Windows
Analysis Report
Ref#150062.vbe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- wscript.exe (PID: 7064 cmdline:
C:\Windows \System32\ WScript.ex e "C:\User s\user\Des ktop\Ref#1 50062.vbe" MD5: A47CBE969EA935BDD3AB568BB126BC80)
- wscript.exe (PID: 4592 cmdline:
C:\Windows \System32\ WScript.ex e "C:\User s\user\App Data\Roami ng\pcPseOU mXnpEaeF.v bs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
- wscript.exe (PID: 1260 cmdline:
C:\Windows \System32\ WScript.ex e "C:\User s\user\App Data\Roami ng\pcPseOU mXnpEaeF.v bs" MD5: A47CBE969EA935BDD3AB568BB126BC80) - powershell.exe (PID: 7064 cmdline:
"C:\Window s\system32 \WindowsPo werShell\v 1.0\powers hell.exe" MD5: 04029E121A0CFA5991749937DD22A1D9) - conhost.exe (PID: 5816 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - wermgr.exe (PID: 2248 cmdline:
"C:\Window s\system32 \wermgr.ex e" "-outpr oc" "0" "7 064" "2696 " "2648" " 2700" "0" "0" "2704" "0" "0" " 0" "0" "0" MD5: 74A0194782E039ACE1F7349544DC1CF4) - powershell.exe (PID: 1888 cmdline:
"C:\Window s\system32 \WindowsPo werShell\v 1.0\powers hell.exe" MD5: 04029E121A0CFA5991749937DD22A1D9) - conhost.exe (PID: 4820 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - RegSvcs.exe (PID: 5184 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Svcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94) - wermgr.exe (PID: 2380 cmdline:
"C:\Window s\system32 \wermgr.ex e" "-outpr oc" "0" "1 888" "2588 " "2776" " 2068" "0" "0" "2076" "0" "0" " 0" "0" "0" MD5: 74A0194782E039ACE1F7349544DC1CF4)
- rundll32.exe (PID: 6820 cmdline:
C:\Windows \System32\ rundll32.e xe C:\Wind ows\System 32\shell32 .dll,SHCre ateLocalSe rverRunDll {9aa46009 -3ce0-458a -a354-7156 10a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
- cleanup
{"EXfil Mode": "SMTP", "From": "sendxmaffle@jertcot.shop", "Password": "VVNrTTiP", "Server": "jertcot.shop", "To": "maffle@jertcot.shop", "Port": 587}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 5 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown |
| |
MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC | Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution | ditekSHen |
|
System Summary |
---|
Source: | Author: frack113, Florian Roth: |
Source: | Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: |
Source: | Author: frack113: |
Source: | Author: frack113: |
Source: | Author: Michael Haag: |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-11-18T13:44:23.322025+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49883 | 193.122.6.168 | 80 | TCP |
2024-11-18T13:44:30.337620+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49883 | 193.122.6.168 | 80 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Integrated Neural Analysis Model: |
Location Tracking |
---|
Source: | DNS query: |
Source: | HTTPS traffic detected: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Software Vulnerabilities |
---|
Source: | Child: |
Source: | Code function: | 12_2_01618268 | |
Source: | Code function: | 12_2_016189A0 | |
Source: | Code function: | 12_2_0161898F | |
Source: | Code function: | 12_2_01618CE6 | |
Source: | Code function: | 12_2_0161F658 | |
Source: | Code function: | 12_2_0161FB08 | |
Source: | Code function: | 12_2_05BF7A68 | |
Source: | Code function: | 12_2_05BF0498 | |
Source: | Code function: | 12_2_05BF2438 | |
Source: | Code function: | 12_2_05BF37D8 | |
Source: | Code function: | 12_2_05BF1730 | |
Source: | Code function: | 12_2_05BF3140 | |
Source: | Code function: | 12_2_05BF0040 | |
Source: | Code function: | 12_2_05BF12D8 | |
Source: | Code function: | 12_2_05BF42C8 | |
Source: | Code function: | 12_2_05BF42C8 | |
Source: | Code function: | 12_2_05BF2CE8 | |
Source: | Code function: | 12_2_05BF1FE0 | |
Source: | Code function: | 12_2_05BF0E80 | |
Source: | Code function: | 12_2_05BF2890 | |
Source: | Code function: | 12_2_05BF08F0 | |
Source: | Code function: | 12_2_05BF8875 | |
Source: | Code function: | 12_2_05BF1B88 |
Networking |
---|
Source: | Network Connect: | Jump to behavior |
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | Suricata IDS: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | COM Object queried: | Jump to behavior | ||
Source: | COM Object queried: | Jump to behavior | ||
Source: | COM Object queried: | |||
Source: | COM Object queried: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Code function: | 12_2_01618268 | |
Source: | Code function: | 12_2_0161AA68 | |
Source: | Code function: | 12_2_0161EF88 | |
Source: | Code function: | 12_2_016119B8 | |
Source: | Code function: | 12_2_01618259 | |
Source: | Code function: | 12_2_0161E5E0 | |
Source: | Code function: | 12_2_0161E5D0 | |
Source: | Code function: | 12_2_0161AA58 | |
Source: | Code function: | 12_2_0161ED68 | |
Source: | Code function: | 12_2_01612DD1 | |
Source: | Code function: | 12_2_0161F658 | |
Source: | Code function: | 12_2_0161FB08 | |
Source: | Code function: | 12_2_0161FAF8 | |
Source: | Code function: | 12_2_05BF7710 | |
Source: | Code function: | 12_2_05BF6628 | |
Source: | Code function: | 12_2_05BF5FD8 | |
Source: | Code function: | 12_2_05BF7A68 | |
Source: | Code function: | 12_2_05BF0498 | |
Source: | Code function: | 12_2_05BF048B | |
Source: | Code function: | 12_2_05BF2438 | |
Source: | Code function: | 12_2_05BF2428 | |
Source: | Code function: | 12_2_05BF37D8 | |
Source: | Code function: | 12_2_05BF37C8 | |
Source: | Code function: | 12_2_05BF1730 | |
Source: | Code function: | 12_2_05BF1723 | |
Source: | Code function: | 12_2_05BF7700 | |
Source: | Code function: | 12_2_05BF6622 | |
Source: | Code function: | 12_2_05BF3130 | |
Source: | Code function: | 12_2_05BF3140 | |
Source: | Code function: | 12_2_05BF0006 | |
Source: | Code function: | 12_2_05BF0040 | |
Source: | Code function: | 12_2_05BF5332 | |
Source: | Code function: | 12_2_05BF5340 | |
Source: | Code function: | 12_2_05BF42B9 | |
Source: | Code function: | 12_2_05BF12D8 | |
Source: | Code function: | 12_2_05BF42C8 | |
Source: | Code function: | 12_2_05BF12C8 | |
Source: | Code function: | 12_2_05BF2CE8 | |
Source: | Code function: | 12_2_05BF2CD9 | |
Source: | Code function: | 12_2_05BF6C70 | |
Source: | Code function: | 12_2_05BF6C60 | |
Source: | Code function: | 12_2_05BF1FE0 | |
Source: | Code function: | 12_2_05BF1FD1 | |
Source: | Code function: | 12_2_05BF5FCC | |
Source: | Code function: | 12_2_05BF0E80 | |
Source: | Code function: | 12_2_05BF0E70 | |
Source: | Code function: | 12_2_05BF5988 | |
Source: | Code function: | 12_2_05BF5978 | |
Source: | Code function: | 12_2_05BF2890 | |
Source: | Code function: | 12_2_05BF2880 | |
Source: | Code function: | 12_2_05BF1B88 | |
Source: | Code function: | 12_2_05BF1B78 | |
Source: | Code function: | 12_2_05BF0A28 | |
Source: | Code function: | 12_2_05BF0A17 | |
Source: | Code function: | 12_2_06E34EC8 | |
Source: | Code function: | 12_2_06E3326C | |
Source: | Code function: | 12_2_06E3BBAB |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Process created: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File read: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Binary or memory string: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Code function: | 12_2_06E3A9BB |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Dropped file: | Jump to dropped file |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | |||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window found: | Jump to behavior | ||
Source: | Window found: | Jump to behavior | ||
Source: | Window found: |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | |||
Source: | Window / User API: | |||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | |||
Source: | Thread sleep count: | |||
Source: | Thread sleep time: |
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | |||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 12_2_0161EF88 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior |
Source: | Memory written: |
