgMjAxNy8wNy8xMy0wMTowNjozOSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIChXaW5kb3dzKSIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDo1MURGMTcxMEUwMTExMUU3ODcwNkQzRUEzRDEzQkU2NSIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDo1MURGMTcxMUUwMTExMUU3ODcwNkQzRUEzRDEzQkU2NSI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOjUxREYxNzBFRTAxMTExRTc4NzA2RDNFQTNEMTNCRTY1IiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOjUxREYxNzBGRTAxMTExRTc4NzA2RDNFQTNEMTNCRTY1Ii8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+ndzG2gAAA2JJREFUeNq0VVtIlEEU/nZXaTc1txbLMkrFxAuolA+Z3dQgqIdE0dSy1gclezJt1VWrh9TSBzUqKCorMs1L0ENJqV0helBMxTCSykUSzby77pKX7czorr/r6mLggcPMf/453zdz5pwzIoPBgNUUMVZZRJaM0evlUTRUrRArpmpouNIqAYFLaeggdV0hgYbUm0h01kJ0zhK4o9NGwdzJEsF20tRl74B270xDltC2RiZDpEqFTa7bTbbNHh6ISEvj/8xETRhbljtBPqm90JBV8xTa4WF8a2w02b5++oSJ0VGoq2vMCezmMBYTEPNOGpTmHjIHBwz09CyKB7OtXbfOUqhOEVagpROULJVVTCS2tjiafJYrm1vJzBIi4Vg2grTct5THjl2BiM5UQz8xwb8PxsXhc339ciTBDJa0UjyXloWWVsns7XmIjqWk8H29vH0Lz2/eoLmI29g/pktIAWHLJL4yqYo+IheckQAOxMZCVV4BhYuLKU19gvfCOygILp6eszcqlyPk5AmMDQ5C095uTiAn1TECVrGmbbj6+UFVVoag8HA8K7mGvzodnN3dIRaLURgXi8baFzxEM9PTNK9F3b27iL14CbvDj+FHSwuG+/qEJL4iOoZamFqn869AameHJ7mXMdLfj/tdGlxPSsSeiEhMjIxgemoKDooNeFv2GOdpIwlUHyyUx7NzwBrnwyy1kCCHZVExaZfRohsbw920VA5uFL1Wi5E//TicmIgjyckY6u0lsBnTf934OB5dyOG1YdY6iiRf9PopChNLdJZJ3PG3RjMPTs5JxSWccJu3z2wN/OrhlVyZl4vvzc3cZpiZYc7o7+42up6hvtQiEhTaB5aqIoo1XywQB4UCUekZ/ARMXt25g+rCAowNDCwsgHnfjwyLCAwS023IpK00JNEuRHaOjvwS2WIGHpOdjdD4eNSVlqKzqQmHlErYr5fzOUsCiY0NmA+bs8OwrCTwnkXtmk5RSkMCq9SQuBPw3b8P/qFh+NnaigfqTHR3dPB1W728kHDlKtwCAtD65jXa33/Au4pyTE9Ost8PCVxp8T2Y66adxobHct/N3w8tDQ0WKykgjMjb2oQJoSX1NO5+qQdHbd4RVyA5BJ5n7cFZkLYrfNGKrD76tAM9Den/QZBh/lwy+SfAAK5qO2iUYLhmAAAAAElFTkSuQmCC)
Download File
Process: | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1216 |
Entropy (8bit): | 5.34331486778365 |
Encrypted: | false |
SSDEEP: | 24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ |
MD5: | 1330C80CAAC9A0FB172F202485E9B1E8 |
SHA1: | 86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492 |
SHA-256: | B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560 |
SHA-512: | 75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2 |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 7.906401671315325 |
TrID: |
|
File name: | LisectAVT_2403002A_127.exe |
File size: | 697'350 bytes |
MD5: | 67cf14e98914a0ae61cda009d3ed1df7 |
SHA1: | 4bf4a1f9365eb649a2fdf1a30b2e4c149fad03dc |
SHA256: | 79d0926744b84fc30f2a528b4aa64b2aa015001616f7062f15695fa00de45081 |
SHA512: | b1edfdb6f9b03c2a9f1a0498bf28b40c1d3a2e4de80c7a8ff29397a9eaa1f787ccc2dbf2f9a69da1c601c963589187f43c2820b683435b8cfcbcfc703046360d |
SSDEEP: | 12288:BJggC74CMw3iOdiDSZnRtnt9iXSSfI5qIFngvpZsG9WxzQaU3y:BJgFoOdjtnOSKPhh6GEQn3 |
TLSH: | AEE4125BBB944377D25603F195AB198573BE602A3231C2581D9090EE1BB3F148A3AFE7 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....;...............0.................. ........@.. ....................................@................................ |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x4ab782 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0xC63BD28A [Thu May 23 03:54:50 2075 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
xor al, 35h |
xor eax, 43465138h |
push eax |
xor eax, 38453452h |
xor dl, byte ptr [ecx+eax*2+5Ah] |
push esi |
dec eax |
dec eax |
inc ebx |
inc esp |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xab72d | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xac000 | 0x630 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xae000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xa9b88 | 0x70 | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0xa97a0 | 0xa9800 | 8193fd6706e74e29a5e3aae149a0d41a | False | 0.9189553950036873 | data | 7.915103665911927 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0xac000 | 0x630 | 0x800 | 6595a3cb851e08b0dfc25234ff242d30 | False | 0.3388671875 | data | 3.4917892739525604 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xae000 | 0xc | 0x200 | f85008b1c8606e59e24b00d7ccff7558 | False | 0.044921875 | data | 0.10191042566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0xac090 | 0x3a0 | data | 0.41810344827586204 | ||
RT_MANIFEST | 0xac440 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5489795918367347 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Protocol | SID | Signature | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
2024-07-26T00:02:16.228907+0200 | TCP | 2852815 | ETPRO MALWARE Agent Tesla Telegram Exfil M2 | 49745 | 443 | 192.168.2.6 | 149.154.167.220 |
2024-07-26T00:01:20.476194+0200 | TCP | 2852815 | ETPRO MALWARE Agent Tesla Telegram Exfil M2 | 49734 | 443 | 192.168.2.6 | 149.154.167.220 |
2024-07-26T00:03:12.778554+0200 | TCP | 2852815 | ETPRO MALWARE Agent Tesla Telegram Exfil M2 | 49755 | 443 | 192.168.2.6 | 149.154.167.220 |
2024-07-26T00:03:04.473362+0200 | TCP | 2852815 | ETPRO MALWARE Agent Tesla Telegram Exfil M2 | 49752 | 443 | 192.168.2.6 | 149.154.167.220 |
2024-07-26T00:01:18.963992+0200 | TCP | 2852815 | ETPRO MALWARE Agent Tesla Telegram Exfil M2 | 49733 | 443 | 192.168.2.6 | 149.154.167.220 |
2024-07-26T00:02:49.873314+0200 | TCP | 2852815 | ETPRO MALWARE Agent Tesla Telegram Exfil M2 | 49750 | 443 | 192.168.2.6 | 149.154.167.220 |
2024-07-26T00:03:17.387586+0200 | TCP | 2852815 | ETPRO MALWARE Agent Tesla Telegram Exfil M2 | 49757 | 443 | 192.168.2.6 | 149.154.167.220 |
2024-07-26T00:02:30.614435+0200 | TCP | 2852815 | ETPRO MALWARE Agent Tesla Telegram Exfil M2 | 49747 | 443 | 192.168.2.6 | 149.154.167.220 |
2024-07-26T00:00:57.740029+0200 | TCP | 2852815 | ETPRO MALWARE Agent Tesla Telegram Exfil M2 | 49730 | 443 | 192.168.2.6 | 149.154.167.220 |
2024-07-26T00:00:52.810767+0200 | TCP | 2852815 | ETPRO MALWARE Agent Tesla Telegram Exfil M2 | 49728 | 443 | 192.168.2.6 | 149.154.167.220 |
2024-07-26T00:02:08.271354+0200 | TCP | 2852815 | ETPRO MALWARE Agent Tesla Telegram Exfil M2 | 49742 | 443 | 192.168.2.6 | 149.154.167.220 |
2024-07-26T00:01:35.574667+0200 | TCP | 2852815 | ETPRO MALWARE Agent Tesla Telegram Exfil M2 | 49736 | 443 | 192.168.2.6 | 149.154.167.220 |
2024-07-26T00:01:42.459543+0200 | TCP | 2852815 | ETPRO MALWARE Agent Tesla Telegram Exfil M2 | 49738 | 443 | 192.168.2.6 | 149.154.167.220 |
2024-07-25T23:59:27.125307+0200 | TCP | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 443 | 49719 | 20.12.23.50 | 192.168.2.6 |
2024-07-26T00:02:21.632702+0200 | TCP | 2852815 | ETPRO MALWARE Agent Tesla Telegram Exfil M2 | 49746 | 443 | 192.168.2.6 | 149.154.167.220 |
2024-07-26T00:02:59.571959+0200 | TCP | 2852815 | ETPRO MALWARE Agent Tesla Telegram Exfil M2 | 49751 | 443 | 192.168.2.6 | 149.154.167.220 |
2024-07-26T00:02:09.266140+0200 | TCP | 2852815 | ETPRO MALWARE Agent Tesla Telegram Exfil M2 | 49743 | 443 | 192.168.2.6 | 149.154.167.220 |
2024-07-26T00:00:59.090939+0200 | TCP | 2852815 | ETPRO MALWARE Agent Tesla Telegram Exfil M2 | 49731 | 443 | 192.168.2.6 | 149.154.167.220 |
2024-07-26T00:01:40.324857+0200 | TCP | 2852815 | ETPRO MALWARE Agent Tesla Telegram Exfil M2 | 49737 | 443 | 192.168.2.6 | 149.154.167.220 |
2024-07-26T00:02:00.361986+0200 | TCP | 2852815 | ETPRO MALWARE Agent Tesla Telegram Exfil M2 | 49741 | 443 | 192.168.2.6 | 149.154.167.220 |
2024-07-26T00:01:22.620409+0200 | TCP | 2852815 | ETPRO MALWARE Agent Tesla Telegram Exfil M2 | 49735 | 443 | 192.168.2.6 | 149.154.167.220 |
2024-07-26T00:03:05.972685+0200 | TCP | 2852815 | ETPRO MALWARE Agent Tesla Telegram Exfil M2 | 49753 | 443 | 192.168.2.6 | 149.154.167.220 |
2024-07-25T23:59:19.197358+0200 | TCP | 2852815 | ETPRO MALWARE Agent Tesla Telegram Exfil M2 | 49717 | 443 | 192.168.2.6 | 149.154.167.220 |
2024-07-26T00:00:04.546790+0200 | TCP | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 443 | 49725 | 20.12.23.50 | 192.168.2.6 |
2024-07-26T00:01:48.498588+0200 | TCP | 2852815 | ETPRO MALWARE Agent Tesla Telegram Exfil M2 | 49740 | 443 | 192.168.2.6 | 149.154.167.220 |
2024-07-26T00:01:11.484324+0200 | TCP | 2852815 | ETPRO MALWARE Agent Tesla Telegram Exfil M2 | 49732 | 443 | 192.168.2.6 | 149.154.167.220 |
2024-07-26T00:02:41.578349+0200 | TCP | 2852815 | ETPRO MALWARE Agent Tesla Telegram Exfil M2 | 49748 | 443 | 192.168.2.6 | 149.154.167.220 |
2024-07-26T00:03:08.262544+0200 | TCP | 2852815 | ETPRO MALWARE Agent Tesla Telegram Exfil M2 | 49754 | 443 | 192.168.2.6 | 149.154.167.220 |
2024-07-26T00:02:12.072219+0200 | TCP | 2852815 | ETPRO MALWARE Agent Tesla Telegram Exfil M2 | 49744 | 443 | 192.168.2.6 | 149.154.167.220 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 25, 2024 23:59:15.004329920 CEST | 49716 | 443 | 192.168.2.6 | 104.26.13.205 |
Jul 25, 2024 23:59:15.004374981 CEST | 443 | 49716 | 104.26.13.205 | 192.168.2.6 |
Jul 25, 2024 23:59:15.004498959 CEST | 49716 | 443 | 192.168.2.6 | 104.26.13.205 |
Jul 25, 2024 23:59:15.011059046 CEST | 49716 | 443 | 192.168.2.6 | 104.26.13.205 |
Jul 25, 2024 23:59:15.011077881 CEST | 443 | 49716 | 104.26.13.205 | 192.168.2.6 |
Jul 25, 2024 23:59:15.499675035 CEST | 443 | 49716 | 104.26.13.205 | 192.168.2.6 |
Jul 25, 2024 23:59:15.499753952 CEST | 49716 | 443 | 192.168.2.6 | 104.26.13.205 |
Jul 25, 2024 23:59:15.501621962 CEST | 49716 | 443 | 192.168.2.6 | 104.26.13.205 |
Jul 25, 2024 23:59:15.501627922 CEST | 443 | 49716 | 104.26.13.205 | 192.168.2.6 |
Jul 25, 2024 23:59:15.501876116 CEST | 443 | 49716 | 104.26.13.205 | 192.168.2.6 |
Jul 25, 2024 23:59:15.542680979 CEST | 49716 | 443 | 192.168.2.6 | 104.26.13.205 |
Jul 25, 2024 23:59:15.556162119 CEST | 49716 | 443 | 192.168.2.6 | 104.26.13.205 |
Jul 25, 2024 23:59:15.600523949 CEST | 443 | 49716 | 104.26.13.205 | 192.168.2.6 |
Jul 25, 2024 23:59:15.669361115 CEST | 443 | 49716 | 104.26.13.205 | 192.168.2.6 |
Jul 25, 2024 23:59:15.669469118 CEST | 443 | 49716 | 104.26.13.205 | 192.168.2.6 |
Jul 25, 2024 23:59:15.669527054 CEST | 49716 | 443 | 192.168.2.6 | 104.26.13.205 |
