Windows
Analysis Report
document.log.scr.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- document.log.scr.exe (PID: 3940 cmdline:
"C:\Users\ user\Deskt op\documen t.log.scr. exe" MD5: 203E91D369913B5768296E416B0C86D5) - tserv.exe (PID: 4192 cmdline:
C:\Windows \tserv.exe s MD5: 203E91D369913B5768296E416B0C86D5) - notepad.exe (PID: 4948 cmdline:
C:\Windows \System32\ notepad.ex e C:\Users \user\Desk top\2BF7.t mp MD5: E92D3A824A0578A50D2DD81B5060145F)
- tserv.exe (PID: 2256 cmdline:
"C:\Window s\tserv.ex e" s MD5: 203E91D369913B5768296E416B0C86D5)
- cleanup
System Summary |
---|
Source: | Author: frack113: |
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-31T15:26:31.150846+0100 | 2022930 | 1 | A Network Trojan was detected | 172.202.163.200 | 443 | 192.168.2.4 | 49732 | TCP |
2024-10-31T15:27:10.072282+0100 | 2022930 | 1 | A Network Trojan was detected | 172.202.163.200 | 443 | 192.168.2.4 | 49750 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-31T15:26:28.058727+0100 | 2016998 | 1 | A Network Trojan was detected | 192.168.2.4 | 49731 | 193.166.255.171 | 80 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-31T15:26:15.935513+0100 | 2019714 | 2 | Potentially Bad Traffic | 192.168.2.4 | 50037 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:26:15.935513+0100 | 2019714 | 2 | Potentially Bad Traffic | 192.168.2.4 | 50036 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:26:28.951208+0100 | 2019714 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49731 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:26:37.558372+0100 | 2019714 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49733 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:26:46.221781+0100 | 2019714 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49739 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:26:54.839417+0100 | 2019714 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49742 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:26:54.851261+0100 | 2019714 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49741 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:03.434045+0100 | 2019714 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49744 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:03.467045+0100 | 2019714 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49745 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:12.073717+0100 | 2019714 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49746 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:12.094487+0100 | 2019714 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49747 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:20.771757+0100 | 2019714 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49763 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:20.771888+0100 | 2019714 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49762 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:29.358961+0100 | 2019714 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49807 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:29.372531+0100 | 2019714 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49808 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:37.966563+0100 | 2019714 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49849 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:37.973451+0100 | 2019714 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49850 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:47.095297+0100 | 2019714 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49896 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:47.095324+0100 | 2019714 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49894 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:55.713359+0100 | 2019714 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49937 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:55.714932+0100 | 2019714 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49936 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:28:04.318931+0100 | 2019714 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49982 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:28:04.322584+0100 | 2019714 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49981 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:28:12.965052+0100 | 2019714 | 2 | Potentially Bad Traffic | 192.168.2.4 | 50027 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:28:12.976431+0100 | 2019714 | 2 | Potentially Bad Traffic | 192.168.2.4 | 50028 | 193.166.255.171 | 80 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-31T15:26:15.935513+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 50037 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:26:15.935513+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 50036 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:26:28.951208+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49731 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:26:37.558372+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49733 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:26:46.221781+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49739 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:26:54.839417+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49742 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:26:54.851261+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49741 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:03.434045+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49744 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:03.467045+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49745 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:12.073717+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49746 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:12.094487+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49747 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:20.771757+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49763 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:20.771888+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49762 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:29.358961+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49807 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:29.372531+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49808 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:37.966563+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49849 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:37.973451+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49850 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:47.095297+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49896 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:47.095324+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49894 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:55.713359+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49937 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:55.714932+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49936 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:28:04.318931+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49982 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:28:04.322584+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49981 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:28:12.965052+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 50027 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:28:12.976431+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 50028 | 193.166.255.171 | 80 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira: |
Source: | ReversingLabs: |
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00406360 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
System Summary |
---|
Source: | Static PE information: |
Source: | Static file information: |
Source: | Code function: | 0_2_00423D83 |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_00411800 | |
Source: | Code function: | 0_2_004108D0 | |
Source: | Code function: | 0_2_0040C8E0 | |
Source: | Code function: | 0_2_0040F0E9 | |
Source: | Code function: | 0_2_00410907 | |
Source: | Code function: | 0_2_00404110 | |
Source: | Code function: | 0_2_00409119 | |
Source: | Code function: | 0_2_0040F1C7 | |
Source: | Code function: | 0_2_0040C1D0 | |
Source: | Code function: | 0_2_00404990 | |
Source: | Code function: | 0_2_004091A7 | |
Source: | Code function: | 0_2_0040E246 | |
Source: | Code function: | 0_2_00428A08 | |
Source: | Code function: | 0_2_00425214 | |
Source: | Code function: | 0_2_00405310 | |
Source: | Code function: | 0_2_00408BC0 | |
Source: | Code function: | 0_2_00415BD0 | |
Source: | Code function: | 0_2_0041B3D0 | |
Source: | Code function: | 0_2_0040DBF0 | |
Source: | Code function: | 0_2_0041E3A0 | |
Source: | Code function: | 0_2_00409436 | |
Source: | Code function: | 0_2_00409CF7 | |
Source: | Code function: | 0_2_0041BD00 | |
Source: | Code function: | 0_2_0040EDE0 | |
Source: | Code function: | 0_2_0040DE56 | |
Source: | Code function: | 0_2_0041C660 | |
Source: | Code function: | 0_2_00410670 | |
Source: | Code function: | 0_2_0040E676 | |
Source: | Code function: | 0_2_00409F47 | |
Source: | Code function: | 0_2_0040EF78 | |
Source: | Code function: | 0_2_0040FF30 | |
Source: | Code function: | 0_2_00405F30 |
Source: | Code function: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_004047A0 |
Source: | Code function: | 0_2_00405090 |
Source: | Code function: | 0_2_0041E0B0 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_0041F660 |
Source: | Code function: | 0_2_0042649A | |
Source: | Code function: | 0_2_004254C4 | |
Source: | Code function: | 0_2_004254EC | |
Source: | Code function: | 0_2_00426697 |
Persistence and Installation Behavior |
---|
Source: | Executable created and started: | Jump to behavior |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | Key value created or modified: | Jump to behavior |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | Code function: | 0_2_0041D159 |
