Windows
Analysis Report
SOA-injazfe-10424.vbs
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- wscript.exe (PID: 6296 cmdline:
C:\Windows \System32\ WScript.ex e "C:\User s\user\Des ktop\SOA-i njazfe-104 24.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80) - WindowsApp.exe (PID: 1204 cmdline:
"C:\Users\ user~1\App Data\Local \Temp\Wind owsApp.exe " MD5: 0C3A47BC813554D40583861DDCDE06B8) - schtasks.exe (PID: 3452 cmdline:
"C:\Window s\System32 \schtasks. exe" /crea te /f /sc minute /mo 1 /tn "ta sk" /tr "C :\Users\us er\AppData \Roaming\t ask.exe" MD5: 76CD6626DD8834BD4A42E6A565104DC2) - conhost.exe (PID: 6912 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - WerFault.exe (PID: 8092 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 1 204 -s 330 4 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
- task.exe (PID: 7172 cmdline:
C:\Users\u ser\AppDat a\Roaming\ task.exe MD5: 0C3A47BC813554D40583861DDCDE06B8)
- task.exe (PID: 7352 cmdline:
"C:\Users\ user\AppDa ta\Roaming \task.exe" MD5: 0C3A47BC813554D40583861DDCDE06B8)
- task.exe (PID: 7480 cmdline:
C:\Users\u ser\AppDat a\Roaming\ task.exe MD5: 0C3A47BC813554D40583861DDCDE06B8)
- task.exe (PID: 7532 cmdline:
"C:\Users\ user\AppDa ta\Roaming \task.exe" MD5: 0C3A47BC813554D40583861DDCDE06B8)
- task.exe (PID: 7912 cmdline:
C:\Users\u ser\AppDat a\Roaming\ task.exe MD5: 0C3A47BC813554D40583861DDCDE06B8)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
XWorm | Malware with wide range of capabilities ranging from RAT to ransomware. | No Attribution |
{"C2 url": ["isika.ddns.net"], "Port": "7000", "Aes key": "<Xwormmm>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.2", "Telegram URL": "https://api.telegram.org/bot7048705146:AAEWMpbRl0e1tLVdgRabv3lMkCrjbYtiS70/sendMessage?chat_id=7062075018"}
{"C2 url": "https://api.telegram.org/bot7048705146:AAEWMpbRl0e1tLVdgRabv3lMkCrjbYtiS70/sendMessage"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm_1 | Yara detected XWorm | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
Click to see the 31 entries |
System Summary |
---|
Source: | Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: |
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Source: | Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: frack113, Nasreddine Bencherchali: |
Source: | Author: Michael Haag: |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-06T16:45:11.941778+0200 | 2853685 | 1 | A Network Trojan was detected | 192.168.2.7 | 49701 | 149.154.167.220 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-06T16:46:25.707078+0200 | 2853193 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49621 | 45.88.91.147 | 7000 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira: | ||
Source: | Avira: |
Source: | Malware Configuration Extractor: | ||
Source: | Malware Configuration Extractor: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 7_2_00007FFAAC4E7EDD | |
Source: | Code function: | 7_2_00007FFAAC4E3799 | |
Source: | Code function: | 7_2_00007FFAAC4E9D77 | |
Source: | Code function: | 7_2_00007FFAAC4E07E8 | |
Source: | Code function: | 7_2_00007FFAAC4E0235 |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: |
Source: | Initial file: |
Source: | DNS query: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | DNS query: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Window created: | Jump to behavior |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | COM Object queried: | Jump to behavior | ||
Source: | COM Object queried: | Jump to behavior |
Source: | Process Stats: |
Source: | Code function: | 7_2_00007FFAAC4DEDF6 | |
Source: | Code function: | 7_2_00007FFAAC4DDF5A | |
Source: | Code function: | 7_2_00007FFAAC4DF3B2 | |
Source: | Code function: | 7_2_00007FFAAC4D85D8 | |
Source: | Code function: | 7_2_00007FFAAC4DD7DD | |
Source: | Code function: | 7_2_00007FFAAC4E51A1 | |
Source: | Code function: | 7_2_00007FFAAC4D18CB | |
Source: | Code function: | 7_2_00007FFAAC4CFE79 | |
Source: | Code function: | 7_2_00007FFAAC4D1924 | |
Source: | Code function: | 7_2_00007FFAAC4D11A9 | |
Source: | Code function: | 16_2_00007FFAAC4C07C5 |
Source: | Initial sample: |
Source: | Process created: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Process created: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | LNK file: |
Source: | File opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | Anti Malware Scan Interface: |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 7_2_00007FFAAC4E97C1 | |
Source: | Code function: | 7_2_00007FFAAC4D5929 | |
Source: | Code function: | 7_2_00007FFAAC4E7484 | |
Source: | Code function: | 7_2_00007FFAAC4C00C1 | |
Source: | Code function: | 12_2_00BDC931 | |
Source: | Code function: | 12_2_00007FFAAC4B3D86 | |
Source: | Code function: | 14_2_00007FFAAC4A3D86 | |
Source: | Code function: | 15_2_00007FFAAC4D00C1 | |
Source: | Code function: | 15_2_00007FFAAC4D3D86 | |
Source: | Code function: | 16_2_00007FFAAC4C00C1 | |
Source: | Code function: | 16_2_00007FFAAC4C3D86 | |
Source: | Code function: | 20_2_00007FFAAC4C00C1 | |
Source: | Code function: | 20_2_00007FFAAC4D5929 | |
Source: | Code function: | 20_2_00007FFAAC4D7A42 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | Process created: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Malware Analysis System Evasion |
---|
Source: | HTTP traffic detected: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Binary or memory string: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | Last function: |
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Anti Debugging |
---|
Source: | Code function: | 7_2_00007FFAAC4E07E8 |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | File created: | Jump to dropped file |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 221 Scripting | Valid Accounts | 12 Windows Management Instrumentation | 221 Scripting | 1 DLL Side-Loading | 1 Disable or Modify Tools | 1 Input Capture | 1 File and Directory Discovery | Remote Services | 11 Archive Collected Data | 1 Web Service | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Exploitation for Client Execution | 1 DLL Side-Loading | 12 Process Injection | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 23 System Information Discovery | Remote Desktop Protocol | 1 Input Capture | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 1 Scheduled Task/Job | 1 Scheduled Task/Job | 1 Scheduled Task/Job | 4 Obfuscated Files or Information | Security Account Manager | 441 Security Software Discovery | SMB/Windows Admin Shares | 1 Clipboard Data | 11 Encrypted Channel | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | 21 Registry Run Keys / Startup Folder | 21 Registry Run Keys / Startup Folder | 12 Software Packing | NTDS | 2 Process Discovery | Distributed Component Object Model | Input Capture | 1 Non-Standard Port | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 151 Virtualization/Sandbox Evasion | SSH | Keylogging | 2 Non-Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Masquerading | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | 23 Application Layer Protocol | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 151 Virtualization/Sandbox Evasion | DCSync | 1 System Network Configuration Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 12 Process Injection | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
11% | ReversingLabs | Document-HTML.Hacktool.Heuristic | ||
100% | Avira | HTML/ExpKit.Gen2 |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Dropper.Gen | ||
100% | Avira | TR/Dropper.Gen | ||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
isika.ddns.net | 45.88.91.147 | true | true | unknown | |
ip-api.com | 208.95.112.1 | true | true | unknown | |
api.telegram.org | 149.154.167.220 | true | true | unknown | |
198.187.3.20.in-addr.arpa | unknown | unknown | true | unknown | |
50.23.12.20.in-addr.arpa | unknown | unknown | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown | ||
true | unknown | ||
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true | unknown | |||
false |