Jul 25, 2024 23:59:15.675133944 CEST | 49716 | 443 | 192.168.2.6 | 104.26.13.205 |
Jul 25, 2024 23:59:16.303420067 CEST | 49717 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 25, 2024 23:59:16.303514004 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.6 |
Jul 25, 2024 23:59:16.303597927 CEST | 49717 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 25, 2024 23:59:16.304650068 CEST | 49717 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 25, 2024 23:59:16.304682970 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.6 |
Jul 25, 2024 23:59:16.935292006 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.6 |
Jul 25, 2024 23:59:16.935359001 CEST | 49717 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 25, 2024 23:59:16.937222958 CEST | 49717 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 25, 2024 23:59:16.937232971 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.6 |
Jul 25, 2024 23:59:16.937473059 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.6 |
Jul 25, 2024 23:59:16.938875914 CEST | 49717 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 25, 2024 23:59:16.984503031 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.6 |
Jul 25, 2024 23:59:17.232371092 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.6 |
Jul 25, 2024 23:59:17.232626915 CEST | 49717 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 25, 2024 23:59:17.232650042 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.6 |
Jul 25, 2024 23:59:19.197386980 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.6 |
Jul 25, 2024 23:59:19.197525978 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.6 |
Jul 25, 2024 23:59:19.197617054 CEST | 49717 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 25, 2024 23:59:19.202209949 CEST | 49717 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:00:51.852454901 CEST | 49728 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:00:51.852505922 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:51.852580070 CEST | 49728 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:00:51.853101015 CEST | 49728 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:00:51.853111029 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:52.497275114 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:52.510075092 CEST | 49728 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:00:52.510094881 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:52.809459925 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:52.810113907 CEST | 49728 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:00:52.810136080 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:52.810395002 CEST | 49728 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:00:52.810405970 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:52.810713053 CEST | 49728 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:00:52.810720921 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:53.157732010 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:53.158307076 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:53.158354998 CEST | 49728 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:00:53.158431053 CEST | 49728 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:00:56.496120930 CEST | 49730 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:00:56.496181011 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:56.500509977 CEST | 49730 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:00:56.500509977 CEST | 49730 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:00:56.500559092 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:57.421861887 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:57.423902988 CEST | 49730 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:00:57.423923016 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:57.739348888 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:57.739694118 CEST | 49730 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:00:57.739720106 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:57.739830971 CEST | 49730 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:00:57.739847898 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:57.739914894 CEST | 49730 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:00:57.739929914 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:58.075686932 CEST | 49731 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:00:58.075733900 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:58.076143980 CEST | 49731 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:00:58.076488972 CEST | 49731 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:00:58.076498985 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:58.094763041 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:58.095654964 CEST | 49730 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:00:58.765328884 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:58.767230988 CEST | 49731 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:00:58.767260075 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:59.089742899 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:59.090604067 CEST | 49731 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:00:59.090625048 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:59.090647936 CEST | 49731 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:00:59.090662956 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:59.090681076 CEST | 49731 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:00:59.090687037 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:59.090742111 CEST | 49731 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:00:59.090759993 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:59.090810061 CEST | 49731 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:00:59.090817928 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:59.449945927 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:59.450288057 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:00:59.450429916 CEST | 49731 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:00:59.450613976 CEST | 49731 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:10.496318102 CEST | 49732 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:10.496375084 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:10.497860909 CEST | 49732 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:10.498084068 CEST | 49732 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:10.498092890 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:11.150144100 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:11.152102947 CEST | 49732 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:11.152116060 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:11.483280897 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:11.483995914 CEST | 49732 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:11.484018087 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:11.484029055 CEST | 49732 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:11.484034061 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:11.484106064 CEST | 49732 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:11.484117031 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:11.484287977 CEST | 49732 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:11.484296083 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:11.832446098 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:11.832613945 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:11.832660913 CEST | 49732 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:11.833260059 CEST | 49732 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:18.026664019 CEST | 49733 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:18.026700974 CEST | 443 | 49733 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:18.026993990 CEST | 49733 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:18.030108929 CEST | 49733 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:18.030123949 CEST | 443 | 49733 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:18.657047987 CEST | 443 | 49733 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:18.659035921 CEST | 49733 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:18.659050941 CEST | 443 | 49733 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:18.958671093 CEST | 443 | 49733 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:18.960464001 CEST | 49733 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:18.960499048 CEST | 443 | 49733 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:18.962866068 CEST | 49733 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:18.962897062 CEST | 443 | 49733 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:18.963913918 CEST | 49733 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:18.963931084 CEST | 443 | 49733 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:19.317627907 CEST | 443 | 49733 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:19.317730904 CEST | 443 | 49733 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:19.317996979 CEST | 49733 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:19.318217993 CEST | 49733 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:19.452750921 CEST | 49734 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:19.452796936 CEST | 443 | 49734 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:19.452864885 CEST | 49734 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:19.453243017 CEST | 49734 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:19.453254938 CEST | 443 | 49734 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:20.133105993 CEST | 443 | 49734 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:20.134874105 CEST | 49734 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:20.134902954 CEST | 443 | 49734 