Malware Analysis System Evasion |
---|
Source: | Static PE information: |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Source: | Code function: | 0_2_0040C1D0 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Evasive API call chain: | graph_0-12752 |
Source: | Check user administrative privileges: | graph_0-12686 |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: | 0_2_00406360 |
Source: | Code function: | 0_2_00429F44 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | API call chain: | graph_0-12753 |
Source: | Code function: | 0_2_0040C1D0 |
Source: | Code function: | 0_2_0041F660 |
Source: | Code function: | 0_2_004210D0 |
Source: | Code function: | 0_2_0042731A | |
Source: | Code function: | 0_2_0042732E |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Code function: | 0_2_00404840 |
Source: | Code function: | 0_2_00423260 |
Source: | Code function: | 0_2_0042C8B2 |
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_00401830 |
Source: | Code function: | 0_2_0040BE00 |
Source: | Code function: | 0_2_00425D91 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Native API | 11 Registry Run Keys / Startup Folder | 1 Access Token Manipulation | 121 Masquerading | OS Credential Dumping | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 11 Process Injection | 121 Virtualization/Sandbox Evasion | LSASS Memory | 32 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 11 Registry Run Keys / Startup Folder | 1 Access Token Manipulation | Security Account Manager | 121 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 1 DLL Side-Loading | 11 Process Injection | NTDS | 1 Process Discovery | Distributed Component Object Model | Input Capture | 12 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 2 Obfuscated Files or Information | Cached Domain Credentials | 124 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
95% | ReversingLabs | Win32.Worm.Stration | ||
100% | Avira | WORM/Stration.C | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | WORM/Stration.C | ||
100% | Joe Sandbox ML | |||
95% | ReversingLabs | Win32.Worm.Stration |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
mta6.am0.yahoodns.net | 98.136.96.75 | true | false | unknown | |
alt4.gmail-smtp-in.l.google.com | 74.125.200.27 | true | false | unknown | |
alt3.gmail-smtp-in.l.google.com | 142.251.1.26 | true | false | unknown | |
mta7.am0.yahoodns.net | 98.136.96.77 | true | false | unknown | |
gmail-smtp-in.l.google.com | 74.125.206.27 | true | false | unknown | |
mta5.am0.yahoodns.net | 67.195.228.94 | true | false | unknown | |
www4.cedesunjerinkas.com | 193.166.255.171 | true | false | unknown | |
alt2.gmail-smtp-in.l.google.com | 142.251.9.27 | true | false | unknown | |
alt1.gmail-smtp-in.l.google.com | 142.250.153.26 | true | false | unknown | |
gmail.com | unknown | unknown | false | unknown | |
yahoo.com | unknown | unknown | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
98.136.96.77 | mta7.am0.yahoodns.net | United States | 36646 | YAHOO-NE1US | false | |
67.195.228.94 | mta5.am0.yahoodns.net | United States | 36647 | YAHOO-GQ1US | false | |
193.166.255.171 | www4.cedesunjerinkas.com | Finland | 1741 | FUNETASFI | false | |
142.250.153.26 | alt1.gmail-smtp-in.l.google.com | United States | 15169 | GOOGLEUS | false | |
142.251.9.27 | alt2.gmail-smtp-in.l.google.com | United States | 15169 | GOOGLEUS | false | |
142.251.1.26 | alt3.gmail-smtp-in.l.google.com | United States | 15169 | GOOGLEUS | false | |
67.195.204.77 | unknown | United States | 26101 | YAHOO-3US | false | |
98.136.96.75 | mta6.am0.yahoodns.net | United States | 36646 | YAHOO-NE1US | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1546160 |
Start date and time: | 2024-10-31 15:25:17 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 35s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | document.log.scr.exe |
Detection: | MAL |
Classification: | mal100.evad.winEXE@6/3@12/8 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: document.log.scr.exe
Time | Type | Description |
---|---|---|
10:26:28 | API Interceptor | |
14:26:27 | Autostart |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
98.136.96.77 | Get hash | malicious | Tofsee | Browse | ||
Get hash | malicious | Phorpiex | Browse | |||
Get hash | malicious | Phorpiex | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Phorpiex | Browse | |||
Get hash | malicious | Phorpiex | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
67.195.228.94 | Get hash | malicious | Tofsee | Browse | ||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Phorpiex | Browse | |||
Get hash | malicious | Phorpiex | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Phorpiex | Browse | |||
Get hash | malicious | Phorpiex | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Phorpiex, Xmrig | Browse | |||
193.166.255.171 | Get hash | malicious | Pushdo | Browse |
| |
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
mta6.am0.yahoodns.net | Get hash | malicious | Tofsee | Browse |
| |
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
alt4.gmail-smtp-in.l.google.com | Get hash | malicious | Coinhive, Xmrig | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Phorpiex | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | MiMail | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
mta7.am0.yahoodns.net | Get hash | malicious | Tofsee | Browse |
| |
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
gmail-smtp-in.l.google.com | Get hash | malicious | Pushdo | Browse |
| |
Get hash | malicious | Coinhive, Xmrig | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Pushdo | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Phorpiex | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Pushdo | Browse |
| ||
Get hash | malicious | Pushdo | Browse |
| ||
Get hash | malicious | Pushdo | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
FUNETASFI | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Pushdo | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
YAHOO-NE1US | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
YAHOO-GQ1US | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Phisher | Browse |
|
Process: | C:\Users\user\Desktop\document.log.scr.exe |
File Type: | |
Category: | modified |
Size (bytes): | 88577 |
Entropy (8bit): | 6.642961349064588 |
Encrypted: | false |
SSDEEP: | 1536:AUQXuu3bm+zpKAfC/RIUYTjjeldZuZy3N7j5yVvrnxBwaBRnK0Ya4nq38n53AhdI:BQ+Spzp9aRej6ldQaHUFrnxe4k02XATI |
MD5: | 409E8228898074DF3359B7BFAEEAF8F2 |
SHA1: | 8FC29528A259BECBB50EB09B15860D28D0D68A8F |
SHA-256: | E556363134A45CD99DD7F58CBBFA6DEC723205F8C5BFBFEC41A68D70F05F29AA |
SHA-512: | BC3E9A68B3850BB813B5CB3AC517D9AE0D3729B43B74178E0F43BA9EADB98320EE698049AC2C6E561B6ADC55A7FBE436169868FD6CE6B30871518BD4DC00F703 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\document.log.scr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 423046 |
Entropy (8bit): | 4.098108107355895 |
Encrypted: | false |
SSDEEP: | 3072:DFZ5qVGXvEQU+dXmEUy9rfe3kUdKSh7hKNjf7CwhqjEr8IcGN8yGBYPosqkxOqoS:JjqVG/pJZzfwsGX+LOOD3Os |
MD5: | 203E91D369913B5768296E416B0C86D5 |
SHA1: | 91FF86480474CBC5B49644700674440F8691B59F |
SHA-256: | 99145DA1ACE397A51D6ED5BD96E1C0167554E6E4028F58A20DDC091DED0FAFBE |
SHA-512: | D1FEF688FCB78C44B514D0A02505CF6F5F9A591FBBE55946F18C7A3AE979FA126B102D229BC50FB4BA7143516D4EA59CC32662FF545718156BDFEE2D9219F3B7 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\document.log.scr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 4.098108107355895 |
TrID: |
|
File name: | document.log.scr.exe |
File size: | 423'046 bytes |
MD5: | 203e91d369913b5768296e416b0c86d5 |
SHA1: | 91ff86480474cbc5b49644700674440f8691b59f |
SHA256: | 99145da1ace397a51d6ed5bd96e1c0167554e6e4028f58a20ddc091ded0fafbe |
SHA512: | d1fef688fcb78c44b514d0a02505cf6f5f9a591fbbe55946f18c7a3ae979fa126b102d229bc50fb4ba7143516d4ea59cc32662ff545718156bdfee2d9219f3b7 |
SSDEEP: | 3072:DFZ5qVGXvEQU+dXmEUy9rfe3kUdKSh7hKNjf7CwhqjEr8IcGN8yGBYPosqkxOqoS:JjqVG/pJZzfwsGX+LOOD3Os |
TLSH: | CB948D61F28DC1B1E44A1DB5B8AC936662B27D28173CABF3BB507F09A5732D07C31916 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............fr..fr..fr..n...fr..j}..fr..n/..fr.jn/..fr..fs.wfr..j-..fr..j...fr..m,..fr..j(..fr.Rich.fr.................PE..L... ?.E... |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x425d91 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | |
Time Stamp: | 0x45113F20 [Wed Sep 20 13:16:16 2006 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 547cd05356c429dc57b17bf0fd6daf12 |
Instruction |
---|
push 00000060h |
push 0042E598h |
call 00007F22E4B59AE4h |
mov edi, 00000094h |
mov eax, edi |
call 00007F22E4B5893Ch |
mov dword ptr [ebp-18h], esp |
mov esi, esp |
mov dword ptr [esi], edi |
push esi |
call dword ptr [0042E0ECh] |
mov ecx, dword ptr [esi+10h] |
mov dword ptr [00432214h], ecx |
mov eax, dword ptr [esi+04h] |
mov dword ptr [00432220h], eax |
mov edx, dword ptr [esi+08h] |
mov dword ptr [00432224h], edx |
mov esi, dword ptr [esi+0Ch] |
and esi, 00007FFFh |
mov dword ptr [00432218h], esi |
cmp ecx, 02h |
je 00007F22E4B5923Eh |
or esi, 00008000h |
mov dword ptr [00432218h], esi |
shl eax, 08h |
add eax, edx |
mov dword ptr [0043221Ch], eax |
xor esi, esi |
push esi |
mov edi, dword ptr [0042E0BCh] |
call edi |
cmp word ptr [eax], 5A4Dh |
jne 00007F22E4B59251h |
mov ecx, dword ptr [eax+3Ch] |
add ecx, eax |
cmp dword ptr [ecx], 00004550h |
jne 00007F22E4B59244h |
movzx eax, word ptr [ecx+18h] |
cmp eax, 0000010Bh |
je 00007F22E4B59251h |
cmp eax, 0000020Bh |
je 00007F22E4B59237h |
mov dword ptr [ebp-1Ch], esi |
jmp 00007F22E4B59259h |
cmp dword ptr [ecx+00000084h], 0Eh |
jbe 00007F22E4B59224h |
xor eax, eax |
cmp dword ptr [ecx+000000F8h], esi |
jmp 00007F22E4B59240h |
cmp dword ptr [ecx+74h], 0Eh |
jbe 00007F22E4B59214h |
xor eax, eax |
cmp dword ptr [ecx+000000E8h], esi |
setne al |