| unknown | ||
true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
208.95.112.1 | ip-api.com | United States | 53334 | TUT-ASUS | true | |
149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | true | |
45.88.91.147 | isika.ddns.net | Bulgaria | 10753 | LVLT-10753US | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1526836 |
Start date and time: | 2024-10-06 16:44:07 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 45s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 26 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | SOA-injazfe-10424.vbs |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winVBS@12/9@6/3 |
EGA Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.189.173.22
- Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: SOA-injazfe-10424.vbs
Time | Type | Description |
---|---|---|
10:45:09 | API Interceptor | |
12:21:43 | API Interceptor | |
16:45:09 | Autostart | |
16:45:10 | Task Scheduler | |
16:45:18 | Autostart | |
18:20:11 | Autostart |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
208.95.112.1 | Get hash | malicious | WhiteSnake Stealer | Browse |
| |
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | DCRat | Browse |
| ||
Get hash | malicious | Blank Grabber | Browse |
| ||
Get hash | malicious | Blank Grabber | Browse |
| ||
Get hash | malicious | Blank Grabber | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Blank Grabber | Browse |
| ||
Get hash | malicious | WSHRAT | Browse |
| ||
Get hash | malicious | Xehook Stealer | Browse |
| ||
149.154.167.220 | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | WhiteSnake Stealer | Browse | |||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | Blank Grabber | Browse | |||
Get hash | malicious | Blank Grabber | Browse | |||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ip-api.com | Get hash | malicious | WhiteSnake Stealer | Browse |
| |
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | DCRat | Browse |
| ||
Get hash | malicious | Blank Grabber | Browse |
| ||
Get hash | malicious | Blank Grabber | Browse |
| ||
Get hash | malicious | Blank Grabber | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Blank Grabber | Browse |
| ||
Get hash | malicious | WSHRAT | Browse |
| ||
Get hash | malicious | Xehook Stealer | Browse |
| ||
api.telegram.org | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | WhiteSnake Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Blank Grabber | Browse |
| ||
Get hash | malicious | Blank Grabber | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
TELEGRAMRU | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Porn Scam | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | WhiteSnake Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Blank Grabber | Browse |
| ||
LVLT-10753US | Get hash | malicious | XWorm | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
TUT-ASUS | Get hash | malicious | WhiteSnake Stealer | Browse |
| |
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | DCRat | Browse |
| ||
Get hash | malicious | Blank Grabber | Browse |
| ||
Get hash | malicious | Blank Grabber | Browse |
| ||
Get hash | malicious | Blank Grabber | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Blank Grabber | Browse |
| ||
Get hash | malicious | WSHRAT | Browse |
| ||
Get hash | malicious | Xehook Stealer | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_WindowsApp.exe_35e67699cba98b9d4552eb86ecf816a67b210_275cf164_57c4a53a-0b6e-4f30-8b26-70b835a78d94\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.4596810633484414 |
Encrypted: | false |
SSDEEP: | 192:xXWGc6cGxAD0nk1IHYaW4UrZjC6lUCGwezuiFVZ24lO8L6q:hW16Tnk1vaQtjtUkezuiFVY4lO8O |
MD5: | A81209B884B5862BB4647DC4374F0468 |
SHA1: | CFCB4A13F97DB3C620841C2EF44DBF8C5C592FBB |
SHA-256: | 2EEA8D89114BBF48C49533FEE65246019B30BCB2CCCEF3D2AD24C60D918FC50C |
SHA-512: | 09BAC851CC4CDB4D6110BC78AFC22BA4F689BAFD6CEAA3B4D167C97818F0AF16FBEF9EE7394E1B7C3E33BA8C6E708D5C2254536D185004AAB8789042D6CE4696 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 822832 |
Entropy (8bit): | 2.966052473583583 |
Encrypted: | false |
SSDEEP: | 6144:X/dSfWY6n+01TzC/Lqm54L3QQALoLTJe:vdrYo6/LqmyQQALwTJ |
MD5: | 35D2712CDEBDDCAD479D5F2C91232901 |
SHA1: | 4C83596CE20502B756954F667381BEA49C5AE65A |
SHA-256: | 0E4ECAEAF9DE875AC96C30C25F2F6000D6990A6BB9A3186C56920E565AD1C9B1 |
SHA-512: | DE7F02E0347DBC2A7A645A2B0A262C53D49483021DC71AF4A6BFA7E46ED1C04577CA874A8271A2655D2B8CFE620D32E126E92908135711C45C3AB6346B40472B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9136 |
Entropy (8bit): | 3.70159299089223 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJxeHX86Y6QriargmfZC76prL89baQr/if4em:R6lXJIs6Y9riargmfM7a0/if4 |
MD5: | 966A26FA4FD70ACDB67ACD8A7286FCCD |
SHA1: | DDE24149314465B315073AEB45766F57C6A42B3D |
SHA-256: | A80E03C7600DA4CE6FB154F115268E0B44C9D907BD115B011BA854ED87CCEA64 |
SHA-512: | 87F3B4D1A6BC9B416D5DE0CDC7A0FABBA93CCC6ED9342240059B762A520A1D52A0E588F6DCC27F43E01EBC63BF6E48C41F64BE50DE9E5F4A6247973F4696A3CD |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4772 |
Entropy (8bit): | 4.443261669916678 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsvJg771I9C9WpW8VYYYm8M4J/3F4yq8vNeAHP2BZd:uIjfRI7tM7VIJ6W1HP2BZd |
MD5: | 6257EAB639236028324D5A1517477509 |
SHA1: | E962DE70803B8DB8AF82F25783F9FECF4FCA648C |
SHA-256: | 9AD766448D5452CCA8C55C911A4B1099652C4692F2C8EA5779023426E0053399 |
SHA-512: | 0F0872CF8724807C4CD638E6CBA1B33872A160FB5E9B08D1A5A95E1E9EA669C72AACED2A37AB8DCB12D17BE5832FA310D81CE8ECA1C824C0F03CF7C06C4D6C66 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Roaming\task.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 654 |
Entropy (8bit): | 5.380476433908377 |
Encrypted: | false |
SSDEEP: | 12:Q3La/KDLI4MWuPXcp1OKbbDLI4MWuPOKfSSI6Khap+92n4MNQp3/VXM5gXu9tv:ML9E4KQwKDE4KGKZI6Kh6+84xp3/VclT |
MD5: | 30E4BDFC34907D0E4D11152CAEBE27FA |
SHA1: | 825402D6B151041BA01C5117387228EC9B7168BF |
SHA-256: | A7B8F7FFB4822570DB1423D61ED74D7F4B538CE73521CC8745BC6B131C18BE63 |
SHA-512: | 89FBCBCDB0BE5AD7A95685CF9AA4330D5B0250440E67DC40C6642260E024F52A402E9381F534A9824D2541B98B02094178A15BF2320148432EDB0D09B5F972BA |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\WindowsApp.exe |
File Type: | |
Category: | modified |
Size (bytes): | 64 |
Entropy (8bit): | 3.6722687970803873 |
Encrypted: | false |
SSDEEP: | 3:rRSFYJKXzovNsr42VjFYJKXzovuEXn:EFYJKDoWr5FYJKDoG+n |
MD5: | DE63D53293EBACE29F3F54832D739D40 |
SHA1: | 1BC3FEF699C3C2BB7B9A9D63C7E60381263EDA7F |
SHA-256: | A86BA2FC02725E4D97799A622EB68BF2FCC6167D439484624FA2666468BBFB1B |
SHA-512: | 10AB83C81F572DBAA99441D2BFD8EC5FF1C4BA84256ACDBD24FEB30A33498B689713EBF767500DAAAD6D188A3B9DC970CF858A6896F4381CEAC1F6A74E1603D0 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\wscript.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 220160 |
Entropy (8bit): | 7.837208956478675 |
Encrypted: | false |
SSDEEP: | 6144:Ea2q0ShjvylwVJMRNKvXo1zKENuKOmFUA23:hDhj6lwmQvY1zJNuIGl3 |
MD5: | 0C3A47BC813554D40583861DDCDE06B8 |
SHA1: | 3D8E14459F4C0402A8C9DCA0F4336BFE9A9F5A5C |
SHA-256: | 27F0C4307847174E4D202AC189C9D316EE72451A0B6D5338EB6F3276D5C5ADFA |
SHA-512: | 6A049F521892AD387466616F774763A6FD522605E0E3B21D6B18E8AFA7644D92B1DE8739F62C584AACAEC9A043383EDD340707C5CC200E5027F5583E2E85CC67 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\WindowsApp.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 751 |
Entropy (8bit): | 5.066900684635211 |
Encrypted: | false |
SSDEEP: | 12:8nbMO4HTN+2ChCi1Y//Y8LHGjAgiNHldYJUJzBmV:86Hw219naA1YJUJtm |
MD5: | C5B2FAEE5659A058EB72F76ED58097B6 |
SHA1: | 3489CC42541D3A2DBF871519A61B4BA7EB53F909 |
SHA-256: | 2617B945A4DA62FFC16A60F363A115B2711E99482B5D5CFBA6A755195EF087EA |
SHA-512: | 640C1CC090084459C5FCE8DB601EA16EE4F002CD4AE20706EFB3C8BD284D1EB34942B6AC6AB39B516A8E102DE0AE7C6FDEF6B828C1F219AB31654E5ACF4B0139 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\WindowsApp.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 220160 |
Entropy (8bit): | 7.837208956478675 |
Encrypted: | false |
SSDEEP: | 6144:Ea2q0ShjvylwVJMRNKvXo1zKENuKOmFUA23:hDhj6lwmQvY1zJNuIGl3 |