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 211 Scripting | Valid Accounts | 1 Windows Management Instrumentation | 211 Scripting | 1 DLL Side-Loading | 1 Disable or Modify Tools | 1 OS Credential Dumping | 2 File and Directory Discovery | Remote Services | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Exploitation for Client Execution | 1 DLL Side-Loading | 311 Process Injection | 2 Obfuscated Files or Information | LSASS Memory | 14 System Information Discovery | Remote Desktop Protocol | 1 Data from Local System | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 1 PowerShell | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | 1 Security Software Discovery | SMB/Windows Admin Shares | 1 Email Collection | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Masquerading | NTDS | 1 Process Discovery | Distributed Component Object Model | Input Capture | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 21 Virtualization/Sandbox Evasion | LSA Secrets | 21 Virtualization/Sandbox Evasion | SSH | Keylogging | 23 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 311 Process Injection | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Rundll32 | DCSync | 1 System Network Configuration Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
reallyfreegeoip.org | 188.114.96.3 | true | false | high | |
jertcot.shop | 162.254.34.31 | true | true | unknown | |
checkip.dyndns.com | 193.122.6.168 | true | false | high | |
checkip.dyndns.org | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
144.91.79.54 | unknown | Germany | 51167 | CONTABODE | true | |
193.122.6.168 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false | |
188.114.96.3 | reallyfreegeoip.org | European Union | 13335 | CLOUDFLARENETUS | false | |
162.254.34.31 | jertcot.shop | United States | 64200 | VIVIDHOSTINGUS | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1557622 |
Start date and time: | 2024-11-18 13:42:04 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 16s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 16 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Ref#150062.vbe |
Detection: | MAL |
Classification: | mal100.troj.spyw.expl.evad.winVBE@16/19@3/4 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.189.173.21
- Excluded domains from analysis (whitelisted): licensing.mp.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
- Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: Ref#150062.vbe
Time | Type | Description |
---|---|---|
07:42:59 | API Interceptor | |
07:44:07 | API Interceptor | |
07:44:29 | API Interceptor | |
07:44:43 | API Interceptor | |
12:43:12 | Task Scheduler |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
144.91.79.54 | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | MicroClip | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | MassLogger RAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AsyncRAT | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
193.122.6.168 | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | MassLogger RAT | Browse |
| ||
Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
reallyfreegeoip.org | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | VIP Keylogger | Browse |
| ||
checkip.dyndns.com | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | VIP Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ORACLE-BMC-31898US | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | VIP Keylogger | Browse |
| ||
Get hash | malicious | MassLogger RAT | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | VIP Keylogger | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | PureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
CONTABODE | Get hash | malicious | FormBook | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Captcha Phish | Browse |
| ||
Get hash | malicious | MicroClip | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Emotet | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | VIP Keylogger | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_powershell.exe_6dcd90a0cfadcd56d98897fd4ad3469a57ab5cb_00000000_f91469e8-94e8-4534-aa9f-4b2950b35f10\Report.wer
Download File
Process: | C:\Windows\System32\wermgr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.5202496951648052 |
Encrypted: | false |
SSDEEP: | 96:CsaR0Fqvj+rxYid2RH3Uje0e3e/3hosM1QXIGZAX/d5FMT2SlPkpXmTAUf/VXT5t:DML+mG2R30hHxAzuiFCZ24lO8 |
MD5: | C99B5C89597DC427F9665A6F143C68C3 |
SHA1: | 34D7728102A981A39E41747CE625B240C4A8EAE7 |
SHA-256: | 176AD9712BF9E8764F233CE04CD329DCCF103A8FD004B26245DC0DBB703323C2 |
SHA-512: | B15838825ED4AFC1D70C3A210F1B1D4EAFAB9CACD3ED800206FAA347C8635506842348B2321C954D2F6D2638B00E59E06209F8910055B9DA76723E1B5E5F1C3F |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_powershell.exe_b4b21b9272f0623778607a435112f88140f556cc_00000000_ec54bff5-5d0d-4d3f-9a14-b2f6c141453d\Report.wer
Download File
Process: | C:\Windows\System32\wermgr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.5338818710068783 |
Encrypted: | false |
SSDEEP: | 96:CXa3uFj2jLxrxYidNRH3Uje0eD/JuNnN9KQXIGZAX/d5FMT2SlPkpXmTAtf/VXTT:GZgLxmGNR30wAAzuiFdZ24lO8 |
MD5: | FE1DA4CA9E448B98B8A44D7AD49AE857 |
SHA1: | B2FB0D4A51809F51799E0EA60A501F6CA975F13A |
SHA-256: | C1B9163C845E7CFC4BC10A512D37E1915DC2FBD071F6A11C382EA28A3296805F |
SHA-512: | 6590D297351AA23FD866990B80A81C8D1B6DB17289622D50ED3E4D6BC2285C003F21D9B0C3FC6FC205B6FDADD306234E25B1FAD03E692E9D1805DA7FB392066B |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\wermgr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7416 |
Entropy (8bit): | 3.683671562243095 |
Encrypted: | false |
SSDEEP: | 96:RSIU6o7wVetb/RWw95l6YkWogmfHNV9reCQu5aMd20m:R6l7wVeJpWw95l6YkWogmftq4pd20m |
MD5: | F9E6A143650053026027BD4F62741DDE |
SHA1: | F98BF4B673A432B03D1A14E21D3AD9DDF377824F |
SHA-256: | 7A600137F931CA0CD43DA0597A6DD6A10A46DB08E9A7998E711FAB5372956702 |
SHA-512: | CC51D35918C3F96DF9E80234A1B7119A7A3FA5E58E1866A992CE0326A720A8BB7998997A091873B7ACAAB0F6D904ABCB828F32591F31092CEB106EEE4BAFD8FD |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\wermgr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7230 |
Entropy (8bit): | 3.683485161152533 |
Encrypted: | false |
SSDEEP: | 96:RSIU6o7wVetbFxJLHVhV6Yk/ogmfHNp02cCQu5aMgZ0m:R6l7wVeJFxJL1hV6Yk/ogmftvc4pgZ0m |
MD5: | 41A3ACEFFBCE8D4B0F6D33E0798A07C6 |
SHA1: | 087F9C761FFFBADB8501786D6EE3CDD645EB03BB |
SHA-256: | 0F53E40EE97DFB70A7FD0652EF5695E3978D6703B1DEA63BAB80AD16AB5CE8CA |
SHA-512: | B06827B0B9BACF16256235A10A0193011547C1B1330BB71306ABEBD28C2AFFA5C4D84D51120C551DE75581D9D21AB5B19343A1C3C725F256A12A7F82E35E9DFA |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\wermgr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4899 |
Entropy (8bit): | 4.568412030112732 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsBJg771I9EnWpW8VYFrYm8M4JFKlnOtSFrRyq8vT0Otuytfsd:uIjfTI7/W7VlJFKlntRWT0Tufsd |
MD5: | F737F76546C720CF30AE69CC96D97FEC |
SHA1: | 21DBB327C8E62900360CB24BF71D5F8BE022C908 |
SHA-256: | FAA34B66138A29DE3E5E97D585C0ABA571201041185C3992CA566B7BCB327D11 |
SHA-512: | 73BB7D5D524A2C6D80A905F9054B0FEDA3CA2AF2E03C7DAE562DE08D2E1FC4D033FA656A01D1F6F778579D1044B0CBB22E80411FBBF973A012B94F204DEE06E0 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\wermgr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4711 |
Entropy (8bit): | 4.509218256506956 |
Encrypted: | false |
SSDEEP: | 96:uIjfTI7/W7VKJFKl0F3DF2WTnF3DFdufhHd:uIfY/W704E7V7ufh9 |
MD5: | 1D06A8A69BD3B7D44376C09EC6AD9678 |
SHA1: | C28364B7F2B995ADCB57879D8FFF41D649386F12 |
SHA-256: | C6E46AE3851B6769890C1B38C59246BAE6DE578C61FC73F4D4D75BB440D0F6F2 |
SHA-512: | 1E8A9D1AEC3B680BB94EF6A44FE5DA3E0A439B1B895459353DF4A4637DC7CACFC64B6A477F6539EDA7926558EBAEE43AC4BC65B00A1ED2570F8DB075D4292630 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11887 |
Entropy (8bit): | 4.901437212034066 |
Encrypted: | false |
SSDEEP: | 192:Zxoe5qpOZxoe54ib4ZVsm5emdqVFn3eGOVpN6K3bkkjo5OgkjDt4iWN3yBGHVQ9L:Srib4ZmVoGIpN6KQkj2Fkjh4iUxsNYWd |
MD5: | ED30A738A05A68D6AB27771BD846A7AA |
SHA1: | 6AFCE0F6E39A9A59FF54956E1461F09747B57B44 |
SHA-256: | 17D48B622292E016CFDF0550340FF6ED54693521D4D457B88BB23BD1AE076A31 |
SHA-512: | 183E9ECAF5C467D7DA83F44FE990569215AFDB40B79BCA5C0D2C021228C7B85DF4793E2952130B772EC0896FBFBCF452078878ADF3A380A6D0A6BD00EA6663F2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3256 |
Entropy (8bit): | 5.404109340363203 |
Encrypted: | false |
SSDEEP: | 48:gEzsSU4xymdajm9qr9tz4RIoUQ/78Nf+oH0GxJZKaVEouYAgwd64rHLjtvwpPEhI:gEzlHxvJ9qrfIfl7Kf+olJ5Eo9Adrxwt |
MD5: | 95772EFB0D98B0FDC1F3CD71213F4A49 |
SHA1: | 666A684CC4706D2013AECA319681E7ECD12BEAA3 |
SHA-256: | 3F74ACF9513B51D78314654F92B4105EF35E55F38748B4A24E32D023B61A859C |
SHA-512: | BFD108B69A240F3E678099A5E6DC361F6C674FBC96D13A905264A0A3F5925C50AE83407F9A2FAAD1EE8CE9BAB4F185FEAAE1AAB7700555B23371FD72FB05BD00 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 252 |
Entropy (8bit): | 5.355593960973263 |
Encrypted: | false |
SSDEEP: | 6:xVwe5ljxsu2xKbLtSXqo830Gxsj+EoXZuBiA2V0LYQ13jH2eFI59:772EtSXqdpc8Jci1V0LYQFH2eo |
MD5: | 112890B95BB4E5F2A80B0C23882338D0 |