mov dword ptr [ebp-1Ch], eax |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x30204 | 0x50 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x34000 | 0x30118 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x2f6d0 | 0x48 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2e000 | 0x24c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x2c5a4 | 0x2d000 | d7d3452993b82ee75052e80e49c890e4 | False | 0.5532931857638889 | data | 6.353296576388688 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x2e000 | 0x2efc | 0x3000 | 48995658de018e8713b6cf36f411ca2e | False | 0.3614908854166667 | data | 4.955424298416429 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x31000 | 0x28c0 | 0x1000 | cac477c02821e1eee50e0d1240a07368 | False | 0.211669921875 | Matlab v4 mat-file (little endian) , numeric, rows 4351131, columns 4380016 | 1.9793888897922702 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x34000 | 0x30118 | 0x31000 | 4e7d528ce916727be35809bf9797978b | False | 0.05013851243622449 | data | 0.5968541437656842 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
0x61518 | 0x2c00 | data | English | United States | 0.10884232954545454 | |
0x39f18 | 0xf000 | data | English | United States | 0.022721354166666666 | |
RT_ICON | 0x34320 | 0x2e8 | ISO-8859 text, with very long lines (744), with no line terminators | English | United States | 0.020161290322580645 |
RT_ICON | 0x34608 | 0xffffff28 | data | English | United States | 0.04951295440851577 |
DLL | Import |
---|---|
KERNEL32.dll | WriteProcessMemory, VirtualAllocEx, lstrlenA, OpenProcess, Process32Next, Process32First, CreateToolhelp32Snapshot, GetFileAttributesA, lstrcatA, GetSystemDirectoryA, lstrcmpiA, UnmapViewOfFile, GetFileSize, MapViewOfFile, CreateFileMappingA, FindClose, FindNextFileA, lstrcmpA, GetLastError, FindFirstFileA, lstrcpyA, SetFilePointer, ReadFile, GetTimeZoneInformation, GetModuleHandleA, LoadLibraryA, GetModuleFileNameA, GetCurrentDirectoryA, MoveFileExA, CopyFileA, GetOverlappedResult, LockResource, SizeofResource, LoadResource, FindResourceA, ResetEvent, GetVersionExA, HeapReAlloc, IsBadWritePtr, GetVolumeInformationA, DeviceIoControl, DefineDosDeviceA, QueryDosDeviceA, SetEndOfFile, GetProcAddress, CreateRemoteThread, GetCurrentProcess, CreateMutexA, ReleaseMutex, GetProcessHeap, HeapAlloc, Sleep, CloseHandle, GetTempPathA, GetTempFileNameA, WriteFile, CreateProcessA, DeleteFileA, HeapFree, GetLocalTime, CreateThread, CreateEventA, WaitForMultipleObjects, SetEvent, WaitForSingleObject, ExpandEnvironmentStringsA, CreateFileA, GetTickCount, ExitProcess, RtlUnwind, RaiseException, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TlsAlloc, SetLastError, TlsFree, TlsSetValue, TlsGetValue, SetUnhandledExceptionFilter, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InterlockedExchange, VirtualQuery, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, TerminateProcess, HeapSize, VirtualProtect, GetSystemInfo, LCMapStringA, WideCharToMultiByte, MultiByteToWideChar, LCMapStringW, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, IsBadReadPtr, IsBadCodePtr, GetACP, GetOEMCP, GetCPInfo, InitializeCriticalSection, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, SetStdHandle, FlushFileBuffers |
USER32.dll | wsprintfA, MessageBoxA, SetWindowsHookExA |
ADVAPI32.dll | RegOpenKeyA, RegEnumKeyExA, InitializeSecurityDescriptor, GetTokenInformation, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, AllocateAndInitializeSid, GetLengthSid, AddAce, IsValidSecurityDescriptor, QueryServiceStatusEx, OpenSCManagerA, OpenServiceA, CloseServiceHandle, RegDeleteValueA, RegSetValueExA, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-31T15:26:15.935513+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 50037 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:26:15.935513+0100 | 2019714 | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile | 2 | 192.168.2.4 | 50037 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:26:15.935513+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 50036 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:26:15.935513+0100 | 2019714 | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile | 2 | 192.168.2.4 | 50036 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:26:28.058727+0100 | 2016998 | ET MALWARE Connection to Fitsec Sinkhole IP (Possible Infected Host) | 1 | 192.168.2.4 | 49731 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:26:28.951208+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49731 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:26:28.951208+0100 | 2019714 | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile | 2 | 192.168.2.4 | 49731 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:26:31.150846+0100 | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 1 | 172.202.163.200 | 443 | 192.168.2.4 | 49732 | TCP |
2024-10-31T15:26:37.558372+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49733 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:26:37.558372+0100 | 2019714 | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile | 2 | 192.168.2.4 | 49733 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:26:46.221781+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49739 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:26:46.221781+0100 | 2019714 | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile | 2 | 192.168.2.4 | 49739 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:26:54.839417+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49742 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:26:54.839417+0100 | 2019714 | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile | 2 | 192.168.2.4 | 49742 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:26:54.851261+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49741 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:26:54.851261+0100 | 2019714 | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile | 2 | 192.168.2.4 | 49741 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:03.434045+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49744 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:03.434045+0100 | 2019714 | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile | 2 | 192.168.2.4 | 49744 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:03.467045+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49745 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:03.467045+0100 | 2019714 | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile | 2 | 192.168.2.4 | 49745 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:10.072282+0100 | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 1 | 172.202.163.200 | 443 | 192.168.2.4 | 49750 | TCP |
2024-10-31T15:27:12.073717+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49746 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:12.073717+0100 | 2019714 | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile | 2 | 192.168.2.4 | 49746 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:12.094487+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49747 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:12.094487+0100 | 2019714 | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile | 2 | 192.168.2.4 | 49747 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:20.771757+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49763 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:20.771757+0100 | 2019714 | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile | 2 | 192.168.2.4 | 49763 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:20.771888+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49762 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:20.771888+0100 | 2019714 | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile | 2 | 192.168.2.4 | 49762 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:29.358961+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49807 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:29.358961+0100 | 2019714 | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile | 2 | 192.168.2.4 | 49807 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:29.372531+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49808 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:29.372531+0100 | 2019714 | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile | 2 | 192.168.2.4 | 49808 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:37.966563+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49849 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:37.966563+0100 | 2019714 | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile | 2 | 192.168.2.4 | 49849 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:37.973451+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49850 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:37.973451+0100 | 2019714 | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile | 2 | 192.168.2.4 | 49850 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:47.095297+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49896 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:47.095297+0100 | 2019714 | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile | 2 | 192.168.2.4 | 49896 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:47.095324+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49894 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:47.095324+0100 | 2019714 | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile | 2 | 192.168.2.4 | 49894 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:55.713359+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49937 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:55.713359+0100 | 2019714 | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile | 2 | 192.168.2.4 | 49937 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:55.714932+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49936 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:27:55.714932+0100 | 2019714 | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile | 2 | 192.168.2.4 | 49936 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:28:04.318931+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49982 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:28:04.318931+0100 | 2019714 | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile | 2 | 192.168.2.4 | 49982 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:28:04.322584+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49981 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:28:04.322584+0100 | 2019714 | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile | 2 | 192.168.2.4 | 49981 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:28:12.965052+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 50027 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:28:12.965052+0100 | 2019714 | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile | 2 | 192.168.2.4 | 50027 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:28:12.976431+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 50028 | 193.166.255.171 | 80 | TCP |