MD5: | 0C3A47BC813554D40583861DDCDE06B8 |
SHA1: | 3D8E14459F4C0402A8C9DCA0F4336BFE9A9F5A5C |
SHA-256: | 27F0C4307847174E4D202AC189C9D316EE72451A0B6D5338EB6F3276D5C5ADFA |
SHA-512: | 6A049F521892AD387466616F774763A6FD522605E0E3B21D6B18E8AFA7644D92B1DE8739F62C584AACAEC9A043383EDD340707C5CC200E5027F5583E2E85CC67 |
Malicious: | true |
Antivirus: |
|
Preview: |
File type: | |
Entropy (8bit): | 5.968728386673498 |
TrID: | |
File name: | SOA-injazfe-10424.vbs |
File size: | 294'802 bytes |
MD5: | d1d114a2cb6d4a5fcc20e0db06755948 |
SHA1: | eafdcba5d2d41934ae19628ac35675f7fce924c1 |
SHA256: | f71d04f863721491823b5ed2b83d2f30d67084025bf7ea9fc52c615ba0fd3040 |
SHA512: | 5473b2c0b0263934fcd6ac9e712b09830df32ee61a5829ab6bfed2f634044124c13ca20157f3cf6634e90fe5192f44efd07e1fef6cd649907e09b6ed9879bb8e |
SSDEEP: | 6144:4J6ej/Tyn/Jx+tJKE5FrWbd7Jq11BpXt4ag:Jm/TyCJlroU11B85 |
TLSH: | 9954BE318804BA1FCEEF2F9775141FD37CB8293BCE551428A84F49B95A68234297BF60 |
File Content Preview: | Const XML_TYPE = "MSXML2.DOMDocument"..Const ELEMENT_TYPE = "text"..Const DATA_TYPE = "bin.base64"....Dim base64EncodedString, tempFolderPath, executablePath..base64EncodedString = "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |
Icon Hash: | 68d69b8f86ab9a86 |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-06T16:45:11.941778+0200 | 2853685 | ETPRO MALWARE Win32/XWorm Checkin via Telegram | 1 | 192.168.2.7 | 49701 | 149.154.167.220 | 443 | TCP |
2024-10-06T16:45:51.394858+0200 | 2855924 | ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound | 1 | 192.168.2.7 | 49494 | 45.88.91.147 | 7000 | TCP |
2024-10-06T16:46:25.707078+0200 | 2853193 | ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound | 1 | 192.168.2.7 | 49621 | 45.88.91.147 | 7000 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 6, 2024 16:45:08.403634071 CEST | 49699 | 80 | 192.168.2.7 | 208.95.112.1 |
Oct 6, 2024 16:45:08.408487082 CEST | 80 | 49699 | 208.95.112.1 | 192.168.2.7 |
Oct 6, 2024 16:45:08.408565044 CEST | 49699 | 80 | 192.168.2.7 | 208.95.112.1 |
Oct 6, 2024 16:45:08.409285069 CEST | 49699 | 80 | 192.168.2.7 | 208.95.112.1 |
Oct 6, 2024 16:45:08.415838003 CEST | 80 | 49699 | 208.95.112.1 | 192.168.2.7 |
Oct 6, 2024 16:45:08.869294882 CEST | 80 | 49699 | 208.95.112.1 | 192.168.2.7 |
Oct 6, 2024 16:45:08.925240040 CEST | 49699 | 80 | 192.168.2.7 | 208.95.112.1 |
Oct 6, 2024 16:45:10.872031927 CEST | 49701 | 443 | 192.168.2.7 | 149.154.167.220 |
Oct 6, 2024 16:45:10.872076035 CEST | 443 | 49701 | 149.154.167.220 | 192.168.2.7 |
Oct 6, 2024 16:45:10.872181892 CEST | 49701 | 443 | 192.168.2.7 | 149.154.167.220 |
Oct 6, 2024 16:45:10.929267883 CEST | 49701 | 443 | 192.168.2.7 | 149.154.167.220 |
Oct 6, 2024 16:45:10.929284096 CEST | 443 | 49701 | 149.154.167.220 | 192.168.2.7 |
Oct 6, 2024 16:45:11.561496973 CEST | 443 | 49701 | 149.154.167.220 | 192.168.2.7 |
Oct 6, 2024 16:45:11.561616898 CEST | 49701 | 443 | 192.168.2.7 | 149.154.167.220 |
Oct 6, 2024 16:45:11.565637112 CEST | 49701 | 443 | 192.168.2.7 | 149.154.167.220 |
Oct 6, 2024 16:45:11.565649986 CEST | 443 | 49701 | 149.154.167.220 | 192.168.2.7 |
Oct 6, 2024 16:45:11.565978050 CEST | 443 | 49701 | 149.154.167.220 | 192.168.2.7 |
Oct 6, 2024 16:45:11.612472057 CEST | 49701 | 443 | 192.168.2.7 | 149.154.167.220 |
Oct 6, 2024 16:45:11.625113964 CEST | 49701 | 443 | 192.168.2.7 | 149.154.167.220 |
Oct 6, 2024 16:45:11.671406984 CEST | 443 | 49701 | 149.154.167.220 | 192.168.2.7 |
Oct 6, 2024 16:45:11.941915989 CEST | 443 | 49701 | 149.154.167.220 | 192.168.2.7 |
Oct 6, 2024 16:45:11.942095041 CEST | 443 | 49701 | 149.154.167.220 | 192.168.2.7 |
Oct 6, 2024 16:45:11.942148924 CEST | 49701 | 443 | 192.168.2.7 | 149.154.167.220 |
Oct 6, 2024 16:45:11.953571081 CEST | 49701 | 443 | 192.168.2.7 | 149.154.167.220 |
Oct 6, 2024 16:45:12.107999086 CEST | 49712 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:45:12.112803936 CEST | 7000 | 49712 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:45:12.112915039 CEST | 49712 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:45:12.161710024 CEST | 49712 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:45:12.166778088 CEST | 7000 | 49712 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:45:24.820848942 CEST | 49712 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:45:24.825754881 CEST | 7000 | 49712 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:45:33.688196898 CEST | 7000 | 49712 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:45:33.688258886 CEST | 49712 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:45:33.690486908 CEST | 7000 | 49712 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:45:33.690552950 CEST | 49712 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:45:36.987730026 CEST | 49712 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:45:36.989156961 CEST | 49494 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:45:36.993815899 CEST | 7000 | 49712 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:45:36.993999958 CEST | 7000 | 49494 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:45:36.994090080 CEST | 49494 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:45:37.010667086 CEST | 49494 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:45:37.015470982 CEST | 7000 | 49494 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:45:51.293524981 CEST | 80 | 49699 | 208.95.112.1 | 192.168.2.7 |
Oct 6, 2024 16:45:51.293623924 CEST | 49699 | 80 | 192.168.2.7 | 208.95.112.1 |
Oct 6, 2024 16:45:51.394857883 CEST | 49494 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:45:51.399817944 CEST | 7000 | 49494 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:45:58.393225908 CEST | 7000 | 49494 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:45:58.393357992 CEST | 49494 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:00.019161940 CEST | 49494 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:00.024650097 CEST | 7000 | 49494 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:00.030081987 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:00.034873962 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:00.034945965 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:00.055135012 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:00.061414957 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:09.395214081 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:09.400008917 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:09.457082033 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:09.461899042 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:09.831866980 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:09.836785078 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:10.472939968 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:10.479165077 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:10.660299063 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:10.972317934 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:11.559627056 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:11.559640884 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:11.597732067 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:11.602886915 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:11.675589085 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:11.686686039 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:11.816214085 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:11.821443081 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:12.097532988 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:12.102534056 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:12.144304991 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:12.149291039 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:12.207009077 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:12.211954117 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:13.347594023 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:13.352777004 