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:20.475481987 CEST | 443 | 49734 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:20.475881100 CEST | 49734 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:20.475917101 CEST | 443 | 49734 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:20.475996017 CEST | 49734 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:20.476010084 CEST | 443 | 49734 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:20.476078033 CEST | 49734 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:20.476087093 CEST | 443 | 49734 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:20.832113981 CEST | 443 | 49734 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:20.832657099 CEST | 49734 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:20.832679033 CEST | 443 | 49734 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:20.832777977 CEST | 443 | 49734 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:20.832851887 CEST | 49734 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:20.832876921 CEST | 49734 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:21.656552076 CEST | 49735 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:21.656605005 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:21.656732082 CEST | 49735 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:21.657088041 CEST | 49735 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:21.657098055 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:22.300020933 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:22.302187920 CEST | 49735 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:22.302212000 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:22.619575024 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:22.619951963 CEST | 49735 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:22.619976997 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:22.620126963 CEST | 49735 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:22.620137930 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:22.620208025 CEST | 49735 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:22.620218039 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:22.989844084 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:22.989943027 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:22.990108013 CEST | 49735 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:22.990535021 CEST | 49735 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:34.610832930 CEST | 49736 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:34.610872030 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:34.610935926 CEST | 49736 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:34.611342907 CEST | 49736 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:34.611350060 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:35.238863945 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:35.242201090 CEST | 49736 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:35.242213964 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:35.571036100 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:35.572177887 CEST | 49736 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:35.572200060 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:35.572357893 CEST | 49736 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:35.572386980 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:35.574568987 CEST | 49736 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:35.574580908 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:35.902190924 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:35.902538061 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:35.905226946 CEST | 49736 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:35.905870914 CEST | 49736 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:39.281148911 CEST | 49737 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:39.281203032 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:39.281316042 CEST | 49737 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:39.281596899 CEST | 49737 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:39.281608105 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:39.969990969 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:39.974152088 CEST | 49737 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:39.974184990 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:40.324440956 CEST | 49737 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:40.324501991 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:40.324590921 CEST | 49737 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:40.324603081 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:40.324660063 CEST | 49737 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:40.324668884 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:40.519064903 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:40.574188948 CEST | 49737 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:40.859468937 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:40.859560966 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:40.859635115 CEST | 49737 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:40.860172987 CEST | 49737 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:41.370949030 CEST | 49738 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:41.370997906 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:41.371234894 CEST | 49738 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:41.371608973 CEST | 49738 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:41.371617079 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:42.118009090 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:42.120162964 CEST | 49738 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:42.120181084 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:42.458806992 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:42.459191084 CEST | 49738 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:42.459213972 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:42.459285021 CEST | 49738 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:42.459300041 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:42.459362984 CEST | 49738 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:42.459374905 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:42.823820114 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:42.824359894 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:42.824410915 CEST | 49738 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:42.824608088 CEST | 49738 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:47.530173063 CEST | 49740 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:47.530241013 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:47.530772924 CEST | 49740 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:47.531277895 CEST | 49740 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:47.531300068 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:48.180684090 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:48.182440996 CEST | 49740 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:48.182463884 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:48.497425079 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:48.498300076 CEST | 49740 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:48.498342991 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:48.498430967 CEST | 49740 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:48.498450041 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:48.498500109 CEST | 49740 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:48.498512030 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:48.880711079 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:48.880903006 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:48.880964994 CEST | 49740 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:48.881428003 CEST | 49740 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:59.404118061 CEST | 49741 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:59.404155016 CEST | 443 | 49741 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:01:59.404326916 CEST | 49741 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:59.404656887 CEST | 49741 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:01:59.404668093 CEST | 443 | 49741 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:00.047760010 CEST | 443 | 49741 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:00.049560070 CEST | 49741 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:00.049593925 CEST | 443 | 49741 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:00.361363888 CEST | 443 | 49741 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:00.361668110 CEST | 49741 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:00.361694098 CEST | 443 | 49741 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:00.361788034 CEST | 49741 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:00.361802101 CEST | 443 | 49741 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:00.361942053 CEST | 49741 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:00.361951113 CEST | 443 | 49741 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:00.719443083 CEST | 443 | 49741 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:00.719537973 CEST | 443 | 49741 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:00.719594002 CEST | 49741 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:00.720160007 CEST | 49741 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:07.278935909 CEST | 49742 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:07.278980970 CEST | 443 | 49742 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:07.279174089 CEST | 49742 