2024-10-31T15:28:12.976431+0100 | 2019714 | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile | 2 | 192.168.2.4 | 50028 | 193.166.255.171 | 80 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 31, 2024 15:26:27.690565109 CET | 49730 | 25 | 192.168.2.4 | 98.136.96.75 |
Oct 31, 2024 15:26:28.058727026 CET | 49731 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:28.063843012 CET | 80 | 49731 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:26:28.063925028 CET | 49731 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:28.065036058 CET | 49731 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:28.069833040 CET | 80 | 49731 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:26:28.685436010 CET | 49730 | 25 | 192.168.2.4 | 98.136.96.75 |
Oct 31, 2024 15:26:28.951138973 CET | 80 | 49731 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:26:28.951208115 CET | 49731 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:28.952322006 CET | 49731 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:28.957724094 CET | 80 | 49731 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:26:29.071204901 CET | 49733 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:29.076534033 CET | 80 | 49733 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:26:29.076597929 CET | 49733 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:29.076679945 CET | 49733 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:29.081857920 CET | 80 | 49733 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:26:30.702589035 CET | 49730 | 25 | 192.168.2.4 | 98.136.96.75 |
Oct 31, 2024 15:26:34.721445084 CET | 49730 | 25 | 192.168.2.4 | 98.136.96.75 |
Oct 31, 2024 15:26:37.558294058 CET | 80 | 49733 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:26:37.558372021 CET | 49733 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:37.558451891 CET | 49733 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:37.563303947 CET | 80 | 49733 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:26:37.691273928 CET | 49739 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:37.696943045 CET | 80 | 49739 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:26:37.697010994 CET | 49739 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:37.697303057 CET | 49739 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:37.702600956 CET | 80 | 49739 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:26:42.732346058 CET | 49730 | 25 | 192.168.2.4 | 98.136.96.75 |
Oct 31, 2024 15:26:46.221693993 CET | 80 | 49739 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:26:46.221781015 CET | 49739 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:46.221856117 CET | 49739 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:46.226819992 CET | 80 | 49739 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:26:46.296720028 CET | 49740 | 25 | 192.168.2.4 | 98.136.96.75 |
Oct 31, 2024 15:26:46.327130079 CET | 49741 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:46.330539942 CET | 49742 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:46.332652092 CET | 80 | 49741 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:26:46.332760096 CET | 49741 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:46.332851887 CET | 49741 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:46.335717916 CET | 80 | 49742 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:26:46.335787058 CET | 49742 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:46.335863113 CET | 49742 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:46.338223934 CET | 80 | 49741 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:26:46.340832949 CET | 80 | 49742 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:26:47.310470104 CET | 49740 | 25 | 192.168.2.4 | 98.136.96.75 |
Oct 31, 2024 15:26:48.748306990 CET | 49743 | 25 | 192.168.2.4 | 98.136.96.77 |
Oct 31, 2024 15:26:49.326062918 CET | 49740 | 25 | 192.168.2.4 | 98.136.96.75 |
Oct 31, 2024 15:26:49.763719082 CET | 49743 | 25 | 192.168.2.4 | 98.136.96.77 |
Oct 31, 2024 15:26:51.779304028 CET | 49743 | 25 | 192.168.2.4 | 98.136.96.77 |
Oct 31, 2024 15:26:53.330113888 CET | 49740 | 25 | 192.168.2.4 | 98.136.96.75 |
Oct 31, 2024 15:26:54.839283943 CET | 80 | 49742 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:26:54.839416981 CET | 49742 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:54.839504957 CET | 49742 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:54.844655037 CET | 80 | 49742 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:26:54.851120949 CET | 80 | 49741 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:26:54.851260900 CET | 49741 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:54.851260900 CET | 49741 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:54.857156038 CET | 80 | 49741 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:26:54.953275919 CET | 49744 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:54.958517075 CET | 80 | 49744 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:26:54.958630085 CET | 49744 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:54.958703995 CET | 49744 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:54.963952065 CET | 80 | 49744 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:26:54.968606949 CET | 49745 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:54.973504066 CET | 80 | 49745 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:26:54.973618031 CET | 49745 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:54.973681927 CET | 49745 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:26:54.980391979 CET | 80 | 49745 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:26:55.779251099 CET | 49743 | 25 | 192.168.2.4 | 98.136.96.77 |
Oct 31, 2024 15:27:01.341702938 CET | 49740 | 25 | 192.168.2.4 | 98.136.96.75 |
Oct 31, 2024 15:27:03.433792114 CET | 80 | 49744 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:03.434045076 CET | 49744 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:03.434045076 CET | 49744 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:03.439714909 CET | 80 | 49744 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:03.466941118 CET | 80 | 49745 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:03.467045069 CET | 49745 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:03.467210054 CET | 49745 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:03.472203970 CET | 80 | 49745 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:03.547101974 CET | 49746 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:03.552113056 CET | 80 | 49746 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:03.552225113 CET | 49746 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:03.552293062 CET | 49746 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:03.557104111 CET | 80 | 49746 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:03.578301907 CET | 49747 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:03.583781958 CET | 80 | 49747 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:03.583873987 CET | 49747 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:03.583918095 CET | 49747 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:03.588983059 CET | 80 | 49747 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:03.779206991 CET | 49743 | 25 | 192.168.2.4 | 98.136.96.77 |
Oct 31, 2024 15:27:07.416678905 CET | 49748 | 25 | 192.168.2.4 | 67.195.204.77 |
Oct 31, 2024 15:27:08.419903040 CET | 49748 | 25 | 192.168.2.4 | 67.195.204.77 |
Oct 31, 2024 15:27:09.779808998 CET | 49751 | 25 | 192.168.2.4 | 67.195.228.94 |
Oct 31, 2024 15:27:10.419847012 CET | 49748 | 25 | 192.168.2.4 | 67.195.204.77 |
Oct 31, 2024 15:27:10.779268980 CET | 49751 | 25 | 192.168.2.4 | 67.195.228.94 |
Oct 31, 2024 15:27:12.073622942 CET | 80 | 49746 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:12.073717117 CET | 49746 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:12.094388008 CET | 80 | 49747 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:12.094486952 CET | 49747 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:12.125976086 CET | 49746 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:12.126662970 CET | 49747 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:12.130806923 CET | 80 | 49746 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:12.131541014 CET | 80 | 49747 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:12.274418116 CET | 49762 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:12.274990082 CET | 49763 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:12.279978991 CET | 80 | 49762 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:12.280085087 CET | 49762 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:12.280694008 CET | 49762 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:12.280718088 CET | 80 | 49763 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:12.280766010 CET | 49763 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:12.280836105 CET | 49763 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:12.285598993 CET | 80 | 49762 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:12.285716057 CET | 80 | 49763 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:12.779448986 CET | 49751 | 25 | 192.168.2.4 | 67.195.228.94 |