SHA1: | 3D91833CAEFE4A51AD343E728EB46D577430168D |
SHA-256: | 76CBE043628A97A4BA714BB7B68B2D5CCE327256A0F47E3D47ECE05EE4A7F2F1 |
SHA-512: | CE76161C6B8DB4BFFC6CD87279AADF091ED5CC67CDF6F69A85D68AC4FC2047C72C8AD93833E48AC819C0DCCB2554F4892D8C3B43E313E2D8286BE3CE0DF489E1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6221 |
Entropy (8bit): | 3.710479057510546 |
Encrypted: | false |
SSDEEP: | 96:mjLlyt33CxH9hkvhkvCCtweI78H3eI7HHb:mjZcyd9weVeA |
MD5: | 792AC76E1C8402DC4F63248BD1CA20A2 |
SHA1: | 3570CA2FB92312B16BD399F5C4B85397BBAD46F1 |
SHA-256: | CD551C1CAAD95CBBE6D68E19AEFD77D5C2E4A84A53AFC71DA55EC123300E7A16 |
SHA-512: | 7BBAFF9323432051FECC4FD5745F5F0B235F55698E1E1F48D03B2BA656211B0B7FE96346E5D58831131438F52BB31077C8A078CEA737F06CA006250F8DAB1DA8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF3cbd70.TMP (copy)
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6221 |
Entropy (8bit): | 3.710479057510546 |
Encrypted: | false |
SSDEEP: | 96:mjLlyt33CxH9hkvhkvCCtweI78H3eI7HHb:mjZcyd9weVeA |
MD5: | 792AC76E1C8402DC4F63248BD1CA20A2 |
SHA1: | 3570CA2FB92312B16BD399F5C4B85397BBAD46F1 |
SHA-256: | CD551C1CAAD95CBBE6D68E19AEFD77D5C2E4A84A53AFC71DA55EC123300E7A16 |
SHA-512: | 7BBAFF9323432051FECC4FD5745F5F0B235F55698E1E1F48D03B2BA656211B0B7FE96346E5D58831131438F52BB31077C8A078CEA737F06CA006250F8DAB1DA8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\SRRGWEWIB0HG3OLFDR6M.temp
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6221 |
Entropy (8bit): | 3.710479057510546 |
Encrypted: | false |
SSDEEP: | 96:mjLlyt33CxH9hkvhkvCCtweI78H3eI7HHb:mjZcyd9weVeA |
MD5: | 792AC76E1C8402DC4F63248BD1CA20A2 |
SHA1: | 3570CA2FB92312B16BD399F5C4B85397BBAD46F1 |
SHA-256: | CD551C1CAAD95CBBE6D68E19AEFD77D5C2E4A84A53AFC71DA55EC123300E7A16 |
SHA-512: | 7BBAFF9323432051FECC4FD5745F5F0B235F55698E1E1F48D03B2BA656211B0B7FE96346E5D58831131438F52BB31077C8A078CEA737F06CA006250F8DAB1DA8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\TS3LEWTOMK3ZIEPRIKSA.temp
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6221 |
Entropy (8bit): | 3.706719549561189 |
Encrypted: | false |
SSDEEP: | 96:+LlMtZ3CXq9hkvhkvCCtweI7HH3eI7HHb:+Z+Wy9weueA |
MD5: | 4DCDD2AADF3BE4263F3EC1637168B442 |
SHA1: | 257A558C1477271EBEF294CE2707D60C0C79CE6A |
SHA-256: | 5915EF158BC0D0039894FF598CF65376D168E18B2B5820A6E23B2AEFD674E0B7 |
SHA-512: | 2BEC1EB935A69E9C668836E15421A92031084E9D2DE31B4A52B21C959FC2F5B2F849CB9695F6CD1D9B9358A207A8FC3E686EE41B076D5F54E46864E93CE6947D |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\wscript.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2012 |
Entropy (8bit): | 5.1116490090109 |
Encrypted: | false |
SSDEEP: | 48:9+rGQafYxl6hzjj0BWIudnXt9gVOSQngjHVVIdojnWgCmgVF:9+Sn7x/0MVYVOZg78dknQmgVF |
MD5: | 0DCB03776DA0B1EC5F4418221CD9152E |
SHA1: | 1D32D1E386C46FA6DBA8522C2A99C3FF272B6CDA |
SHA-256: | 63373B65D80F24467F6D2FC10F33965BD40450F45068FDF7293928F52DD3DC20 |
SHA-512: | 325B25EACB4E06A40605ECDCF99BD96B39CFCBA9FAB430C855E953B4630A54FBE611D2365E1F7F71785FD65E9CD2ABA247287EDD3F0FED37A667169A906DC64B |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1494 |
Entropy (8bit): | 4.423978372785347 |
Encrypted: | false |
SSDEEP: | 24:Ei/tvNa2V269+IzphSjeKm3uSmcHqgxOAX4WLeX4WgeX4WgeX4WneX4WueX4WEef:EdWxZzpsyXOAX+X5XpXKX/XFXoXQXDX5 |
MD5: | 5C12740F85D91A751DF931A739F19CC5 |
SHA1: | E03884BE6FD309C9E2260CC409D3BE3EF2F9102E |
SHA-256: | 98A7E86A2614FE6B99A9D24A1DBA751BE3F177947AE0F5165F5888F665F2297B |
SHA-512: | 40507BDD361FCA4104632CAA40A1A1400D4902F2FBA470160EF25B649E0D00489A04A34E71191B77F86D138196DBEC5382D961952A15857B0ED5F33CB41AF058 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 3.873141167934975 |
TrID: |
|
File name: | Ref#150062.vbe |
File size: | 10'108 bytes |
MD5: | 2874840f439a79083be1cb832dbd10f4 |
SHA1: | e121f6fd96b75bc492c4a463c9d03d273d658f1b |
SHA256: | 491e3f2d6ee7add3f362046c59a5ff7f8a292119b762d2b1f3174a283d41393d |
SHA512: | 4fe2bfa046ca55e2adc4c179277ae7df351d398e3ea8e8b23d51531d9d403c8e4a471e4cb0d0fbd7b05319874190ac6455666510229562042bd112d7ddb4d65a |
SSDEEP: | 192:nP0x+IjcaP76sgeumS8ZHSuWBDlpOxGRMVeLF+k8HZK:8oyn6sg5mNZHSxBhp4GRYk8A |
TLSH: | 24220244CDD980D0F32566C60BCDD7E25B2FAA302B0F49D31E509296276FAC1E92AF35 |
File Content Preview: | ..#.@.~.^.p.B.M.A.A.A.=.=.v.,.1.G.s.P.9.E.P.a.D.K.%.+.D.P.l.P.a.m.K.d...r.j.s.p.x.a.2.l...o.@.#.@.&.@.#.@.&.}.w.O.k.G.U.,.2.a.w.^.r.m.b.Y.@.#.@.&.@.#.@.&.B.~.R. .O.~.s.K.U.1.Y.r.K.x.k.P.N...P.1.G.x.7.+.../.b.W.U.~._.2.(.,.n.Y.,.:.l...r.2.E.^.l.D.k.G.x.~.[ |
Icon Hash: | 68d69b8f86ab9a86 |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-11-18T13:44:23.322025+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.4 | 49883 | 193.122.6.168 | 80 | TCP |
2024-11-18T13:44:30.337620+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.4 | 49883 | 193.122.6.168 | 80 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 18, 2024 13:42:58.903248072 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:42:58.908376932 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:42:58.911272049 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:42:58.911454916 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:42:58.916407108 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:42:59.776099920 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:42:59.776120901 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:42:59.776137114 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:42:59.776150942 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:42:59.776161909 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:42:59.776177883 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:42:59.776192904 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:42:59.776299000 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:42:59.776303053 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:42:59.776315928 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:42:59.776333094 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:42:59.776354074 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:42:59.776379108 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:42:59.781297922 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:42:59.781353951 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:42:59.781418085 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:42:59.895407915 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:42:59.895426035 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:42:59.895442963 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:42:59.895466089 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:42:59.895479918 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:42:59.895493984 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:42:59.895503998 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:42:59.895508051 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:42:59.895541906 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:42:59.895567894 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:42:59.896430969 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:42:59.896481991 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:42:59.896485090 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:42:59.896496058 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:42:59.896533966 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:42:59.896603107 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:42:59.896615982 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:42:59.896667004 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.099411011 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.104454041 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.351298094 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.351362944 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.351507902 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.351706028 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.351780891 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.351794958 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.351828098 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.351918936 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.351932049 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.351968050 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.352190018 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.352242947 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.352262020 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.352274895 