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:07.282241106 CEST | 49742 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:07.282262087 CEST | 443 | 49742 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:07.957529068 CEST | 443 | 49742 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:07.961199045 CEST | 49742 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:07.961225033 CEST | 443 | 49742 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:08.270474911 CEST | 443 | 49742 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:08.270970106 CEST | 49742 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:08.270991087 CEST | 443 | 49742 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:08.271162987 CEST | 49742 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:08.271176100 CEST | 443 | 49742 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:08.271255970 CEST | 49742 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:08.271265030 CEST | 443 | 49742 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:08.331931114 CEST | 49742 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:08.332034111 CEST | 443 | 49742 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:08.332093954 CEST | 49742 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:08.332433939 CEST | 49743 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:08.332489014 CEST | 443 | 49743 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:08.332545996 CEST | 49743 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:08.332914114 CEST | 49743 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:08.332927942 CEST | 443 | 49743 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:08.957714081 CEST | 443 | 49743 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:08.957809925 CEST | 49743 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:08.960566044 CEST | 49743 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:08.960578918 CEST | 443 | 49743 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:08.960875988 CEST | 443 | 49743 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:08.962445974 CEST | 49743 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:09.004503012 CEST | 443 | 49743 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:09.263288975 CEST | 443 | 49743 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:09.265728951 CEST | 49743 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:09.265769005 CEST | 443 | 49743 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:09.265974045 CEST | 49743 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:09.266000986 CEST | 443 | 49743 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:09.266103029 CEST | 49743 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:09.266117096 CEST | 443 | 49743 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:09.603997946 CEST | 443 | 49743 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:09.604147911 CEST | 443 | 49743 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:09.604345083 CEST | 49743 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:09.604984045 CEST | 49743 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:11.142242908 CEST | 49744 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:11.142292976 CEST | 443 | 49744 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:11.143770933 CEST | 49744 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:11.144212961 CEST | 49744 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:11.144227982 CEST | 443 | 49744 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:11.762010098 CEST | 443 | 49744 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:11.766216040 CEST | 49744 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:11.766239882 CEST | 443 | 49744 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:12.071369886 CEST | 443 | 49744 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:12.071702003 CEST | 49744 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:12.071748018 CEST | 443 | 49744 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:12.071965933 CEST | 49744 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:12.071997881 CEST | 443 | 49744 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:12.072139025 CEST | 49744 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:12.072153091 CEST | 443 | 49744 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:12.413671970 CEST | 443 | 49744 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:12.414273977 CEST | 49744 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:12.414340019 CEST | 443 | 49744 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:12.414397001 CEST | 49744 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:15.269468069 CEST | 49745 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:15.269519091 CEST | 443 | 49745 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:15.269627094 CEST | 49745 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:15.270044088 CEST | 49745 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:15.270056963 CEST | 443 | 49745 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:15.915496111 CEST | 443 | 49745 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:15.915642977 CEST | 49745 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:15.918220997 CEST | 49745 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:15.918231964 CEST | 443 | 49745 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:15.918500900 CEST | 443 | 49745 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:15.919894934 CEST | 49745 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:15.960530043 CEST | 443 | 49745 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:16.228239059 CEST | 443 | 49745 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:16.228560925 CEST | 49745 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:16.228600025 CEST | 443 | 49745 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:16.228722095 CEST | 49745 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:16.228739023 CEST | 443 | 49745 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:16.228820086 CEST | 49745 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:16.228833914 CEST | 443 | 49745 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:16.589287996 CEST | 443 | 49745 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:16.589900017 CEST | 443 | 49745 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:16.590003967 CEST | 49745 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:16.590003967 CEST | 49745 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:16.590029955 CEST | 443 | 49745 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:16.590080023 CEST | 49745 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:20.684202909 CEST | 49746 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:20.684266090 CEST | 443 | 49746 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:20.684505939 CEST | 49746 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:20.684762001 CEST | 49746 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:20.684772968 CEST | 443 | 49746 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:21.322721958 CEST | 443 | 49746 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:21.325299978 CEST | 49746 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:21.325331926 CEST | 443 | 49746 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:21.631896019 CEST | 443 | 49746 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:21.632285118 CEST | 49746 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:21.632323980 CEST | 443 | 49746 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:21.632406950 CEST | 49746 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:21.632427931 CEST | 443 | 49746 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:21.632513046 CEST | 49746 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:21.632529020 CEST | 443 | 49746 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:21.980222940 CEST | 443 | 49746 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:21.980308056 CEST | 443 | 49746 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:21.980360031 CEST | 49746 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:21.980900049 CEST | 49746 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:29.663893938 CEST | 49747 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:29.663991928 CEST | 443 | 49747 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:29.664081097 CEST | 49747 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:29.664560080 CEST | 49747 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:29.664597034 CEST | 443 | 49747 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:30.300543070 CEST | 443 | 49747 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:30.302794933 CEST | 49747 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:30.302855968 CEST | 443 | 49747 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:30.611543894 CEST | 443 | 49747 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:30.611891985 CEST | 49747 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:30.611927032 CEST | 443 | 49747 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:30.612063885 CEST | 49747 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:30.612078905 CEST | 443 | 49747 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:30.614367008 CEST | 49747 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:30.614377022 CEST | 443 | 49747 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:30.957629919 CEST | 443 | 49747 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:30.957709074 CEST | 443 | 49747 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:30.958115101 CEST | 49747 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:30.958187103 