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:13.519676924 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:13.524482965 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:13.535048962 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:13.539823055 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:13.597610950 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:13.602420092 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:13.613343000 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:13.618175030 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:13.660185099 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:13.664932013 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:13.722795963 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:13.727650881 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:13.769433022 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:13.774208069 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:13.785273075 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:13.790034056 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:13.800652981 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:13.805460930 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:13.816169024 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:13.820914030 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:13.847417116 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:13.852246046 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:13.863107920 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:13.867959976 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:13.894393921 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:13.899174929 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:13.925721884 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:13.930545092 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:14.097582102 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:14.102427959 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:14.144403934 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:14.149203062 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:14.175677061 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:14.180490017 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:14.191272020 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:14.196008921 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:14.206864119 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:14.211786985 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:14.253639936 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:14.259035110 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:14.425658941 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:14.430706024 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:15.410058022 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:15.414866924 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:15.472771883 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:15.477535963 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:15.769886017 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:15.774949074 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:16.270528078 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:16.275438070 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:16.363645077 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:16.368571043 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:16.535171986 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:16.540074110 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:17.519624949 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:17.524465084 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:18.238339901 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:18.243325949 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:18.269450903 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:18.274179935 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:18.332031965 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:18.340907097 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:18.410497904 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:18.415497065 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:19.269495010 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:19.274794102 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:19.535090923 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:19.539896965 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:19.550592899 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:19.555429935 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:19.597728968 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:19.603082895 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:19.660255909 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:19.665051937 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:19.722755909 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:19.727566957 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:19.738352060 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:19.743153095 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:19.769999981 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:19.774759054 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:19.925769091 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:19.930634975 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:19.941370964 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:19.946312904 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:20.019644976 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:20.041621923 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:20.363481045 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:20.368288994 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:20.426141977 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:20.430919886 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:21.332346916 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:21.338227034 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:21.404218912 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:21.404359102 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:24.973277092 CEST | 49620 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:24.977283001 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:24.978111029 CEST | 7000 | 49620 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:24.982543945 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:24.985399961 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:25.010416031 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:25.015376091 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:25.691560030 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:25.704611063 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:25.707077980 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:25.711939096 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:25.769673109 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:25.775032997 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:25.847702980 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:25.853466988 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:25.863259077 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:25.868233919 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:25.894587040 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:25.900224924 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:25.925945997 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:25.931020021 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:25.957415104 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:25.962321043 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:25.988487005 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:25.993299007 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:26.363759995 