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.352317095 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.352447987 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.352461100 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.352498055 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.353164911 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.400121927 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.470808029 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.470833063 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.470848083 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.470895052 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.470906019 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.470938921 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.470952988 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.470952988 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.470993042 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.471358061 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.471419096 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.471431017 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.471479893 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.471493006 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.471507072 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.471549034 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.472254038 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.472294092 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.472306967 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.472307920 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.472342968 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.472348928 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.525084019 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.589665890 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.589684010 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.589695930 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.589709044 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.589798927 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.589842081 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.589860916 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.589905024 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.589914083 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.589940071 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.590173006 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.590217113 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.590250969 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.590301991 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.590342999 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.590358973 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.634468079 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.661837101 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.666838884 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.914413929 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.914437056 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.914458036 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.914470911 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.914484978 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.914541960 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.914613962 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.914697886 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.914757967 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.914906025 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.914921045 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.914968014 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.915088892 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.915136099 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.915148973 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.915179968 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.915184975 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.915239096 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.915664911 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.915714025 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.915728092 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.915769100 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:00.915770054 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:00.915822983 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.033185005 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.033210993 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.033222914 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.033279896 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.033466101 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.033477068 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.033489943 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.033500910 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.033513069 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.033678055 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.033678055 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.033931017 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.033941984 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.033987999 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.034075022 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.034130096 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.034142971 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.034179926 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.034218073 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.034235954 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.034250021 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.034272909 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.034301043 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.152133942 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.152163982 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.152178049 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.152245998 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.152260065 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.152292967 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.152312040 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.152324915 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.152364016 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.152482986 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.152775049 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.152817965 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.152829885 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.152844906 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.152883053 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.152898073 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.153175116 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.153199911 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.153212070 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.153214931 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.153247118 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.153379917 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.153394938 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.153434038 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.153789997 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.153903961 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.153951883 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.272614956 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.272701979 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.272751093 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.272763014 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.272805929 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.272844076 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.272855043 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.272898912 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.272934914 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.272965908 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.272969961 