CEST | 49747 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:40.578620911 CEST | 49748 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:40.578674078 CEST | 443 | 49748 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:40.578749895 CEST | 49748 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:40.579058886 CEST | 49748 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:40.579070091 CEST | 443 | 49748 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:41.244049072 CEST | 443 | 49748 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:41.248347044 CEST | 49748 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:41.248378038 CEST | 443 | 49748 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:41.577490091 CEST | 443 | 49748 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:41.577780962 CEST | 49748 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:41.577817917 CEST | 443 | 49748 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:41.577996969 CEST | 49748 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:41.578016996 CEST | 443 | 49748 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:41.578291893 CEST | 49748 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:41.578304052 CEST | 443 | 49748 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:41.988781929 CEST | 443 | 49748 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:41.988862038 CEST | 443 | 49748 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:41.988940001 CEST | 49748 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:41.989443064 CEST | 49748 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:48.855700970 CEST | 49750 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:48.855767965 CEST | 443 | 49750 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:48.855930090 CEST | 49750 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:48.856261969 CEST | 49750 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:48.856273890 CEST | 443 | 49750 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:49.537415981 CEST | 443 | 49750 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:49.538990021 CEST | 49750 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:49.539010048 CEST | 443 | 49750 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:49.872199059 CEST | 443 | 49750 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:49.872622013 CEST | 49750 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:49.872718096 CEST | 443 | 49750 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:49.872828007 CEST | 49750 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:49.872857094 CEST | 443 | 49750 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:49.872962952 CEST | 49750 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:49.873183012 CEST | 443 | 49750 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:50.300939083 CEST | 443 | 49750 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:50.301035881 CEST | 443 | 49750 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:50.301162958 CEST | 49750 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:50.302258968 CEST | 49750 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:58.658303022 CEST | 49751 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:58.658358097 CEST | 443 | 49751 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:58.660012007 CEST | 49751 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:58.660432100 CEST | 49751 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:58.660439968 CEST | 443 | 49751 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:59.270371914 CEST | 443 | 49751 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:59.272387981 CEST | 49751 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:59.272407055 CEST | 443 | 49751 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:59.571265936 CEST | 443 | 49751 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:59.571619987 CEST | 49751 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:59.571649075 CEST | 443 | 49751 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:59.571732998 CEST | 49751 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:59.571748972 CEST | 443 | 49751 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:59.571809053 CEST | 49751 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:59.571818113 CEST | 443 | 49751 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:59.909204006 CEST | 443 | 49751 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:59.909348011 CEST | 443 | 49751 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:02:59.909403086 CEST | 49751 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:02:59.909789085 CEST | 49751 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:03.497111082 CEST | 49752 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:03.497165918 CEST | 443 | 49752 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:03.497236013 CEST | 49752 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:03.497736931 CEST | 49752 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:03.497745991 CEST | 443 | 49752 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:04.149580002 CEST | 443 | 49752 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:04.151448965 CEST | 49752 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:04.151474953 CEST | 443 | 49752 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:04.472655058 CEST | 443 | 49752 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:04.473018885 CEST | 49752 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:04.473047018 CEST | 443 | 49752 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:04.473175049 CEST | 49752 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:04.473195076 CEST | 443 | 49752 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:04.473269939 CEST | 49752 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:04.473282099 CEST | 443 | 49752 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:04.826343060 CEST | 443 | 49752 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:04.826435089 CEST | 443 | 49752 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:04.826694965 CEST | 49752 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:04.827366114 CEST | 49752 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:04.997873068 CEST | 49753 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:04.997934103 CEST | 443 | 49753 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:04.998481035 CEST | 49753 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:04.998878956 CEST | 49753 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:04.998889923 CEST | 443 | 49753 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:05.653088093 CEST | 443 | 49753 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:05.655260086 CEST | 49753 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:05.655283928 CEST | 443 | 49753 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:05.971663952 CEST | 443 | 49753 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:05.972062111 CEST | 49753 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:05.972143888 CEST | 443 | 49753 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:05.972284079 CEST | 49753 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:05.972321033 CEST | 443 | 49753 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:05.972429991 CEST | 49753 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:05.972451925 CEST | 443 | 49753 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:06.330545902 CEST | 443 | 49753 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:06.330634117 CEST | 443 | 49753 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:06.330755949 CEST | 49753 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:06.331202984 CEST | 49753 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:07.299269915 CEST | 49754 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:07.299362898 CEST | 443 | 49754 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:07.299446106 CEST | 49754 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:07.299845934 CEST | 49754 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:07.299881935 CEST | 443 | 49754 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:07.939866066 CEST | 443 | 49754 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:07.949517965 CEST | 49754 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:07.949580908 CEST | 443 | 49754 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:08.255888939 CEST | 443 | 49754 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:08.256298065 CEST | 49754 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:08.256392956 CEST | 443 | 49754 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:08.258430958 CEST | 49754 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:08.258476019 CEST | 443 | 49754 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:08.262429953 CEST | 49754 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:08.262456894 CEST | 443 | 49754 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:08.620212078 CEST | 443 | 49754 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:08.620465040 CEST | 443 | 49754 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:08.621565104 CEST | 49754 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:08.621591091 CEST | 443 | 49754 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:08.621622086 CEST | 49754 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:08.621679068 CEST | 49754 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:11.861268997 CEST | 49755 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:11.861310959 CEST | 443 | 49755 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:11.861704111 CEST | 49755 