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:26.368663073 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:26.769610882 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:26.774374008 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:26.785490036 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:26.790543079 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:26.833281040 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:26.838069916 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:27.504065037 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:27.508976936 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:27.519922018 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:27.524967909 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:27.535407066 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:27.540544033 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:27.551031113 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:27.555882931 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:27.566678047 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:27.571687937 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:27.801244974 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:27.806144953 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:27.879061937 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:27.883898020 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:27.941531897 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:27.946593046 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:27.988168001 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:27.993021011 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:28.113754034 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:28.118685961 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:28.175817966 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:28.180701017 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:28.194955111 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:28.199809074 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:28.206949949 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:28.211888075 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:28.269608021 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:28.274529934 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:28.300888062 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:28.306242943 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:28.316525936 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:28.330074072 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:28.378827095 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:28.383955002 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:29.519812107 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:29.524754047 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:29.535470963 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:29.540242910 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:29.551101923 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:29.555905104 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:29.566625118 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:29.572099924 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:29.613445044 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:29.618324041 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:29.629132032 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:29.633941889 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:29.644776106 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:29.649581909 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:29.770066023 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:29.774889946 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:29.879599094 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:29.884402990 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:29.910541058 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:29.916834116 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:29.925714016 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:29.930478096 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:29.972771883 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:29.977688074 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:29.988358021 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:29.993097067 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:30.003992081 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:30.009017944 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:30.019534111 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:30.024291992 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:30.035038948 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:30.041352987 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:30.050759077 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:30.055607080 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:30.082268000 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:30.087524891 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:30.097779989 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:30.102663040 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:30.128998995 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:30.133804083 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:30.144511938 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:30.149312973 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:30.160002947 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:30.164812088 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:30.175694942 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:30.180584908 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:30.191428900 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:30.196325064 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:30.222836971 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:30.227823019 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:30.253936052 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:30.258898973 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:30.269449949 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:30.274504900 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:30.300736904 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:30.305664062 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:30.347754955 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:30.352605104 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:30.363219976 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:30.368335962 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:30.394372940 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:30.399255991 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:30.410228968 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:30.415254116 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:30.427090883 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:30.432174921 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:31.535526037 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:31.541023016 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:31.550961971 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:31.555963993 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:31.566426992 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:31.571592093 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:31.582071066 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:31.586884975 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:31.597631931 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:31.602603912 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:31.613430023 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:31.618329048 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:31.645018101 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:31.649890900 