Oct 31, 2024 15:27:14.419825077 CET | 49748 | 25 | 192.168.2.4 | 67.195.204.77 |
Oct 31, 2024 15:27:16.794914961 CET | 49751 | 25 | 192.168.2.4 | 67.195.228.94 |
Oct 31, 2024 15:27:20.771531105 CET | 80 | 49763 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:20.771756887 CET | 49763 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:20.771820068 CET | 80 | 49762 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:20.771838903 CET | 49763 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:20.771888018 CET | 49762 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:20.771959066 CET | 49762 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:20.776753902 CET | 80 | 49763 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:20.776839972 CET | 80 | 49762 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:20.878756046 CET | 49807 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:20.879005909 CET | 49808 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:20.883886099 CET | 80 | 49807 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:20.883923054 CET | 80 | 49808 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:20.884022951 CET | 49807 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:20.884062052 CET | 49808 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:20.884182930 CET | 49807 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:20.884277105 CET | 49808 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:20.889147043 CET | 80 | 49807 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:20.889158964 CET | 80 | 49808 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:22.420473099 CET | 49748 | 25 | 192.168.2.4 | 67.195.204.77 |
Oct 31, 2024 15:27:24.794841051 CET | 49751 | 25 | 192.168.2.4 | 67.195.228.94 |
Oct 31, 2024 15:27:28.436110973 CET | 49842 | 25 | 192.168.2.4 | 67.195.228.94 |
Oct 31, 2024 15:27:29.358830929 CET | 80 | 49807 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:29.358961105 CET | 49807 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:29.359138966 CET | 49807 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:29.363872051 CET | 80 | 49807 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:29.372440100 CET | 80 | 49808 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:29.372530937 CET | 49808 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:29.372694969 CET | 49808 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:29.377449036 CET | 80 | 49808 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:29.451237917 CET | 49842 | 25 | 192.168.2.4 | 67.195.228.94 |
Oct 31, 2024 15:27:29.468803883 CET | 49849 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:29.473881960 CET | 80 | 49849 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:29.473984957 CET | 49849 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:29.474132061 CET | 49849 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:29.478950977 CET | 80 | 49849 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:29.484273911 CET | 49850 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:29.489253044 CET | 80 | 49850 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:29.489623070 CET | 49850 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:29.489686966 CET | 49850 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:29.494779110 CET | 80 | 49850 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:30.933254957 CET | 49858 | 25 | 192.168.2.4 | 142.251.1.26 |
Oct 31, 2024 15:27:31.451081991 CET | 49842 | 25 | 192.168.2.4 | 67.195.228.94 |
Oct 31, 2024 15:27:31.919845104 CET | 49858 | 25 | 192.168.2.4 | 142.251.1.26 |
Oct 31, 2024 15:27:33.919914961 CET | 49858 | 25 | 192.168.2.4 | 142.251.1.26 |
Oct 31, 2024 15:27:35.451339960 CET | 49842 | 25 | 192.168.2.4 | 67.195.228.94 |
Oct 31, 2024 15:27:37.935528040 CET | 49858 | 25 | 192.168.2.4 | 142.251.1.26 |
Oct 31, 2024 15:27:37.966505051 CET | 80 | 49849 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:37.966562986 CET | 49849 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:37.967412949 CET | 49849 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:37.972280979 CET | 80 | 49849 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:37.973392963 CET | 80 | 49850 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:37.973450899 CET | 49850 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:37.975759029 CET | 49850 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:37.980624914 CET | 80 | 49850 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:38.510632038 CET | 49894 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:38.517055035 CET | 80 | 49894 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:38.517143965 CET | 49894 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:38.523509979 CET | 49896 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:38.528378963 CET | 80 | 49896 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:38.528460026 CET | 49896 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:38.541481972 CET | 49894 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:38.542469025 CET | 49896 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:38.546916008 CET | 80 | 49894 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:38.547504902 CET | 80 | 49896 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:43.451121092 CET | 49842 | 25 | 192.168.2.4 | 67.195.228.94 |
Oct 31, 2024 15:27:45.951105118 CET | 49858 | 25 | 192.168.2.4 | 142.251.1.26 |
Oct 31, 2024 15:27:47.095177889 CET | 80 | 49894 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:47.095195055 CET | 80 | 49896 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:47.095297098 CET | 49896 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:47.095324039 CET | 49894 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:47.095359087 CET | 49896 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:47.095401049 CET | 49894 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:47.102680922 CET | 80 | 49896 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:47.102816105 CET | 80 | 49894 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:47.202682018 CET | 49936 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:47.203018904 CET | 49937 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:47.207772017 CET | 80 | 49936 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:47.207870007 CET | 49936 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:47.207916021 CET | 80 | 49937 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:47.207947016 CET | 49936 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:47.207978010 CET | 49937 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:47.208086967 CET | 49937 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:47.212759018 CET | 80 | 49936 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:47.212833881 CET | 80 | 49937 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:49.452737093 CET | 49950 | 25 | 192.168.2.4 | 142.251.1.26 |
Oct 31, 2024 15:27:50.466758013 CET | 49950 | 25 | 192.168.2.4 | 142.251.1.26 |
Oct 31, 2024 15:27:51.951534033 CET | 49963 | 25 | 192.168.2.4 | 142.250.153.26 |
Oct 31, 2024 15:27:52.466764927 CET | 49950 | 25 | 192.168.2.4 | 142.251.1.26 |
Oct 31, 2024 15:27:52.951122046 CET | 49963 | 25 | 192.168.2.4 | 142.250.153.26 |
Oct 31, 2024 15:27:54.951164961 CET | 49963 | 25 | 192.168.2.4 | 142.250.153.26 |
Oct 31, 2024 15:27:55.713185072 CET | 80 | 49937 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:55.713359118 CET | 49937 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:55.713479042 CET | 49937 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:55.714853048 CET | 80 | 49936 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:55.714931965 CET | 49936 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:55.715009928 CET | 49936 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:55.718272924 CET | 80 | 49937 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:55.720273972 CET | 80 | 49936 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:55.828031063 CET | 49981 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:55.828340054 CET | 49982 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:55.833177090 CET | 80 | 49981 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:55.833419085 CET | 49981 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:55.833419085 CET | 49981 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:55.833537102 CET | 80 | 49982 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:55.833590984 CET | 49982 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:55.833657980 CET | 49982 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:27:55.838495970 CET | 80 | 49981 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:55.839205027 CET | 80 | 49982 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:27:56.466772079 CET | 49950 | 25 | 192.168.2.4 | 142.251.1.26 |
Oct 31, 2024 15:27:58.951159954 CET | 49963 | 25 | 192.168.2.4 | 142.250.153.26 |
Oct 31, 2024 15:28:04.318834066 CET | 80 | 49982 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:28:04.318931103 CET | 49982 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:28:04.322489977 CET | 80 | 49981 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:28:04.322583914 CET | 49981 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:28:04.336560965 CET | 49982 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:28:04.336817980 CET | 49981 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:28:04.341581106 CET | 80 | 49982 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:28:04.341936111 CET | 80 | 49981 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:28:04.471807957 CET | 50027 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:28:04.476638079 CET | 80 | 50027 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:28:04.476758003 CET | 50027 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:28:04.480755091 CET | 50028 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:28:04.482383966 CET | 49950 | 25 | 192.168.2.4 | 142.251.1.26 |