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:11.862206936 CEST | 49755 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:11.862215042 CEST | 443 | 49755 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:12.473069906 CEST | 443 | 49755 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:12.476571083 CEST | 49755 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:12.476583958 CEST | 443 | 49755 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:12.776642084 CEST | 443 | 49755 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:12.777057886 CEST | 49755 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:12.777074099 CEST | 443 | 49755 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:12.777446985 CEST | 49755 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:12.777462006 CEST | 443 | 49755 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:12.777539968 CEST | 49755 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:12.777878046 CEST | 443 | 49755 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:12.778415918 CEST | 443 | 49755 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:13.121032000 CEST | 443 | 49755 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:13.121134043 CEST | 443 | 49755 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:13.121449947 CEST | 49755 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:13.121941090 CEST | 49755 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:14.373706102 CEST | 49756 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:14.373759031 CEST | 443 | 49756 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:14.373889923 CEST | 49756 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:14.374238014 CEST | 49756 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:14.374248981 CEST | 443 | 49756 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:15.014398098 CEST | 443 | 49756 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:15.058670044 CEST | 49756 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:16.364952087 CEST | 49756 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:16.364976883 CEST | 443 | 49756 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:16.397814989 CEST | 49756 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:16.397914886 CEST | 443 | 49756 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:16.397995949 CEST | 49756 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:16.398122072 CEST | 49757 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:16.398159027 CEST | 443 | 49757 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:16.398227930 CEST | 49757 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:16.398487091 CEST | 49757 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:16.398494005 CEST | 443 | 49757 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:17.038391113 CEST | 443 | 49757 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:17.038465977 CEST | 49757 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:17.039900064 CEST | 49757 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:17.039906979 CEST | 443 | 49757 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:17.040237904 CEST | 443 | 49757 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:17.041723967 CEST | 49757 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:17.084495068 CEST | 443 | 49757 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:17.387037039 CEST | 49757 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:17.387085915 CEST | 443 | 49757 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:17.387135029 CEST | 49757 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:17.387154102 CEST | 443 | 49757 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:17.387186050 CEST | 49757 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:17.387198925 CEST | 443 | 49757 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:17.387254953 CEST | 49757 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:17.387329102 CEST | 443 | 49757 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:17.387459040 CEST | 443 | 49757 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:17.388008118 CEST | 443 | 49757 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:17.433679104 CEST | 49757 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:17.733129025 CEST | 443 | 49757 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:17.733248949 CEST | 443 | 49757 | 149.154.167.220 | 192.168.2.6 |
Jul 26, 2024 00:03:17.733315945 CEST | 49757 | 443 | 192.168.2.6 | 149.154.167.220 |
Jul 26, 2024 00:03:17.733756065 CEST | 49757 | 443 | 192.168.2.6 | 149.154.167.220 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 25, 2024 23:59:14.991641045 CEST | 55589 | 53 | 192.168.2.6 | 1.1.1.1 |
Jul 25, 2024 23:59:14.998450041 CEST | 53 | 55589 | 1.1.1.1 | 192.168.2.6 |
Jul 25, 2024 23:59:16.223233938 CEST | 49207 | 53 | 192.168.2.6 | 1.1.1.1 |
Jul 25, 2024 23:59:16.302690983 CEST | 53 | 49207 | 1.1.1.1 | 192.168.2.6 |
Jul 26, 2024 00:00:51.841928959 CEST | 59878 | 53 | 192.168.2.6 | 1.1.1.1 |
Jul 26, 2024 00:00:51.851747036 CEST | 53 | 59878 | 1.1.1.1 | 192.168.2.6 |
Jul 26, 2024 00:02:07.268716097 CEST | 52928 | 53 | 192.168.2.6 | 1.1.1.1 |
Jul 26, 2024 00:02:07.276221991 CEST | 53 | 52928 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jul 25, 2024 23:59:14.991641045 CEST | 192.168.2.6 | 1.1.1.1 | 0x5350 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 25, 2024 23:59:16.223233938 CEST | 192.168.2.6 | 1.1.1.1 | 0xb73b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 26, 2024 00:00:51.841928959 CEST | 192.168.2.6 | 1.1.1.1 | 0x3325 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 26, 2024 00:02:07.268716097 CEST | 192.168.2.6 | 1.1.1.1 | 0x5104 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 25, 2024 23:59:14.998450041 CEST | 1.1.1.1 | 192.168.2.6 | 0x5350 | No error (0) | 104.26.13.205 | A (IP address) | IN (0x0001) | false | ||
Jul 25, 2024 23:59:14.998450041 CEST | 1.1.1.1 | 192.168.2.6 | 0x5350 | No error (0) | 172.67.74.152 | A (IP address) | IN (0x0001) | false | ||
Jul 25, 2024 23:59:14.998450041 CEST | 1.1.1.1 | 192.168.2.6 | 0x5350 | No error (0) | 104.26.12.205 | A (IP address) | IN (0x0001) | false | ||
Jul 25, 2024 23:59:16.302690983 CEST | 1.1.1.1 | 192.168.2.6 | 0xb73b | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false | ||
Jul 26, 2024 00:00:51.851747036 CEST | 1.1.1.1 | 192.168.2.6 | 0x3325 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false | ||
Jul 26, 2024 00:02:07.276221991 CEST | 1.1.1.1 | 192.168.2.6 | 0x5104 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49716 | 104.26.13.205 | 443 | 5020 | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 21:59:15 UTC | 155 | OUT | |
2024-07-25 21:59:15 UTC | 211 | IN | |
2024-07-25 21:59:15 UTC | 11 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.6 | 49717 | 149.154.167.220 | 443 | 5020 | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 21:59:16 UTC | 260 | OUT | |
2024-07-25 21:59:17 UTC | 25 | IN | |
2024-07-25 21:59:17 UTC | 975 | OUT | |
2024-07-25 21:59:19 UTC | 405 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.6 | 49728 | 149.154.167.220 | 443 | 5020 | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 22:00:52 UTC | 238 | OUT | |
2024-07-25 22:00:52 UTC | 25 | IN | |
2024-07-25 22:00:52 UTC | 1024 | OUT | |
2024-07-25 22:00:52 UTC | 16355 | OUT | |
2024-07-25 22:00:52 UTC | 16355 | OUT | |
2024-07-25 22:00:52 UTC | 16355 | OUT | |
2024-07-25 22:00:52 UTC | 9349 | OUT | |
2024-07-25 22:00:52 UTC | 50 | OUT | |
2024-07-25 22:00:53 UTC | 405 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.6 | 49730 | 149.154.167.220 | 443 | 5020 | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 22:00:57 UTC | 238 | OUT | |
2024-07-25 22:00:57 UTC | 25 | IN | |
2024-07-25 22:00:57 UTC | 1024 | OUT | |
2024-07-25 22:00:57 UTC | 16355 | OUT | |
2024-07-25 22:00:57 UTC | 16355 | OUT | |
2024-07-25 22:00:57 UTC | 16355 | OUT | |
2024-07-25 22:00:57 UTC | 7423 | OUT | |
2024-07-25 22:00:57 UTC | 50 | OUT | |
2024-07-25 22:00:58 UTC | 405 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.6 | 49731 | 149.154.167.220 | 443 | 5020 | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 22:00:58 UTC | 262 | OUT | |
2024-07-25 22:00:59 UTC | 25 | IN | |
2024-07-25 22:00:59 UTC | 1024 | OUT | |
2024-07-25 22:00:59 UTC | 16355 | OUT | |
2024-07-25 22:00:59 UTC | 16355 | OUT | |
2024-07-25 22:00:59 UTC | 16355 | OUT | |
2024-07-25 22:00:59 UTC | 7423 | OUT | |
2024-07-25 22:00:59 UTC | 50 | OUT | |
2024-07-25 22:00:59 UTC | 405 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.6 | 49732 | 149.154.167.220 | 443 | 5020 | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 22:01:11 UTC | 238 | OUT | |
2024-07-25 22:01:11 UTC | 25 | IN | |
2024-07-25 22:01:11 UTC | 1024 | OUT | |
2024-07-25 22:01:11 UTC | 16355 | OUT | |
2024-07-25 22:01:11 UTC | 16355 | OUT | |
2024-07-25 22:01:11 UTC | 16355 | OUT | |
2024-07-25 22:01:11 UTC | 7412 | OUT | |
2024-07-25 22:01:11 UTC | 50 | OUT | |
2024-07-25 22:01:11 UTC | 405 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.6 | 49733 | 149.154.167.220 | 443 | 5020 | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 22:01:18 UTC | 262 | OUT | |
2024-07-25 22:01:18 UTC | 25 | IN | |
2024-07-25 22:01:18 UTC | 1024 | OUT | |
2024-07-25 22:01:18 UTC | 16355 | OUT | |
2024-07-25 22:01:18 UTC | 16355 | OUT | |
2024-07-25 22:01:18 UTC | 16355 | OUT | |
2024-07-25 22:01:18 UTC | 7412 | OUT | |
2024-07-25 22:01:18 UTC | 50 | OUT | |
2024-07-25 22:01:19 UTC | 405 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.6 | 49734 | 149.154.167.220 | 443 | 5020 | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 22:01:20 UTC | 262 | OUT | |
2024-07-25 22:01:20 UTC | 25 | IN | |
2024-07-25 22:01:20 UTC | 1024 | OUT | |
2024-07-25 22:01:20 UTC | 16355 | OUT | |
2024-07-25 22:01:20 UTC | 16355 | OUT | |