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:31.660279989 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:31.665195942 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:31.676147938 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:31.681071997 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:31.691766024 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:31.696892023 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:31.707453966 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:31.712428093 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:31.754869938 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:31.759962082 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:31.786252022 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:31.791423082 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:31.879231930 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:31.884679079 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:31.894768000 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:31.900414944 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:31.910243034 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:31.915419102 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:31.926331997 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:31.931312084 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:31.941912889 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:31.946862936 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:31.957513094 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:31.962342024 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:31.988929033 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:31.993838072 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:32.035321951 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:32.040303946 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:32.129532099 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:32.134479046 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:32.363344908 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:32.368205070 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:32.411540985 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:32.416538000 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:33.504067898 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:33.508929968 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:33.550941944 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:33.555771112 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:33.597882032 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:33.602811098 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:33.628988981 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:33.633846045 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:33.644941092 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:33.650165081 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:33.660254002 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:33.665096045 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:33.707393885 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:33.712764978 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:33.801009893 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:33.805836916 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:33.847696066 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:33.852495909 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:33.863301992 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:33.868252993 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:33.878834009 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:33.884071112 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:33.925976038 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:34.127327919 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:34.127394915 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:34.347904921 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:34.348026991 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:34.352881908 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:34.410151005 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:34.414978981 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:34.456993103 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:34.461786032 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:34.488171101 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:34.493279934 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:34.773312092 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:34.778239965 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:35.191541910 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:35.198278904 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:35.566880941 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:35.572072983 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:35.582456112 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:35.587923050 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:35.598033905 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:35.602879047 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:35.738504887 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:35.743307114 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:35.785689116 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:35.790823936 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:35.800925016 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:35.806324959 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:35.848009109 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:35.853224993 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:35.894834995 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:35.899683952 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:35.926346064 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:35.931200027 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:36.051032066 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:36.055953026 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:36.066482067 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:36.071976900 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:36.081967115 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:36.086850882 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:36.097682953 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:36.102529049 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:36.113398075 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:36.118288994 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:36.160140991 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:36.165033102 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:36.175769091 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:36.180594921 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:36.191397905 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:36.196727037 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:36.207097054 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:36.211878061 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:36.238387108 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:36.243870974 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:36.253966093 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:36.258832932 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:36.285167933 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:36.290443897 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:36.347768068 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:36.353710890 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:36.363285065 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:36.368191004 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:36.394509077 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:36.399302006 