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.273008108 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.273040056 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.273041964 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.273078918 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.273094893 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.273113966 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.273149014 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.273163080 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.273188114 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.273240089 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.273603916 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.273642063 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.273679972 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.273684978 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.322093010 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.390345097 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.390377045 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.390389919 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.390403032 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.390428066 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.390459061 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.390491009 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.390501976 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.390556097 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.390918016 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.390938044 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.390949965 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.391041994 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.391125917 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.391139030 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.391149998 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.391163111 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.391207933 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.391370058 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.391428947 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.391441107 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.391488075 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.391666889 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.391714096 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.391719103 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.391731977 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.391766071 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.391777039 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.392127037 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.392172098 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.392173052 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.447114944 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.509344101 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.509363890 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.509382010 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.509404898 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.509429932 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.509443045 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.509458065 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.509596109 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.509849072 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.509860992 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.509872913 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.509907007 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.509934902 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.509951115 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.509989977 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.510003090 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.510026932 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.510096073 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.510108948 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.510143995 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.510524035 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.510575056 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.510586023 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.510600090 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.510641098 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.510826111 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.510838985 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.510852098 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.510876894 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.556441069 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.628189087 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.628226995 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.628237009 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.628248930 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.628269911 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.628314972 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.628326893 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.628424883 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.628426075 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.628631115 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.628674984 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.628689051 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.628703117 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.628746986 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.628747940 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.628958941 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.629000902 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.629007101 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.629019976 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.629051924 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.629055023 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.629354954 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.629400015 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.629403114 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.629414082 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.629458904 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.629626036 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.629676104 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.629687071 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.629720926 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.629723072 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.629766941 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.630076885 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.630088091 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.630124092 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.747256041 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.747339964 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.747355938 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.747370005 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.747381926 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.747395992 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.747421026 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.747476101 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.747476101 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.747641087 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.747682095 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.747709990 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.747725010 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.747797966 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.747811079 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.747843981 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.748111963 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.748123884 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.748136997 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.748157978 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.748182058 