2024-07-25 22:01:20 UTC | 16355 | OUT | |
2024-07-25 22:01:20 UTC | 7412 | OUT | |
2024-07-25 22:01:20 UTC | 50 | OUT | |
2024-07-25 22:01:20 UTC | 405 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.6 | 49735 | 149.154.167.220 | 443 | 5020 | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 22:01:22 UTC | 262 | OUT | |
2024-07-25 22:01:22 UTC | 25 | IN | |
2024-07-25 22:01:22 UTC | 1024 | OUT | |
2024-07-25 22:01:22 UTC | 16355 | OUT | |
2024-07-25 22:01:22 UTC | 16355 | OUT | |
2024-07-25 22:01:22 UTC | 16355 | OUT | |
2024-07-25 22:01:22 UTC | 7412 | OUT | |
2024-07-25 22:01:22 UTC | 50 | OUT | |
2024-07-25 22:01:22 UTC | 405 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.6 | 49736 | 149.154.167.220 | 443 | 5020 | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 22:01:35 UTC | 262 | OUT | |
2024-07-25 22:01:35 UTC | 25 | IN | |
2024-07-25 22:01:35 UTC | 1024 | OUT | |
2024-07-25 22:01:35 UTC | 16355 | OUT | |
2024-07-25 22:01:35 UTC | 16355 | OUT | |
2024-07-25 22:01:35 UTC | 16355 | OUT | |
2024-07-25 22:01:35 UTC | 7412 | OUT | |
2024-07-25 22:01:35 UTC | 50 | OUT | |
2024-07-25 22:01:35 UTC | 405 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.6 | 49737 | 149.154.167.220 | 443 | 5020 | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 22:01:39 UTC | 262 | OUT | |
2024-07-25 22:01:40 UTC | 1024 | OUT | |
2024-07-25 22:01:40 UTC | 16355 | OUT | |
2024-07-25 22:01:40 UTC | 16355 | OUT | |
2024-07-25 22:01:40 UTC | 16355 | OUT | |
2024-07-25 22:01:40 UTC | 7412 | OUT | |
2024-07-25 22:01:40 UTC | 50 | OUT | |
2024-07-25 22:01:40 UTC | 25 | IN | |
2024-07-25 22:01:40 UTC | 405 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.6 | 49738 | 149.154.167.220 | 443 | 5020 | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 22:01:42 UTC | 262 | OUT | |
2024-07-25 22:01:42 UTC | 25 | IN | |
2024-07-25 22:01:42 UTC | 1024 | OUT | |
2024-07-25 22:01:42 UTC | 16355 | OUT | |
2024-07-25 22:01:42 UTC | 16355 | OUT | |
2024-07-25 22:01:42 UTC | 16355 | OUT | |
2024-07-25 22:01:42 UTC | 7412 | OUT | |
2024-07-25 22:01:42 UTC | 50 | OUT | |
2024-07-25 22:01:42 UTC | 405 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
12 | 192.168.2.6 | 49740 | 149.154.167.220 | 443 | 5020 | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 22:01:48 UTC | 262 | OUT | |
2024-07-25 22:01:48 UTC | 25 | IN | |
2024-07-25 22:01:48 UTC | 1024 | OUT | |
2024-07-25 22:01:48 UTC | 16355 | OUT | |
2024-07-25 22:01:48 UTC | 16355 | OUT | |
2024-07-25 22:01:48 UTC | 16355 | OUT | |
2024-07-25 22:01:48 UTC | 7412 | OUT | |
2024-07-25 22:01:48 UTC | 50 | OUT | |
2024-07-25 22:01:48 UTC | 405 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
13 | 192.168.2.6 | 49741 | 149.154.167.220 | 443 | 5020 | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 22:02:00 UTC | 262 | OUT | |
2024-07-25 22:02:00 UTC | 25 | IN | |
2024-07-25 22:02:00 UTC | 1024 | OUT | |
2024-07-25 22:02:00 UTC | 16355 | OUT | |
2024-07-25 22:02:00 UTC | 16355 | OUT | |
2024-07-25 22:02:00 UTC | 16355 | OUT | |
2024-07-25 22:02:00 UTC | 7412 | OUT | |
2024-07-25 22:02:00 UTC | 50 | OUT | |
2024-07-25 22:02:00 UTC | 405 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
14 | 192.168.2.6 | 49742 | 149.154.167.220 | 443 | 5020 | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 22:02:07 UTC | 262 | OUT | |
2024-07-25 22:02:08 UTC | 25 | IN | |
2024-07-25 22:02:08 UTC | 1024 | OUT | |
2024-07-25 22:02:08 UTC | 16355 | OUT | |
2024-07-25 22:02:08 UTC | 16355 | OUT | |
2024-07-25 22:02:08 UTC | 16355 | OUT | |
2024-07-25 22:02:08 UTC | 7419 | OUT | |
2024-07-25 22:02:08 UTC | 50 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
15 | 192.168.2.6 | 49743 | 149.154.167.220 | 443 | 5020 | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 22:02:08 UTC | 262 | OUT | |
2024-07-25 22:02:09 UTC | 25 | IN | |
2024-07-25 22:02:09 UTC | 1024 | OUT | |
2024-07-25 22:02:09 UTC | 16355 | OUT | |
2024-07-25 22:02:09 UTC | 16355 | OUT | |
2024-07-25 22:02:09 UTC | 16355 | OUT | |
2024-07-25 22:02:09 UTC | 7419 | OUT | |
2024-07-25 22:02:09 UTC | 50 | OUT | |
2024-07-25 22:02:09 UTC | 405 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
16 | 192.168.2.6 | 49744 | 149.154.167.220 | 443 | 5020 | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 22:02:11 UTC | 238 | OUT | |
2024-07-25 22:02:12 UTC | 25 | IN | |
2024-07-25 22:02:12 UTC | 1024 | OUT | |
2024-07-25 22:02:12 UTC | 16355 | OUT | |
2024-07-25 22:02:12 UTC | 16355 | OUT | |
2024-07-25 22:02:12 UTC | 16355 | OUT | |
2024-07-25 22:02:12 UTC | 7419 | OUT | |
2024-07-25 22:02:12 UTC | 50 | OUT | |
2024-07-25 22:02:12 UTC | 405 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
17 | 192.168.2.6 | 49745 | 149.154.167.220 | 443 | 5020 | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 22:02:15 UTC | 262 | OUT | |
2024-07-25 22:02:16 UTC | 25 | IN | |
2024-07-25 22:02:16 UTC | 1024 | OUT | |
2024-07-25 22:02:16 UTC | 16355 | OUT | |
2024-07-25 22:02:16 UTC | 16355 | OUT | |
2024-07-25 22:02:16 UTC | 16355 | OUT | |
2024-07-25 22:02:16 UTC | 11321 | OUT | |
2024-07-25 22:02:16 UTC | 50 | OUT | |
2024-07-25 22:02:16 UTC | 405 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
18 | 192.168.2.6 | 49746 | 149.154.167.220 | 443 | 5020 | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 22:02:21 UTC | 262 | OUT | |
2024-07-25 22:02:21 UTC | 25 | IN | |
2024-07-25 22:02:21 UTC | 1024 | OUT | |
2024-07-25 22:02:21 UTC | 16355 | OUT | |
2024-07-25 22:02:21 UTC | 16355 | OUT | |
2024-07-25 22:02:21 UTC | 16355 | OUT | |
2024-07-25 22:02:21 UTC | 7419 | OUT | |
2024-07-25 22:02:21 UTC | 50 | OUT | |
2024-07-25 22:02:21 UTC | 405 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
19 | 192.168.2.6 | 49747 | 149.154.167.220 | 443 | 5020 | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 22:02:30 UTC | 262 | OUT | |
2024-07-25 22:02:30 UTC | 25 | IN | |
2024-07-25 22:02:30 UTC | 1024 | OUT | |
2024-07-25 22:02:30 UTC | 16355 | OUT | |
2024-07-25 22:02:30 UTC | 16355 | OUT | |
2024-07-25 22:02:30 UTC | 16355 | OUT | |
2024-07-25 22:02:30 UTC | 7419 | OUT | |
2024-07-25 22:02:30 UTC | 50 | OUT | |
2024-07-25 22:02:30 UTC | 405 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
20 | 192.168.2.6 | 49748 | 149.154.167.220 | 443 | 5020 | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 22:02:41 UTC | 262 | OUT | |
2024-07-25 22:02:41 UTC | 25 | IN | |
2024-07-25 22:02:41 UTC | 1024 | OUT | |
2024-07-25 22:02:41 UTC | 16355 | OUT | |
2024-07-25 22:02:41 UTC | 16355 | OUT | |
2024-07-25 22:02:41 UTC | 16355 | OUT | |
2024-07-25 22:02:41 UTC | 7419 | OUT | |
2024-07-25 22:02:41 UTC | 50 | OUT | |
2024-07-25 22:02:41 UTC | 405 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
21 | 192.168.2.6 | 49750 | 149.154.167.220 | 443 | 5020 | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 22:02:49 UTC | 262 | OUT | |
2024-07-25 22:02:49 UTC | 25 | IN | |
2024-07-25 22:02:49 UTC | 1024 | OUT | |
2024-07-25 22:02:49 UTC | 16355 | OUT | |
2024-07-25 22:02:49 UTC | 16355 | OUT | |
2024-07-25 22:02:49 UTC | 16355 | OUT | |
2024-07-25 22:02:49 UTC | 7419 | OUT | |
2024-07-25 22:02:49 UTC | 50 | OUT | |
2024-07-25 22:02:50 UTC | 405 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
22 | 192.168.2.6 | 49751 | 149.154.167.220 | 443 | 5020 | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 22:02:59 UTC | 262 | OUT | |
2024-07-25 22:02:59 UTC | 25 | IN | |
2024-07-25 22:02:59 UTC | 1024 | OUT | |
2024-07-25 22:02:59 UTC | 16355 | OUT | |
2024-07-25 22:02:59 UTC | 16355 | OUT | |
2024-07-25 22:02:59 UTC | 16355 | OUT | |
2024-07-25 22:02:59 UTC | 7419 | OUT | |
2024-07-25 22:02:59 UTC | 50 | OUT | |
2024-07-25 22:02:59 UTC | 405 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
23 | 192.168.2.6 | 49752 | 149.154.167.220 | 443 | 5020 | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 22:03:04 UTC | 262 | OUT | |
2024-07-25 22:03:04 UTC | 25 | IN | |
2024-07-25 22:03:04 UTC | 1024 | OUT | |
2024-07-25 22:03:04 UTC | 16355 | OUT | |
2024-07-25 22:03:04 UTC | 16355 | OUT | |
2024-07-25 22:03:04 UTC | 16355 | OUT | |
2024-07-25 22:03:04 UTC | 7422 | OUT | |
2024-07-25 22:03:04 UTC | 50 | OUT | |
2024-07-25 22:03:04 UTC | 405 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
24 | 192.168.2.6 | 49753 | 149.154.167.220 | 443 | 5020 | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 22:03:05 UTC | 262 | OUT | |
2024-07-25 22:03:05 UTC | 25 | IN | |
2024-07-25 22:03:05 UTC | 1024 | OUT | |
2024-07-25 22:03:05 UTC | 16355 | OUT | |
2024-07-25 22:03:05 UTC | 16355 | OUT | |
2024-07-25 22:03:05 UTC | 16355 | OUT | |
2024-07-25 22:03:05 UTC | 10792 | OUT | |
2024-07-25 22:03:05 UTC | 50 | OUT | |
2024-07-25 22:03:06 UTC | 405 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
25 | 192.168.2.6 | 49754 | 149.154.167.220 | 443 | 5020 | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 22:03:07 UTC | 262 | OUT | |
2024-07-25 22:03:08 UTC | 25 | IN | |
2024-07-25 22:03:08 UTC | 1024 | OUT | |
2024-07-25 22:03:08 UTC | 16355 | OUT | |
2024-07-25 22:03:08 UTC | 16355 | OUT | |
2024-07-25 22:03:08 UTC | 16355 | OUT | |
2024-07-25 22:03:08 UTC | 7422 | OUT | |
2024-07-25 22:03:08 UTC | 50 | OUT | |
2024-07-25 22:03:08 UTC | 405 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
26 | 192.168.2.6 | 49755 | 149.154.167.220 | 443 | 5020 | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 22:03:12 UTC | 262 | OUT | |
2024-07-25 22:03:12 UTC | 25 | IN | |
2024-07-25 22:03:12 UTC | 1024 | OUT | |
2024-07-25 22:03:12 UTC | 16355 | OUT | |
2024-07-25 22:03:12 UTC | 16355 | OUT | |
2024-07-25 22:03:12 UTC | 16355 | OUT | |
2024-07-25 22:03:12 UTC | 7422 | OUT | |
2024-07-25 22:03:12 UTC | 50 | OUT | |
2024-07-25 22:03:13 UTC | 405 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
27 | 192.168.2.6 | 49756 | 149.154.167.220 | 443 | 5020 | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 22:03:16 UTC | 262 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