Oct 31, 2024 15:28:04.485833883 CET | 80 | 50028 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:28:04.485924006 CET | 50028 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:28:04.488432884 CET | 50027 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:28:04.492134094 CET | 50028 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:28:04.494473934 CET | 80 | 50027 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:28:04.497014999 CET | 80 | 50028 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:28:06.951163054 CET | 49963 | 25 | 192.168.2.4 | 142.250.153.26 |
Oct 31, 2024 15:28:10.498394966 CET | 50034 | 25 | 192.168.2.4 | 142.250.153.26 |
Oct 31, 2024 15:28:11.513684034 CET | 50034 | 25 | 192.168.2.4 | 142.250.153.26 |
Oct 31, 2024 15:28:12.951625109 CET | 50035 | 25 | 192.168.2.4 | 142.251.9.27 |
Oct 31, 2024 15:28:12.964895964 CET | 80 | 50027 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:28:12.965051889 CET | 50027 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:28:12.965197086 CET | 50027 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:28:12.969991922 CET | 80 | 50027 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:28:12.976293087 CET | 80 | 50028 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:28:12.976430893 CET | 50028 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:28:12.976540089 CET | 50028 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:28:12.981458902 CET | 80 | 50028 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:28:13.078697920 CET | 50036 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:28:13.083451986 CET | 80 | 50036 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:28:13.083568096 CET | 50036 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:28:13.083667994 CET | 50036 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:28:13.088459015 CET | 80 | 50036 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:28:13.093728065 CET | 50037 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:28:13.098571062 CET | 80 | 50037 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:28:13.098695040 CET | 50037 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:28:13.098790884 CET | 50037 | 80 | 192.168.2.4 | 193.166.255.171 |
Oct 31, 2024 15:28:13.103835106 CET | 80 | 50037 | 193.166.255.171 | 192.168.2.4 |
Oct 31, 2024 15:28:13.529362917 CET | 50034 | 25 | 192.168.2.4 | 142.250.153.26 |
Oct 31, 2024 15:28:13.967947960 CET | 50035 | 25 | 192.168.2.4 | 142.251.9.27 |
Oct 31, 2024 15:28:15.982487917 CET | 50035 | 25 | 192.168.2.4 | 142.251.9.27 |
Oct 31, 2024 15:28:17.529244900 CET | 50034 | 25 | 192.168.2.4 | 142.250.153.26 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 31, 2024 15:26:27.227699041 CET | 53351 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 31, 2024 15:26:27.333014011 CET | 53 | 53351 | 1.1.1.1 | 192.168.2.4 |
Oct 31, 2024 15:26:27.354674101 CET | 64161 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 31, 2024 15:26:27.363266945 CET | 53 | 64161 | 1.1.1.1 | 192.168.2.4 |
Oct 31, 2024 15:26:27.588536978 CET | 58178 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 31, 2024 15:26:27.595181942 CET | 53 | 58178 | 1.1.1.1 | 192.168.2.4 |
Oct 31, 2024 15:26:27.662923098 CET | 56974 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 31, 2024 15:26:27.670669079 CET | 53 | 56974 | 1.1.1.1 | 192.168.2.4 |
Oct 31, 2024 15:26:27.933881044 CET | 61181 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 31, 2024 15:26:27.967988968 CET | 53 | 61181 | 1.1.1.1 | 192.168.2.4 |
Oct 31, 2024 15:26:46.287249088 CET | 59439 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 31, 2024 15:26:46.294744968 CET | 53 | 59439 | 1.1.1.1 | 192.168.2.4 |
Oct 31, 2024 15:27:30.852016926 CET | 54225 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 31, 2024 15:27:30.858683109 CET | 53 | 54225 | 1.1.1.1 | 192.168.2.4 |
Oct 31, 2024 15:27:30.889173031 CET | 63770 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 31, 2024 15:27:30.896532059 CET | 53 | 63770 | 1.1.1.1 | 192.168.2.4 |
Oct 31, 2024 15:27:30.897433043 CET | 51780 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 31, 2024 15:27:30.904759884 CET | 53 | 51780 | 1.1.1.1 | 192.168.2.4 |
Oct 31, 2024 15:27:30.905430079 CET | 56702 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 31, 2024 15:27:30.912798882 CET | 53 | 56702 | 1.1.1.1 | 192.168.2.4 |
Oct 31, 2024 15:27:30.913711071 CET | 60440 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 31, 2024 15:27:30.921724081 CET | 53 | 60440 | 1.1.1.1 | 192.168.2.4 |
Oct 31, 2024 15:27:30.925535917 CET | 55259 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 31, 2024 15:27:30.932661057 CET | 53 | 55259 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 31, 2024 15:26:27.227699041 CET | 192.168.2.4 | 1.1.1.1 | 0x1faf | Standard query (0) | MX (Mail exchange) | IN (0x0001) | false | |
Oct 31, 2024 15:26:27.354674101 CET | 192.168.2.4 | 1.1.1.1 | 0x7ec1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 31, 2024 15:26:27.588536978 CET | 192.168.2.4 | 1.1.1.1 | 0x3d72 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 31, 2024 15:26:27.662923098 CET | 192.168.2.4 | 1.1.1.1 | 0x1909 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 31, 2024 15:26:27.933881044 CET | 192.168.2.4 | 1.1.1.1 | 0x57cc | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 31, 2024 15:26:46.287249088 CET | 192.168.2.4 | 1.1.1.1 | 0x8baa | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 31, 2024 15:27:30.852016926 CET | 192.168.2.4 | 1.1.1.1 | 0x5d7b | Standard query (0) | MX (Mail exchange) | IN (0x0001) | false | |
Oct 31, 2024 15:27:30.889173031 CET | 192.168.2.4 | 1.1.1.1 | 0x38d1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 31, 2024 15:27:30.897433043 CET | 192.168.2.4 | 1.1.1.1 | 0xa51d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 31, 2024 15:27:30.905430079 CET | 192.168.2.4 | 1.1.1.1 | 0x9fa4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 31, 2024 15:27:30.913711071 CET | 192.168.2.4 | 1.1.1.1 | 0x7217 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 31, 2024 15:27:30.925535917 CET | 192.168.2.4 | 1.1.1.1 | 0x34f | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 31, 2024 15:26:27.333014011 CET | 1.1.1.1 | 192.168.2.4 | 0x1faf | No error (0) | MX (Mail exchange) | IN (0x0001) | false | |||
Oct 31, 2024 15:26:27.333014011 CET | 1.1.1.1 | 192.168.2.4 | 0x1faf | No error (0) | MX (Mail exchange) | IN (0x0001) | false | |||
Oct 31, 2024 15:26:27.333014011 CET | 1.1.1.1 | 192.168.2.4 | 0x1faf | No error (0) | MX (Mail exchange) | IN (0x0001) | false | |||
Oct 31, 2024 15:26:27.363266945 CET | 1.1.1.1 | 192.168.2.4 | 0x7ec1 | No error (0) | 67.195.228.94 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:27.363266945 CET | 1.1.1.1 | 192.168.2.4 | 0x7ec1 | No error (0) | 98.136.96.91 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:27.363266945 CET | 1.1.1.1 | 192.168.2.4 | 0x7ec1 | No error (0) | 67.195.204.79 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:27.363266945 CET | 1.1.1.1 | 192.168.2.4 | 0x7ec1 | No error (0) | 67.195.204.74 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:27.363266945 CET | 1.1.1.1 | 192.168.2.4 | 0x7ec1 | No error (0) | 67.195.228.106 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:27.363266945 CET | 1.1.1.1 | 192.168.2.4 | 0x7ec1 | No error (0) | 98.136.96.74 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:27.363266945 CET | 1.1.1.1 | 192.168.2.4 | 0x7ec1 | No error (0) | 67.195.204.73 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:27.363266945 CET | 1.1.1.1 | 192.168.2.4 | 0x7ec1 | No error (0) | 67.195.228.110 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:27.595181942 CET | 1.1.1.1 | 192.168.2.4 | 0x3d72 | No error (0) | 98.136.96.77 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:27.595181942 CET | 1.1.1.1 | 192.168.2.4 | 0x3d72 | No error (0) | 67.195.228.111 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:27.595181942 CET | 1.1.1.1 | 192.168.2.4 | 0x3d72 | No error (0) | 98.136.96.91 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:27.595181942 CET | 1.1.1.1 | 192.168.2.4 | 0x3d72 | No error (0) | 67.195.204.79 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:27.595181942 CET | 1.1.1.1 | 192.168.2.4 | 0x3d72 | No error (0) | 67.195.204.72 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:27.595181942 CET | 1.1.1.1 | 192.168.2.4 | 0x3d72 | No error (0) | 98.136.96.75 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:27.595181942 CET | 1.1.1.1 | 192.168.2.4 | 0x3d72 | No error (0) | 67.195.228.110 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:27.595181942 CET | 1.1.1.1 | 192.168.2.4 | 0x3d72 | No error (0) | 67.195.228.94 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:27.670669079 CET | 1.1.1.1 | 192.168.2.4 | 0x1909 | No error (0) | 98.136.96.75 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:27.670669079 CET | 1.1.1.1 | 192.168.2.4 | 0x1909 | No error (0) | 67.195.204.72 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:27.670669079 CET | 1.1.1.1 | 192.168.2.4 | 0x1909 | No error (0) | 67.195.204.73 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:27.670669079 CET | 1.1.1.1 | 192.168.2.4 | 0x1909 | No error (0) | 67.195.228.106 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:27.670669079 CET | 1.1.1.1 | 192.168.2.4 | 0x1909 | No error (0) | 98.136.96.74 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:27.670669079 CET | 1.1.1.1 | 192.168.2.4 | 0x1909 | No error (0) | 67.195.228.110 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:27.670669079 CET | 1.1.1.1 | 192.168.2.4 | 0x1909 | No error (0) | 98.136.96.77 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:27.670669079 CET | 1.1.1.1 | 192.168.2.4 | 0x1909 | No error (0) | 98.136.96.76 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:27.967988968 CET | 1.1.1.1 | 192.168.2.4 | 0x57cc | No error (0) | 193.166.255.171 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:46.294744968 CET | 1.1.1.1 | 192.168.2.4 | 0x8baa | No error (0) | 67.195.204.77 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:46.294744968 CET | 1.1.1.1 | 192.168.2.4 | 0x8baa | No error (0) | 67.195.204.79 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:46.294744968 CET | 1.1.1.1 | 192.168.2.4 | 0x8baa | No error (0) | 67.195.228.109 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:46.294744968 CET | 1.1.1.1 | 192.168.2.4 | 0x8baa | No error (0) | 67.195.204.73 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:46.294744968 CET | 1.1.1.1 | 192.168.2.4 | 0x8baa | No error (0) | 98.136.96.77 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:46.294744968 CET | 1.1.1.1 | 192.168.2.4 | 0x8baa | No error (0) | 67.195.228.106 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:46.294744968 CET | 1.1.1.1 | 192.168.2.4 | 0x8baa | No error (0) | 67.195.228.94 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:26:46.294744968 CET | 1.1.1.1 | 192.168.2.4 | 0x8baa | No error (0) | 98.136.96.74 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:27:30.858683109 CET | 1.1.1.1 | 192.168.2.4 | 0x5d7b | No error (0) | MX (Mail exchange) | IN (0x0001) | false | |||