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:36.441457033 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:36.446258068 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:37.613728046 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:37.619216919 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:37.660486937 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:37.665255070 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:37.707164049 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:37.711911917 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:37.769716978 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:37.774477959 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:37.816534996 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:37.821968079 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:37.879290104 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:37.884057999 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:37.894757986 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:37.899975061 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:37.941641092 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:37.946598053 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:39.519505978 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:39.524497032 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:39.566495895 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:39.571620941 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:39.582407951 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:39.587272882 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:39.644656897 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:39.649692059 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:39.660167933 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:39.664992094 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:39.675900936 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:39.680869102 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:39.691401958 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:39.696346998 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:39.738279104 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:39.743417025 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:39.753982067 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:39.758984089 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:39.832151890 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:39.837197065 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:39.847681999 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:39.852646112 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:39.863414049 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:39.868359089 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:39.941365004 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:39.946540117 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:39.957005978 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:39.963712931 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:39.988591909 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:39.994080067 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:40.003912926 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:40.009494066 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:40.050754070 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:40.055938005 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:40.097980022 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:40.103027105 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:40.113347054 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:40.118176937 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:40.191622972 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:40.196621895 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:40.222711086 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:40.227699995 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:40.269767046 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:40.274879932 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:46.341461897 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:46.341594934 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:58.962460041 CEST | 49621 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:58.967073917 CEST | 49699 | 80 | 192.168.2.7 | 208.95.112.1 |
Oct 6, 2024 16:46:58.967300892 CEST | 7000 | 49621 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:58.969265938 CEST | 49633 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:58.974062920 CEST | 7000 | 49633 | 45.88.91.147 | 192.168.2.7 |
Oct 6, 2024 16:46:58.977440119 CEST | 49633 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:59.269320965 CEST | 49699 | 80 | 192.168.2.7 | 208.95.112.1 |
Oct 6, 2024 16:46:59.812827110 CEST | 49633 | 7000 | 192.168.2.7 | 45.88.91.147 |
Oct 6, 2024 16:46:59.878684998 CEST | 49699 | 80 | 192.168.2.7 | 208.95.112.1 |
Oct 6, 2024 16:47:01.081866026 CEST | 49699 | 80 | 192.168.2.7 | 208.95.112.1 |
Oct 6, 2024 16:47:03.488094091 CEST | 49699 | 80 | 192.168.2.7 | 208.95.112.1 |
Oct 6, 2024 16:47:08.300654888 CEST | 49699 | 80 | 192.168.2.7 | 208.95.112.1 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 6, 2024 16:45:08.390705109 CEST | 50600 | 53 | 192.168.2.7 | 1.1.1.1 |
Oct 6, 2024 16:45:08.397561073 CEST | 53 | 50600 | 1.1.1.1 | 192.168.2.7 |
Oct 6, 2024 16:45:10.863224983 CEST | 58417 | 53 | 192.168.2.7 | 1.1.1.1 |
Oct 6, 2024 16:45:10.870364904 CEST | 53 | 58417 | 1.1.1.1 | 192.168.2.7 |
Oct 6, 2024 16:45:12.090074062 CEST | 58975 | 53 | 192.168.2.7 | 1.1.1.1 |
Oct 6, 2024 16:45:12.099929094 CEST | 53 | 58975 | 1.1.1.1 | 192.168.2.7 |
Oct 6, 2024 16:45:35.088737011 CEST | 53 | 57273 | 162.159.36.2 | 192.168.2.7 |
Oct 6, 2024 16:45:35.589329958 CEST | 49164 | 53 | 192.168.2.7 | 1.1.1.1 |
Oct 6, 2024 16:45:35.596916914 CEST | 53 | 49164 | 1.1.1.1 | 192.168.2.7 |
Oct 6, 2024 16:45:37.329031944 CEST | 54549 | 53 | 192.168.2.7 | 1.1.1.1 |
Oct 6, 2024 16:45:37.336631060 CEST | 53 | 54549 | 1.1.1.1 | 192.168.2.7 |
Oct 6, 2024 16:46:00.020689011 CEST | 61202 | 53 | 192.168.2.7 | 1.1.1.1 |
Oct 6, 2024 16:46:00.029333115 CEST | 53 | 61202 | 1.1.1.1 | 192.168.2.7 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 6, 2024 16:45:08.390705109 CEST | 192.168.2.7 | 1.1.1.1 | 0x2bd1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 6, 2024 16:45:10.863224983 CEST | 192.168.2.7 | 1.1.1.1 | 0x8ee | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 6, 2024 16:45:12.090074062 CEST | 192.168.2.7 | 1.1.1.1 | 0xa937 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 6, 2024 16:45:35.589329958 CEST | 192.168.2.7 | 1.1.1.1 | 0x66aa | Standard query (0) | PTR (Pointer record) | IN (0x0001) | false | |
Oct 6, 2024 16:45:37.329031944 CEST | 192.168.2.7 | 1.1.1.1 | 0x3a79 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | false | |
Oct 6, 2024 16:46:00.020689011 CEST | 192.168.2.7 | 1.1.1.1 | 0xafa7 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 6, 2024 16:45:08.397561073 CEST | 1.1.1.1 | 192.168.2.7 | 0x2bd1 | No error (0) | 208.95.112.1 | A (IP address) | IN (0x0001) | false | ||
Oct 6, 2024 16:45:10.870364904 CEST | 1.1.1.1 | 192.168.2.7 | 0x8ee | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false | ||
Oct 6, 2024 16:45:12.099929094 CEST | 1.1.1.1 | 192.168.2.7 | 0xa937 | No error (0) | 45.88.91.147 | A (IP address) | IN (0x0001) | false | ||
Oct 6, 2024 16:45:35.596916914 CEST | 1.1.1.1 | 192.168.2.7 | 0x66aa | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | false | |
Oct 6, 2024 16:45:37.336631060 CEST | 1.1.1.1 | 192.168.2.7 | 0x3a79 | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | false | |
Oct 6, 2024 16:46:00.029333115 CEST | 1.1.1.1 | 192.168.2.7 | 0xafa7 | No error (0) | 45.88.91.147 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.7 | 49699 | 208.95.112.1 | 80 | 1204 | C:\Users\user\AppData\Local\Temp\WindowsApp.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 6, 2024 16:45:08.409285069 CEST | 80 | OUT | |