28 | 192.168.2.6 | 49757 | 149.154.167.220 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 22:03:17 UTC | 262 | OUT | |
2024-07-25 22:03:17 UTC | 1024 | OUT | |
2024-07-25 22:03:17 UTC | 16355 | OUT | |
2024-07-25 22:03:17 UTC | 16355 | OUT | |
2024-07-25 22:03:17 UTC | 16355 | OUT | |
2024-07-25 22:03:17 UTC | 7422 | OUT | |
2024-07-25 22:03:17 UTC | 50 | OUT | |
2024-07-25 22:03:17 UTC | 25 | IN | |
2024-07-25 22:03:17 UTC | 405 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 17:59:07 |
Start date: | 25/07/2024 |
Path: | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb80000 |
File size: | 697'350 bytes |
MD5 hash: | 67CF14E98914A0AE61CDA009D3ED1DF7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 17:59:13 |
Start date: | 25/07/2024 |
Path: | C:\Users\user\Desktop\LisectAVT_2403002A_127.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xc50000 |
File size: | 697'350 bytes |
MD5 hash: | 67CF14E98914A0AE61CDA009D3ED1DF7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 7.1% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 118 |
Total number of Limit Nodes: | 11 |
Graph
Function 054AEAEE Relevance: 1.8, Strings: 1, Instructions: 562COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 054ABF68 Relevance: .7, Instructions: 720COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0172ADA8 Relevance: 1.7, APIs: 1, Instructions: 194COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 017244E4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0172590D Relevance: 1.6, APIs: 1, Instructions: 96COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0172B790 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0172D678 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0172A168 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0172B219 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02F12BB4 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02F137C0 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02F11780 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0172AF98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02F11788 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 054AA0B0 Relevance: .8, Instructions: 778COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 054AA0F0 Relevance: .5, Instructions: 451COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 054AB940 Relevance: .2, Instructions: 177COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 054AB168 Relevance: .1, Instructions: 136COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 054AC0A7 Relevance: .1, Instructions: 117COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 011FD3D8 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 011FD4C4 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 054ABD68 Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0120D1EC Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0120D01C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 054AB931 Relevance: .1, Instructions: 67COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 011FD3D3 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 011FD4BF Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0120D1E7 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0120D017 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 011FD745 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 054AB100 Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 054AB110 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 011FD744 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 054AA058 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 054ABD58 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 054AA0A0 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02F13180 Relevance: .4, Instructions: 351COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0172D364 Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 12.7% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 223 |
Total number of Limit Nodes: | 27 |
Graph
Function 06CC56A0 Relevance: 1.9, Strings: 1, Instructions: 601COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC2758 Relevance: 1.5, Instructions: 1527COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC66F0 Relevance: .8, Instructions: 817COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CCC690 Relevance: .6, Instructions: 640COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CCB338 Relevance: .6, Instructions: 577COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC7E88 Relevance: .5, Instructions: 475COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CB2CCD Relevance: 1.6, APIs: 1, Instructions: 118COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CB2CD8 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CB6724 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CBA3A9 Relevance: 1.6, APIs: 1, Instructions: 81COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0176776C Relevance: 1.6, APIs: 1, Instructions: 65fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CB6BD0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01768280 Relevance: 1.6, APIs: 1, Instructions: 64fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0176F1CF Relevance: 1.6, APIs: 1, Instructions: 63COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CB6BD8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CBA2E8 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CBA2F0 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0176F1E8 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CB1C28 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CB0CAC Relevance: 1.6, APIs: 1, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CB8661 Relevance: 1.5, APIs: 1, Instructions: 48comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CB677C Relevance: 1.5, APIs: 1, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CB8070 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CB7D98 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CCD450 Relevance: .8, Instructions: 795COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CCADD0 Relevance: .4, Instructions: 390COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CCB328 Relevance: .3, Instructions: 295COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC9258 Relevance: .2, Instructions: 230COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC62F0 Relevance: .2, Instructions: 229COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC43A8 Relevance: .2, Instructions: 224COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC43B8 Relevance: .2, Instructions: 218COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC46C4 Relevance: .2, Instructions: 216COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC46D8 Relevance: .2, Instructions: 210COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CCF017 Relevance: .2, Instructions: 205COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CCF028 Relevance: .2, Instructions: 201COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC4C70 Relevance: .2, Instructions: 186COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CCFCA7 Relevance: .2, Instructions: 176COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CCFA58 Relevance: .2, Instructions: 172COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CCFA68 Relevance: .2, Instructions: 163COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC9249 Relevance: .2, Instructions: 159COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC4C60 Relevance: .1, Instructions: 138COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC5530 Relevance: .1, Instructions: 126COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CCDFD0 Relevance: .1, Instructions: 117COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CCDFBD Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC21BD Relevance: .1, Instructions: 109COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC21D0 Relevance: .1, Instructions: 105COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC2080 Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC2090 Relevance: .1, Instructions: 91COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC3FB1 Relevance: .1, Instructions: 83COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC3FC0 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC6E10 Relevance: .1, Instructions: 74COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012CD20C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012CD044 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012CD3BC Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC3570 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC40D0 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC4308 Relevance: .1, Instructions: 58COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CCF298 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC3D88 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC2370 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012CD207 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012CD03F Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012CD3B7 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC40BF Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CCA40A Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC4318 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CCF2A8 Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CCA418 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012BD8B1 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CCCCE8 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012BD8B0 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CCB020 Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC83CF Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC6571 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC4B59 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06CC6580 Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|