Oct 31, 2024 15:27:30.858683109 CET | 1.1.1.1 | 192.168.2.4 | 0x5d7b | No error (0) | MX (Mail exchange) | IN (0x0001) | false | |||
Oct 31, 2024 15:27:30.858683109 CET | 1.1.1.1 | 192.168.2.4 | 0x5d7b | No error (0) | MX (Mail exchange) | IN (0x0001) | false | |||
Oct 31, 2024 15:27:30.858683109 CET | 1.1.1.1 | 192.168.2.4 | 0x5d7b | No error (0) | MX (Mail exchange) | IN (0x0001) | false | |||
Oct 31, 2024 15:27:30.858683109 CET | 1.1.1.1 | 192.168.2.4 | 0x5d7b | No error (0) | MX (Mail exchange) | IN (0x0001) | false | |||
Oct 31, 2024 15:27:30.896532059 CET | 1.1.1.1 | 192.168.2.4 | 0x38d1 | No error (0) | 142.251.9.27 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:27:30.904759884 CET | 1.1.1.1 | 192.168.2.4 | 0xa51d | No error (0) | 74.125.200.27 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:27:30.912798882 CET | 1.1.1.1 | 192.168.2.4 | 0x9fa4 | No error (0) | 142.251.1.26 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:27:30.921724081 CET | 1.1.1.1 | 192.168.2.4 | 0x7217 | No error (0) | 142.250.153.26 | A (IP address) | IN (0x0001) | false | ||
Oct 31, 2024 15:27:30.932661057 CET | 1.1.1.1 | 192.168.2.4 | 0x34f | No error (0) | 74.125.206.27 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49731 | 193.166.255.171 | 80 | 4192 | C:\Windows\tserv.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 31, 2024 15:26:28.065036058 CET | 64 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49733 | 193.166.255.171 | 80 | 4192 | C:\Windows\tserv.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 31, 2024 15:26:29.076679945 CET | 64 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49739 | 193.166.255.171 | 80 | 4192 | C:\Windows\tserv.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 31, 2024 15:26:37.697303057 CET | 64 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49741 | 193.166.255.171 | 80 | 4192 | C:\Windows\tserv.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 31, 2024 15:26:46.332851887 CET | 64 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49742 | 193.166.255.171 | 80 | 2256 | C:\Windows\tserv.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 31, 2024 15:26:46.335863113 CET | 64 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49744 | 193.166.255.171 | 80 | 2256 | C:\Windows\tserv.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 31, 2024 15:26:54.958703995 CET | 64 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49745 | 193.166.255.171 | 80 | 4192 | C:\Windows\tserv.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 31, 2024 15:26:54.973681927 CET | 64 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49746 | 193.166.255.171 | 80 | 2256 | C:\Windows\tserv.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 31, 2024 15:27:03.552293062 CET | 64 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.4 | 49747 | 193.166.255.171 | 80 | 4192 | C:\Windows\tserv.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 31, 2024 15:27:03.583918095 CET | 64 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.4 | 49762 | 193.166.255.171 | 80 | 2256 | C:\Windows\tserv.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 31, 2024 15:27:12.280694008 CET | 64 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.4 | 49763 | 193.166.255.171 | 80 | 4192 | C:\Windows\tserv.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 31, 2024 15:27:12.280836105 CET | 64 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.4 | 49807 | 193.166.255.171 | 80 | 2256 | C:\Windows\tserv.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 31, 2024 15:27:20.884182930 CET | 64 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
12 | 192.168.2.4 | 49808 | 193.166.255.171 | 80 | 4192 | C:\Windows\tserv.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 31, 2024 15:27:20.884277105 CET | 64 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
13 | 192.168.2.4 | 49849 | 193.166.255.171 | 80 | 2256 | C:\Windows\tserv.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 31, 2024 15:27:29.474132061 CET | 64 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
14 | 192.168.2.4 | 49850 | 193.166.255.171 | 80 | 4192 | C:\Windows\tserv.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 31, 2024 15:27:29.489686966 CET | 64 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
15 | 192.168.2.4 | 49894 | 193.166.255.171 | 80 | 2256 | C:\Windows\tserv.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 31, 2024 15:27:38.541481972 CET | 64 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
16 | 192.168.2.4 | 49896 | 193.166.255.171 | 80 | 4192 | C:\Windows\tserv.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 31, 2024 15:27:38.542469025 CET | 64 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
17 | 192.168.2.4 | 49936 | 193.166.255.171 | 80 | 4192 | C:\Windows\tserv.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 31, 2024 15:27:47.207947016 CET | 64 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
18 | 192.168.2.4 | 49937 | 193.166.255.171 | 80 | 2256 | C:\Windows\tserv.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 31, 2024 15:27:47.208086967 CET | 64 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
19 | 192.168.2.4 | 49981 | 193.166.255.171 | 80 | 4192 | C:\Windows\tserv.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 31, 2024 15:27:55.833419085 CET | 64 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
20 | 192.168.2.4 | 49982 | 193.166.255.171 | 80 | 2256 | C:\Windows\tserv.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 31, 2024 15:27:55.833657980 CET | 64 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
21 | 192.168.2.4 | 50027 | 193.166.255.171 | 80 | 4192 | C:\Windows\tserv.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 31, 2024 15:28:04.488432884 CET | 64 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
22 | 192.168.2.4 | 50028 | 193.166.255.171 | 80 | 2256 | C:\Windows\tserv.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 31, 2024 15:28:04.492134094 CET | 64 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
23 | 192.168.2.4 | 50036 | 193.166.255.171 | 80 | 4192 | C:\Windows\tserv.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 31, 2024 15:28:13.083667994 CET | 64 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
24 | 192.168.2.4 | 50037 | 193.166.255.171 | 80 | 2256 | C:\Windows\tserv.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 31, 2024 15:28:13.098790884 CET | 64 | OUT |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 10:26:10 |
Start date: | 31/10/2024 |
Path: | C:\Users\user\Desktop\document.log.scr.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 423'046 bytes |
MD5 hash: | 203E91D369913B5768296E416B0C86D5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 10:26:16 |
Start date: | 31/10/2024 |
Path: | C:\Windows\tserv.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 423'046 bytes |
MD5 hash: | 203E91D369913B5768296E416B0C86D5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 10:26:16 |
Start date: | 31/10/2024 |
Path: | C:\Windows\SysWOW64\notepad.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1a0000 |
File size: | 165'888 bytes |
MD5 hash: | E92D3A824A0578A50D2DD81B5060145F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 7 |
Start time: | 10:26:35 |
Start date: | 31/10/2024 |
Path: | C:\Windows\tserv.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 423'046 bytes |
MD5 hash: | 203E91D369913B5768296E416B0C86D5 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 4.6% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 16% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 46 |
Graph