Oct 6, 2024 16:45:08.869294882 CEST | 175 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.7 | 49701 | 149.154.167.220 | 443 | 1204 | C:\Users\user\AppData\Local\Temp\WindowsApp.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-06 14:45:11 UTC | 453 | OUT | |
2024-10-06 14:45:11 UTC | 388 | IN | |
2024-10-06 14:45:11 UTC | 441 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 2 |
Start time: | 10:45:02 |
Start date: | 06/10/2024 |
Path: | C:\Windows\System32\wscript.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff72c240000 |
File size: | 170'496 bytes |
MD5 hash: | A47CBE969EA935BDD3AB568BB126BC80 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 10:45:02 |
Start date: | 06/10/2024 |
Path: | C:\Users\user\AppData\Local\Temp\WindowsApp.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x200000 |
File size: | 220'160 bytes |
MD5 hash: | 0C3A47BC813554D40583861DDCDE06B8 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 10 |
Start time: | 10:45:09 |
Start date: | 06/10/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff68a8a0000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 11 |
Start time: | 10:45:09 |
Start date: | 06/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff75da10000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 12 |
Start time: | 10:45:10 |
Start date: | 06/10/2024 |
Path: | C:\Users\user\AppData\Roaming\task.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xbb0000 |
File size: | 220'160 bytes |
MD5 hash: | 0C3A47BC813554D40583861DDCDE06B8 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 14 |
Start time: | 10:45:18 |
Start date: | 06/10/2024 |
Path: | C:\Users\user\AppData\Roaming\task.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xdf0000 |
File size: | 220'160 bytes |
MD5 hash: | 0C3A47BC813554D40583861DDCDE06B8 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 15 |
Start time: | 12:20:07 |
Start date: | 06/10/2024 |
Path: | C:\Users\user\AppData\Roaming\task.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x9c0000 |
File size: | 220'160 bytes |
MD5 hash: | 0C3A47BC813554D40583861DDCDE06B8 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 16 |
Start time: | 12:20:11 |
Start date: | 06/10/2024 |
Path: | C:\Users\user\AppData\Roaming\task.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x40000 |
File size: | 220'160 bytes |
MD5 hash: | 0C3A47BC813554D40583861DDCDE06B8 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 20 |
Start time: | 12:21:00 |
Start date: | 06/10/2024 |
Path: | C:\Users\user\AppData\Roaming\task.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xef0000 |
File size: | 220'160 bytes |
MD5 hash: | 0C3A47BC813554D40583861DDCDE06B8 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 23 |
Start time: | 12:21:24 |
Start date: | 06/10/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74efc0000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 11.8% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 66.7% |
Total number of Nodes: | 9 |
Total number of Limit Nodes: | 0 |
Graph
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4DDF5A Relevance: .7, Instructions: 704COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4DF3B2 Relevance: .7, Instructions: 678COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4DEDF6 Relevance: .5, Instructions: 482COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4E9D77 Relevance: .3, Instructions: 282COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4E7EDD Relevance: .3, Instructions: 255COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4D18CB Relevance: .2, Instructions: 169COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4D1924 Relevance: .2, Instructions: 150COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4CFE79 Relevance: .1, Instructions: 98COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4C48F3 Relevance: .3, Instructions: 259COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4C07C5 Relevance: .1, Instructions: 113COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4C2F62 Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4C2079 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4C6DDE Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4C0C96 Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4DD7DD Relevance: .6, Instructions: 615COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4D85D8 Relevance: .3, Instructions: 294COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4E51A1 Relevance: .2, Instructions: 189COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 18.9% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 39 |
Total number of Limit Nodes: | 3 |
Graph
Function 00007FFAAC4B045B Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 371COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4B06F5 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 322memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4B04BD Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 273COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 20.1% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 42 |
Total number of Limit Nodes: | 6 |
Graph
Function 00007FFAAC4A045B Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 370COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4A06F5 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 324memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4A04BD Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 273COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 17.9% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 3 |
Total number of Limit Nodes: | 0 |
Graph
Function 00007FFAAC4D06F5 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 229COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 18.3% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 51 |
Total number of Limit Nodes: | 7 |
Graph
Function 00007FFAAC4C045B Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 371COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4C04BD Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 273COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 8.7% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 3 |
Total number of Limit Nodes: | 0 |
Graph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4D7135 Relevance: .6, Instructions: 603COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4D71B8 Relevance: .5, Instructions: 479COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4C48F3 Relevance: .3, Instructions: 259COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4D7130 Relevance: .2, Instructions: 193COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4D0E13 Relevance: .2, Instructions: 192COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4D6978 Relevance: .1, Instructions: 118COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4C07C5 Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4D7689 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4D67CE Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4D78FB Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4C2F62 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4D43FB Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4D0D7C Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4D41C4 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4D67A8 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4C2F91 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4D4265 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4D78C6 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4D0696 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4D655E Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4D0CBB Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4C6DDE Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4D42F5 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4D435B Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4D4322 Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC4C0C96 Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|