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.748334885 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.748357058 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.748368979 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.748399019 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.748456955 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.748469114 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.748498917 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.748857021 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.748897076 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.748900890 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.748909950 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.748951912 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.749109030 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.749164104 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.749206066 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.867003918 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.867047071 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.867064953 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.867089033 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.867100000 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.867101908 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.867115021 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.867131948 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.867149115 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.867177963 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.867188931 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.867221117 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.867243052 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.867309093 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.867351055 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.867360115 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.867372036 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.867413044 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.867448092 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.867460966 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.867471933 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.867499113 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.867826939 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.867880106 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.867885113 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.867898941 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.867939949 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:01.867973089 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.867986917 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.867999077 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:01.868037939 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:02.004076004 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:02.009617090 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:02.256324053 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:02.306307077 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:07.392915010 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:07.392995119 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:07.395422935 CET | 49730 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:07.400291920 CET | 80 | 49730 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:11.715672970 CET | 49731 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:11.721014023 CET | 80 | 49731 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:11.721141100 CET | 49731 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:11.721355915 CET | 49731 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:11.726912975 CET | 80 | 49731 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:12.774035931 CET | 80 | 49731 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:12.784064054 CET | 80 | 49731 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:12.784209967 CET | 49731 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:13.125910997 CET | 49731 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:13.126266956 CET | 49732 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:13.131124973 CET | 80 | 49732 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:13.131225109 CET | 49732 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:13.131273031 CET | 80 | 49731 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:13.131362915 CET | 49731 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:13.131473064 CET | 49732 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:13.136298895 CET | 80 | 49732 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:13.991144896 CET | 80 | 49732 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:13.991180897 CET | 80 | 49732 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:13.991195917 CET | 80 | 49732 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:13.991210938 CET | 80 | 49732 | 144.91.79.54 | 192.168.2.4 |
Nov 18, 2024 13:43:13.991287947 CET | 49732 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:13.991349936 CET | 49732 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:43:16.146226883 CET | 49732 | 80 | 192.168.2.4 | 144.91.79.54 |
Nov 18, 2024 13:44:22.164302111 CET | 49883 | 80 | 192.168.2.4 | 193.122.6.168 |
Nov 18, 2024 13:44:22.169222116 CET | 80 | 49883 | 193.122.6.168 | 192.168.2.4 |
Nov 18, 2024 13:44:22.169301033 CET | 49883 | 80 | 192.168.2.4 | 193.122.6.168 |
Nov 18, 2024 13:44:22.169620037 CET | 49883 | 80 | 192.168.2.4 | 193.122.6.168 |
Nov 18, 2024 13:44:22.174422026 CET | 80 | 49883 | 193.122.6.168 | 192.168.2.4 |
Nov 18, 2024 13:44:23.024297953 CET | 80 | 49883 | 193.122.6.168 | 192.168.2.4 |
Nov 18, 2024 13:44:23.032669067 CET | 49883 | 80 | 192.168.2.4 | 193.122.6.168 |
Nov 18, 2024 13:44:23.037662029 CET | 80 | 49883 | 193.122.6.168 | 192.168.2.4 |
Nov 18, 2024 13:44:23.277934074 CET | 80 | 49883 | 193.122.6.168 | 192.168.2.4 |
Nov 18, 2024 13:44:23.299393892 CET | 49889 | 443 | 192.168.2.4 | 188.114.96.3 |
Nov 18, 2024 13:44:23.299474001 CET | 443 | 49889 | 188.114.96.3 | 192.168.2.4 |
Nov 18, 2024 13:44:23.299748898 CET | 49889 | 443 | 192.168.2.4 | 188.114.96.3 |
Nov 18, 2024 13:44:23.310167074 CET | 49889 | 443 | 192.168.2.4 | 188.114.96.3 |
Nov 18, 2024 13:44:23.310204983 CET | 443 | 49889 | 188.114.96.3 | 192.168.2.4 |
Nov 18, 2024 13:44:23.322025061 CET | 49883 | 80 | 192.168.2.4 | 193.122.6.168 |
Nov 18, 2024 13:44:23.515419006 CET | 80 | 49883 | 193.122.6.168 | 192.168.2.4 |
Nov 18, 2024 13:44:23.515479088 CET | 49883 | 80 | 192.168.2.4 | 193.122.6.168 |
Nov 18, 2024 13:44:24.129654884 CET | 443 | 49889 | 188.114.96.3 | 192.168.2.4 |
Nov 18, 2024 13:44:24.129753113 CET | 49889 | 443 | 192.168.2.4 | 188.114.96.3 |
Nov 18, 2024 13:44:24.140805006 CET | 49889 | 443 | 192.168.2.4 | 188.114.96.3 |
Nov 18, 2024 13:44:24.140831947 CET | 443 | 49889 | 188.114.96.3 | 192.168.2.4 |
Nov 18, 2024 13:44:24.141144991 CET | 443 | 49889 | 188.114.96.3 | 192.168.2.4 |
Nov 18, 2024 13:44:24.196966887 CET | 49889 | 443 | 192.168.2.4 | 188.114.96.3 |
Nov 18, 2024 13:44:24.340946913 CET | 49889 | 443 | 192.168.2.4 | 188.114.96.3 |
Nov 18, 2024 13:44:24.383328915 CET | 443 | 49889 | 188.114.96.3 | 192.168.2.4 |
Nov 18, 2024 13:44:24.478779078 CET | 443 | 49889 | 188.114.96.3 | 192.168.2.4 |
Nov 18, 2024 13:44:24.478857040 CET | 443 | 49889 | 188.114.96.3 | 192.168.2.4 |
Nov 18, 2024 13:44:24.478908062 CET | 49889 | 443 | 192.168.2.4 | 188.114.96.3 |
Nov 18, 2024 13:44:24.681183100 CET | 49889 | 443 | 192.168.2.4 | 188.114.96.3 |
Nov 18, 2024 13:44:30.042268991 CET | 49883 | 80 | 192.168.2.4 | 193.122.6.168 |
Nov 18, 2024 13:44:30.047431946 CET | 80 | 49883 | 193.122.6.168 | 192.168.2.4 |
Nov 18, 2024 13:44:30.289416075 CET | 80 | 49883 | 193.122.6.168 | 192.168.2.4 |
Nov 18, 2024 13:44:30.313124895 CET | 49932 | 587 | 192.168.2.4 | 162.254.34.31 |
Nov 18, 2024 13:44:30.318278074 CET | 587 | 49932 | 162.254.34.31 | 192.168.2.4 |
Nov 18, 2024 13:44:30.318358898 CET | 49932 | 587 | 192.168.2.4 | 162.254.34.31 |
Nov 18, 2024 13:44:30.337620020 CET | 49883 | 80 | 192.168.2.4 | 193.122.6.168 |
Nov 18, 2024 13:44:31.160269022 CET | 587 | 49932 | 162.254.34.31 | 192.168.2.4 |
Nov 18, 2024 13:44:31.160506010 CET | 49932 | 587 | 192.168.2.4 | 162.254.34.31 |
Nov 18, 2024 13:44:31.165551901 CET | 587 | 49932 | 162.254.34.31 | 192.168.2.4 |