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041F660 Relevance: 33.4, APIs: 3, Strings: 16, Instructions: 125libraryloaderCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00425D91 Relevance: 12.1, APIs: 8, Instructions: 134COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00420570 Relevance: 212.3, APIs: 14, Strings: 107, Instructions: 584COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041FD50 Relevance: 105.4, APIs: 9, Strings: 51, Instructions: 368memoryregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00420AC8 Relevance: 105.3, APIs: 14, Strings: 46, Instructions: 299COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00421550 Relevance: 84.3, APIs: 9, Strings: 39, Instructions: 293memoryregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412620 Relevance: 54.5, APIs: 15, Strings: 16, Instructions: 215memoryfileCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00421A20 Relevance: 49.2, APIs: 9, Strings: 19, Instructions: 219memoryregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041FAD9 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 142memoryregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412897 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 79stringprocessCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00429190 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 13libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004122F0 Relevance: 7.6, APIs: 5, Instructions: 52fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042846F Relevance: 3.0, APIs: 2, Instructions: 26memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041C660 Relevance: 370.5, APIs: 33, Strings: 178, Instructions: 1203libraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408BC0 Relevance: 300.7, APIs: 1, Strings: 170, Instructions: 1478COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041D159 Relevance: 233.4, APIs: 17, Strings: 116, Instructions: 622libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040C8E0 Relevance: 209.4, APIs: 14, Strings: 125, Instructions: 925stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040DE56 Relevance: 114.4, Strings: 91, Instructions: 682COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409CF7 Relevance: 109.5, Strings: 87, Instructions: 708COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00415BD0 Relevance: 108.6, APIs: 6, Strings: 66, Instructions: 646memorystringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040E246 Relevance: 98.0, Strings: 78, Instructions: 512COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409F47 Relevance: 95.6, Strings: 76, Instructions: 616COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404990 Relevance: 76.6, Strings: 61, Instructions: 363COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004108D0 Relevance: 70.3, Strings: 56, Instructions: 348COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00411800 Relevance: 67.9, Strings: 54, Instructions: 399COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00410907 Relevance: 67.8, Strings: 54, Instructions: 336COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040FF30 Relevance: 66.7, Strings: 53, Instructions: 412COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040E676 Relevance: 61.6, Strings: 49, Instructions: 320COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040BE00 Relevance: 56.3, APIs: 2, Strings: 30, Instructions: 253timeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00423D83 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 160stringfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406360 Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 151stringfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401830 Relevance: 29.8, APIs: 4, Strings: 13, Instructions: 72filetimeCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404840 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 95injectionmemorylibraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405090 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 139stringprocessCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00429F44 Relevance: 7.6, APIs: 5, Instructions: 92memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040C1D0 Relevance: 6.0, APIs: 4, Instructions: 36COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041BD00 Relevance: 3.2, APIs: 2, Instructions: 246COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041B3D0 Relevance: 3.0, Strings: 2, Instructions: 470COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405F30 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042731A Relevance: 1.5, APIs: 1, Instructions: 5COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042732E Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00410670 Relevance: 1.4, Strings: 1, Instructions: 178COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00425214 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041D478 Relevance: 158.0, APIs: 13, Strings: 77, Instructions: 482libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004147D5 Relevance: 135.2, APIs: 13, Strings: 64, Instructions: 415threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00413280 Relevance: 133.4, APIs: 18, Strings: 58, Instructions: 437fileregistryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00422920 Relevance: 128.1, APIs: 14, Strings: 59, Instructions: 373memoryregistryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004223A0 Relevance: 110.6, APIs: 9, Strings: 54, Instructions: 322registrymemoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00413687 Relevance: 91.2, APIs: 11, Strings: 41, Instructions: 244fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401960 Relevance: 84.3, APIs: 15, Strings: 33, Instructions: 332memorysleepfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041DA67 Relevance: 82.4, APIs: 5, Strings: 42, Instructions: 185libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041F250 Relevance: 79.0, APIs: 9, Strings: 36, Instructions: 270memoryprocessCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412C90 Relevance: 75.4, APIs: 3, Strings: 40, Instructions: 189registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412FC0 Relevance: 66.7, APIs: 6, Strings: 32, Instructions: 167registrystringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00422EF0 Relevance: 63.2, APIs: 7, Strings: 29, Instructions: 226fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040C3C0 Relevance: 60.3, APIs: 2, Strings: 38, Instructions: 293stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004158B0 Relevance: 52.6, APIs: 3, Strings: 27, Instructions: 141registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041C0F0 Relevance: 35.3, APIs: 3, Strings: 17, Instructions: 251sleepsynchronizationCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412B30 Relevance: 33.3, APIs: 5, Strings: 14, Instructions: 86filetimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004120C0 Relevance: 31.6, APIs: 4, Strings: 14, Instructions: 150libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004129C0 Relevance: 31.6, APIs: 4, Strings: 14, Instructions: 92fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B610 Relevance: 31.6, APIs: 4, Strings: 14, Instructions: 92fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B780 Relevance: 31.6, APIs: 4, Strings: 14, Instructions: 80fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004056D7 Relevance: 28.1, APIs: 2, Strings: 14, Instructions: 135stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401000 Relevance: 28.1, APIs: 3, Strings: 13, Instructions: 77fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004016F0 Relevance: 28.1, APIs: 3, Strings: 13, Instructions: 77fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401140 Relevance: 28.1, APIs: 3, Strings: 13, Instructions: 69fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00419AC0 Relevance: 26.7, APIs: 5, Strings: 10, Instructions: 456synchronizationfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042A3E3 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 115fileCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00423FDF Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 297registrystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00426501 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 100COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00427120 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 71libraryloadermemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041B010 Relevance: 21.2, APIs: 2, Strings: 12, Instructions: 210stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401260 Relevance: 21.1, APIs: 14, Instructions: 132threadsynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042ADD1 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 90libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406260 Relevance: 19.6, APIs: 13, Instructions: 99fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041AC50 Relevance: 16.6, APIs: 1, Strings: 10, Instructions: 81stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00415690 Relevance: 13.7, APIs: 9, Instructions: 162fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00414F49 Relevance: 13.6, APIs: 9, Instructions: 73memorysynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B0F0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 169fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042AA29 Relevance: 12.1, APIs: 8, Instructions: 131COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407650 Relevance: 10.6, APIs: 7, Instructions: 100fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041AE80 Relevance: 9.0, APIs: 1, Strings: 5, Instructions: 31stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042C576 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 247fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042B1B9 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 133COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B213 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00427648 Relevance: 7.7, APIs: 5, Instructions: 184COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00428FE3 Relevance: 7.6, APIs: 5, Instructions: 150COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041AD70 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 91stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407760 Relevance: 7.6, APIs: 5, Instructions: 57fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00426F68 Relevance: 7.5, APIs: 5, Instructions: 37threadCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00413AD0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041EF50 Relevance: 7.5, APIs: 5, Instructions: 32COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042B4DF Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004294AE Relevance: 6.2, APIs: 4, Instructions: 167fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042C2A3 Relevance: 6.1, APIs: 4, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042A754 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042B02D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042884B Relevance: 5.1, APIs: 4, Instructions: 57memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|