Nov 18, 2024 13:44:31.343144894 CET | 587 | 49932 | 162.254.34.31 | 192.168.2.4 |
Nov 18, 2024 13:44:31.344428062 CET | 49932 | 587 | 192.168.2.4 | 162.254.34.31 |
Nov 18, 2024 13:44:31.349576950 CET | 587 | 49932 | 162.254.34.31 | 192.168.2.4 |
Nov 18, 2024 13:44:31.524661064 CET | 587 | 49932 | 162.254.34.31 | 192.168.2.4 |
Nov 18, 2024 13:44:31.524997950 CET | 49932 | 587 | 192.168.2.4 | 162.254.34.31 |
Nov 18, 2024 13:44:31.529823065 CET | 587 | 49932 | 162.254.34.31 | 192.168.2.4 |
Nov 18, 2024 13:44:31.722270012 CET | 587 | 49932 | 162.254.34.31 | 192.168.2.4 |
Nov 18, 2024 13:44:31.722564936 CET | 49932 | 587 | 192.168.2.4 | 162.254.34.31 |
Nov 18, 2024 13:44:31.729398012 CET | 587 | 49932 | 162.254.34.31 | 192.168.2.4 |
Nov 18, 2024 13:44:31.912738085 CET | 587 | 49932 | 162.254.34.31 | 192.168.2.4 |
Nov 18, 2024 13:44:31.913013935 CET | 49932 | 587 | 192.168.2.4 | 162.254.34.31 |
Nov 18, 2024 13:44:31.917990923 CET | 587 | 49932 | 162.254.34.31 | 192.168.2.4 |
Nov 18, 2024 13:44:32.096177101 CET | 587 | 49932 | 162.254.34.31 | 192.168.2.4 |
Nov 18, 2024 13:44:32.097791910 CET | 49932 | 587 | 192.168.2.4 | 162.254.34.31 |
Nov 18, 2024 13:44:32.102757931 CET | 587 | 49932 | 162.254.34.31 | 192.168.2.4 |
Nov 18, 2024 13:44:32.277010918 CET | 587 | 49932 | 162.254.34.31 | 192.168.2.4 |
Nov 18, 2024 13:44:32.277651072 CET | 49932 | 587 | 192.168.2.4 | 162.254.34.31 |
Nov 18, 2024 13:44:32.277728081 CET | 49932 | 587 | 192.168.2.4 | 162.254.34.31 |
Nov 18, 2024 13:44:32.277754068 CET | 49932 | 587 | 192.168.2.4 | 162.254.34.31 |
Nov 18, 2024 13:44:32.277776957 CET | 49932 | 587 | 192.168.2.4 | 162.254.34.31 |
Nov 18, 2024 13:44:32.277796984 CET | 49932 | 587 | 192.168.2.4 | 162.254.34.31 |
Nov 18, 2024 13:44:32.282905102 CET | 587 | 49932 | 162.254.34.31 | 192.168.2.4 |
Nov 18, 2024 13:44:32.282953024 CET | 587 | 49932 | 162.254.34.31 | 192.168.2.4 |
Nov 18, 2024 13:44:32.283010006 CET | 587 | 49932 | 162.254.34.31 | 192.168.2.4 |
Nov 18, 2024 13:44:32.283039093 CET | 587 | 49932 | 162.254.34.31 | 192.168.2.4 |
Nov 18, 2024 13:44:32.283067942 CET | 587 | 49932 | 162.254.34.31 | 192.168.2.4 |
Nov 18, 2024 13:44:32.470141888 CET | 587 | 49932 | 162.254.34.31 | 192.168.2.4 |
Nov 18, 2024 13:44:32.525125980 CET | 49932 | 587 | 192.168.2.4 | 162.254.34.31 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 18, 2024 13:44:22.144922972 CET | 56020 | 53 | 192.168.2.4 | 1.1.1.1 |
Nov 18, 2024 13:44:22.152060986 CET | 53 | 56020 | 1.1.1.1 | 192.168.2.4 |
Nov 18, 2024 13:44:23.289596081 CET | 64074 | 53 | 192.168.2.4 | 1.1.1.1 |
Nov 18, 2024 13:44:23.298178911 CET | 53 | 64074 | 1.1.1.1 | 192.168.2.4 |
Nov 18, 2024 13:44:30.299009085 CET | 59294 | 53 | 192.168.2.4 | 1.1.1.1 |
Nov 18, 2024 13:44:30.312438965 CET | 53 | 59294 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Nov 18, 2024 13:44:22.144922972 CET | 192.168.2.4 | 1.1.1.1 | 0x1429 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 18, 2024 13:44:23.289596081 CET | 192.168.2.4 | 1.1.1.1 | 0x9dc9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 18, 2024 13:44:30.299009085 CET | 192.168.2.4 | 1.1.1.1 | 0xd817 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Nov 18, 2024 13:44:22.152060986 CET | 1.1.1.1 | 192.168.2.4 | 0x1429 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 18, 2024 13:44:22.152060986 CET | 1.1.1.1 | 192.168.2.4 | 0x1429 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
Nov 18, 2024 13:44:22.152060986 CET | 1.1.1.1 | 192.168.2.4 | 0x1429 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
Nov 18, 2024 13:44:22.152060986 CET | 1.1.1.1 | 192.168.2.4 | 0x1429 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
Nov 18, 2024 13:44:22.152060986 CET | 1.1.1.1 | 192.168.2.4 | 0x1429 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
Nov 18, 2024 13:44:22.152060986 CET | 1.1.1.1 | 192.168.2.4 | 0x1429 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
Nov 18, 2024 13:44:23.298178911 CET | 1.1.1.1 | 192.168.2.4 | 0x9dc9 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Nov 18, 2024 13:44:23.298178911 CET | 1.1.1.1 | 192.168.2.4 | 0x9dc9 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Nov 18, 2024 13:44:30.312438965 CET | 1.1.1.1 | 192.168.2.4 | 0xd817 | No error (0) | 162.254.34.31 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49730 | 144.91.79.54 | 80 | 7064 | C:\Windows\System32\wscript.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Nov 18, 2024 13:42:58.911454916 CET | 152 | OUT | |
Nov 18, 2024 13:42:59.776099920 CET | 1236 | IN | |
Nov 18, 2024 13:42:59.776120901 CET | 1236 | IN | |
Nov 18, 2024 13:42:59.776137114 CET | 1236 | IN | |
Nov 18, 2024 13:42:59.776150942 CET | 1236 | IN | |
Nov 18, 2024 13:42:59.776161909 CET | 1236 | IN | |
Nov 18, 2024 13:42:59.776177883 CET | 1236 | IN | |
Nov 18, 2024 13:42:59.776192904 CET | 1236 | IN | |
Nov 18, 2024 13:42:59.776303053 CET | 1236 | IN | |
Nov 18, 2024 13:42:59.776315928 CET | 1236 | IN | |
Nov 18, 2024 13:42:59.776333094 CET | 1236 | IN | |
Nov 18, 2024 13:42:59.781297922 CET | 1236 | IN | |
Nov 18, 2024 13:43:00.099411011 CET | 152 | OUT | |
Nov 18, 2024 13:43:00.351298094 CET | 1236 | IN | |
Nov 18, 2024 13:43:00.661837101 CET | 175 | OUT | |
Nov 18, 2024 13:43:00.914413929 CET | 1236 | IN | |
Nov 18, 2024 13:43:02.004076004 CET | 153 | OUT | |
Nov 18, 2024 13:43:02.256324053 CET | 347 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49731 | 144.91.79.54 | 80 | 7064 | C:\Windows\System32\wscript.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Nov 18, 2024 13:43:11.721355915 CET | 152 | OUT | |
Nov 18, 2024 13:43:12.774035931 CET | 762 | IN | |
Nov 18, 2024 13:43:12.784064054 CET | 762 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49732 | 144.91.79.54 | 80 | 7064 | C:\Windows\System32\wscript.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Nov 18, 2024 13:43:13.131473064 CET | 155 | OUT | |
Nov 18, 2024 13:43:13.991144896 CET | 1236 | IN | |
Nov 18, 2024 13:43:13.991180897 CET | 1236 | IN | |
Nov 18, 2024 13:43:13.991195917 CET | 1236 | IN | |
Nov 18, 2024 13:43:13.991210938 CET | 529 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49883 | 193.122.6.168 | 80 | 5184 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Nov 18, 2024 13:44:22.169620037 CET | 151 | OUT | |
Nov 18, 2024 13:44:23.024297953 CET | 323 | IN | |
Nov 18, 2024 13:44:23.032669067 CET | 127 | OUT | |
Nov 18, 2024 13:44:23.277934074 CET | 323 | IN | |
Nov 18, 2024 13:44:23.515419006 CET | 323 | IN | |
Nov 18, 2024 13:44:30.042268991 CET | 127 | OUT | |
Nov 18, 2024 13:44:30.289416075 CET | 323 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49889 | 188.114.96.3 | 443 | 5184 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-11-18 12:44:24 UTC | 87 | OUT | |
2024-11-18 12:44:24 UTC | 856 | IN | |
2024-11-18 12:44:24 UTC | 358 | IN |
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Commands |
---|---|---|---|---|---|
Nov 18, 2024 13:44:31.160269022 CET | 587 | 49932 | 162.254.34.31 | 192.168.2.4 | 220 server1.educt.shop127.0.0.1 ESMTP Postfix |
Nov 18, 2024 13:44:31.160506010 CET | 49932 | 587 | 192.168.2.4 | 162.254.34.31 | EHLO 721680 |
Nov 18, 2024 13:44:31.343144894 CET | 587 | 49932 | 162.254.34.31 | 192.168.2.4 | 250-server1.educt.shop127.0.0.1 250-PIPELINING 250-SIZE 204800000 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250 CHUNKING |
Nov 18, 2024 13:44:31.344428062 CET | 49932 | 587 | 192.168.2.4 | 162.254.34.31 | AUTH login c2VuZHhtYWZmbGVAamVydGNvdC5zaG9w |
Nov 18, 2024 13:44:31.524661064 CET | 587 | 49932 | 162.254.34.31 | 192.168.2.4 | 334 UGFzc3dvcmQ6 |
Nov 18, 2024 13:44:31.722270012 CET | 587 | 49932 | 162.254.34.31 | 192.168.2.4 | 235 2.7.0 Authentication successful |
Nov 18, 2024 13:44:31.722564936 CET | 49932 | 587 | 192.168.2.4 | 162.254.34.31 | MAIL FROM:<sendxmaffle@jertcot.shop> |
Nov 18, 2024 13:44:31.912738085 CET | 587 | 49932 | 162.254.34.31 | 192.168.2.4 | 250 2.1.0 Ok |
Nov 18, 2024 13:44:31.913013935 CET | 49932 | 587 | 192.168.2.4 | 162.254.34.31 | RCPT TO:<maffle@jertcot.shop> |
Nov 18, 2024 13:44:32.096177101 CET | 587 | 49932 | 162.254.34.31 | 192.168.2.4 | 250 2.1.5 Ok |
Nov 18, 2024 13:44:32.097791910 CET | 49932 | 587 | 192.168.2.4 | 162.254.34.31 | DATA |
Nov 18, 2024 13:44:32.277010918 CET | 587 | 49932 | 162.254.34.31 | 192.168.2.4 | 354 End data with <CR><LF>.<CR><LF> |
Nov 18, 2024 13:44:32.277796984 CET | 49932 | 587 | 192.168.2.4 | 162.254.34.31 | . |
Nov 18, 2024 13:44:32.470141888 CET | 587 | 49932 | 162.254.34.31 | 192.168.2.4 | 250 2.0.0 Ok: queued as 056406448A |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 07:42:58 |
Start date: | 18/11/2024 |
Path: | C:\Windows\System32\wscript.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62eb20000 |
File size: | 170'496 bytes |
MD5 hash: | A47CBE969EA935BDD3AB568BB126BC80 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 07:43:12 |
Start date: | 18/11/2024 |
Path: | C:\Windows\System32\wscript.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62eb20000 |
File size: | 170'496 bytes |
MD5 hash: | A47CBE969EA935BDD3AB568BB126BC80 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 07:44:01 |
Start date: | 18/11/2024 |
Path: | C:\Windows\System32\wscript.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62eb20000 |
File size: | 170'496 bytes |
MD5 hash: | A47CBE969EA935BDD3AB568BB126BC80 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 6 |
Start time: | 07:44:02 |
Start date: | 18/11/2024 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff788560000 |
File size: | 452'608 bytes |
MD5 hash: | 04029E121A0CFA5991749937DD22A1D9 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 07:44:02 |
Start date: | 18/11/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 8 |
Start time: | 07:44:04 |
Start date: | 18/11/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7ff030000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 07:44:18 |
Start date: | 18/11/2024 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff788560000 |
File size: | 452'608 bytes |
MD5 hash: | 04029E121A0CFA5991749937DD22A1D9 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 10 |
Start time: | 07:44:18 |
Start date: | 18/11/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 12 |
Start time: | 07:44:21 |
Start date: | 18/11/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd90000 |
File size: | 45'984 bytes |
MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | false |
Target ID: | 14 |
Start time: | 07:44:22 |
Start date: | 18/11/2024 |
Path: | C:\Windows\System32\wermgr.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff783f90000 |
File size: | 229'728 bytes |
MD5 hash: | 74A0194782E039ACE1F7349544DC1CF4 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 15 |
Start time: | 07:44:22 |
Start date: | 18/11/2024 |
Path: | C:\Windows\System32\wermgr.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff783f90000 |
File size: | 229'728 bytes |
MD5 hash: | 74A0194782E039ACE1F7349544DC1CF4 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Has exited: | true |
Execution Graph
Execution Coverage: | 12.7% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 7.3% |
Total number of Nodes: | 247 |
Total number of Limit Nodes: | 14 |
Graph
Function 016119B8 Relevance: 8.5, Strings: 6, Instructions: 977COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0161AA68 Relevance: 4.3, Strings: 1, Instructions: 3069COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF7A68 Relevance: 2.0, Strings: 1, Instructions: 761COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0161EF88 Relevance: 1.9, APIs: 1, Instructions: 357COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01618268 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0161ED68 Relevance: .3, Instructions: 262COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0161898F Relevance: .2, Instructions: 225COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 016189A0 Relevance: .2, Instructions: 220COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF5FD8 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF6628 Relevance: .2, Instructions: 218COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF7700 Relevance: .2, Instructions: 205COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01618CE6 Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF7710 Relevance: .2, Instructions: 191COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF6622 Relevance: .2, Instructions: 159COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF5FCC Relevance: .1, Instructions: 105COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01618259 Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06E343E8 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06E369C4 Relevance: 1.6, APIs: 1, Instructions: 120COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06E34ACC Relevance: 1.6, APIs: 1, Instructions: 116COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06E34C1C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BFB5D4 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BFB8D8 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0161F36C Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06E33380 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06E3A6B8 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06E3B4D0 Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012BD030 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012BD02B Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF6C70 Relevance: 23.0, Strings: 18, Instructions: 461COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF6C60 Relevance: 12.9, Strings: 10, Instructions: 368COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01612DD1 Relevance: 2.8, Strings: 2, Instructions: 269COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF37D8 Relevance: 1.8, Strings: 1, Instructions: 596COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0161E5E0 Relevance: 1.6, Strings: 1, Instructions: 367COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF08F0 Relevance: 1.6, Strings: 1, Instructions: 346COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF37C8 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF1FD1 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF42C8 Relevance: .7, Instructions: 709COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06E34EC8 Relevance: .3, Instructions: 329COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06E3BBAB Relevance: .3, Instructions: 329COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0161F658 Relevance: .3, Instructions: 301COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF0498 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF2438 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF1730 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF3140 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF0040 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF12D8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF2CE8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF1FE0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF0E80 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF2890 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF1B88 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0161FB08 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06E3326C Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0161AA58 Relevance: .2, Instructions: 227COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF5988 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF5340 Relevance: .2, Instructions: 218COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF42B9 Relevance: .2, Instructions: 170COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF5332 Relevance: .2, Instructions: 160COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF0006 Relevance: .1, Instructions: 117COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0161E5D0 Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF1B78 Relevance: .1, Instructions: 110COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF0E70 Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF2428 Relevance: .1, Instructions: 106COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF5978 Relevance: .1, Instructions: 106COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF3130 Relevance: .1, Instructions: 105COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF12C8 Relevance: .1, Instructions: 105COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF2880 Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF0A17 Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF048B Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF1723 Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF2CD9 Relevance: .1, Instructions: 99COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0161FAF8 Relevance: .1, Instructions: 99COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF0A28 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 05BF8875 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|