Windows
Analysis Report
z1E-catalogSamples.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- z1E-catalogSamples.exe (PID: 4856 cmdline:
"C:\Users\ user\Deskt op\z1E-cat alogSample s.exe" MD5: 2D9DFDB275D38155CBA293DC619430FA) - powershell.exe (PID: 2780 cmdline:
"C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" Add-MpPref erence -Ex clusionPat h "C:\User s\user\App Data\Roami ng\vZkoWbo l.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC) - conhost.exe (PID: 3868 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - schtasks.exe (PID: 3496 cmdline:
"C:\Window s\System32 \schtasks. exe" /Crea te /TN "Up dates\vZko Wbol" /XML "C:\Users \user\AppD ata\Local\ Temp\tmp92 44.tmp" MD5: 48C2FE20575769DE916F48EF0676A965) - conhost.exe (PID: 2640 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - WmiPrvSE.exe (PID: 3496 cmdline:
C:\Windows \system32\ wbem\wmipr vse.exe -s ecured -Em bedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51) - z1E-catalogSamples.exe (PID: 3472 cmdline:
"C:\Users\ user\Deskt op\z1E-cat alogSample s.exe" MD5: 2D9DFDB275D38155CBA293DC619430FA)
- vZkoWbol.exe (PID: 6460 cmdline:
C:\Users\u ser\AppDat a\Roaming\ vZkoWbol.e xe MD5: 2D9DFDB275D38155CBA293DC619430FA) - schtasks.exe (PID: 7272 cmdline:
"C:\Window s\System32 \schtasks. exe" /Crea te /TN "Up dates\vZko Wbol" /XML "C:\Users \user\AppD ata\Local\ Temp\tmpA1 D5.tmp" MD5: 48C2FE20575769DE916F48EF0676A965) - conhost.exe (PID: 7280 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - vZkoWbol.exe (PID: 7316 cmdline:
"C:\Users\ user\AppDa ta\Roaming \vZkoWbol. exe" MD5: 2D9DFDB275D38155CBA293DC619430FA) - vZkoWbol.exe (PID: 7324 cmdline:
"C:\Users\ user\AppDa ta\Roaming \vZkoWbol. exe" MD5: 2D9DFDB275D38155CBA293DC619430FA)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Agent Tesla, AgentTesla | A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel. |
{"C2 url": "https://api.telegram.org/bot7177134832:AAFZbBRZvrMTexyCCRWrTRyGHf8Nct0rg7g/sendMessage"}
{"Exfil Mode": "Telegram", "Telegram Url": "https://api.telegram.org/bot7177134832:AAFZbBRZvrMTexyCCRWrTRyGHf8Nct0rg7g/sendMessage?chat_id=1210558492"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
Click to see the 24 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID | Detects executables referencing Windows vault credential objects. Observed in infostealers | ditekSHen |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 29 entries |
System Summary |
---|
Source: | Author: Florian Roth (Nextron Systems), Tim Shelton: |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Persistence and Installation Behavior |
---|
Source: | Author: Joe Security: |
Timestamp: | 04/19/24-19:33:10.146400 |
SID: | 2851779 |
Source Port: | 49708 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-19:33:06.739874 |
SID: | 2851779 |
Source Port: | 49706 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: | ||
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 7_2_0663AB8C |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | File source: | ||
Source: | File source: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Windows user hook set: | Jump to behavior | ||
Source: | Windows user hook set: |
Source: | Window created: | Jump to behavior | ||
Source: | Window created: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Large array initialization: |
Source: | Code function: | 0_2_065B0040 | |
Source: | Code function: | 0_2_01619BF0 | |
Source: | Code function: | 0_2_0161E368 | |
Source: | Code function: | 6_2_0304A150 | |
Source: | Code function: | 6_2_03044178 | |
Source: | Code function: | 6_2_0304E0E1 | |
Source: | Code function: | 6_2_03044A48 | |
Source: | Code function: | 6_2_0304A9E0 | |
Source: | Code function: | 6_2_03043E30 | |
Source: | Code function: | 6_2_0304DC68 | |
Source: | Code function: | 6_2_06CD8B8C | |
Source: | Code function: | 6_2_06CD1BA8 | |
Source: | Code function: | 6_2_06CD1BA3 | |
Source: | Code function: | 6_2_06CE65C8 | |
Source: | Code function: | 6_2_06CE55A8 | |
Source: | Code function: | 6_2_06CEB2B9 | |
Source: | Code function: | 6_2_06CE2350 | |
Source: | Code function: | 6_2_06CEC168 | |
Source: | Code function: | 6_2_06CE7D60 | |
Source: | Code function: | 6_2_06CE7680 | |
Source: | Code function: | 6_2_06CEE388 | |
Source: | Code function: | 6_2_06CE0040 | |
Source: | Code function: | 6_2_06CE0006 | |
Source: | Code function: | 6_2_06CE5CC8 | |
Source: | Code function: | 6_2_06CE0342 | |
Source: | Code function: | 7_2_0312E368 | |
Source: | Code function: | 7_2_0663A5C8 | |
Source: | Code function: | 7_2_06634448 | |
Source: | Code function: | 7_2_06634431 | |
Source: | Code function: | 7_2_066364A7 | |
Source: | Code function: | 7_2_066364B8 | |
Source: | Code function: | 7_2_06634CB6 | |
Source: | Code function: | 7_2_06634CB8 | |
Source: | Code function: | 7_2_066368E0 | |
Source: | Code function: | 7_2_066368F0 | |
Source: | Code function: | 7_2_06634880 | |
Source: | Code function: | 12_2_013D4178 | |
Source: | Code function: | 12_2_013DE0E1 | |
Source: | Code function: | 12_2_013DD950 | |
Source: | Code function: | 12_2_013D4A48 | |
Source: | Code function: | 12_2_013D3E30 | |
Source: | Code function: | 12_2_06D48B8C | |
Source: | Code function: | 12_2_06D41BA3 | |
Source: | Code function: | 12_2_06D41BA8 | |
Source: | Code function: | 12_2_06D565C8 | |
Source: | Code function: | 12_2_06D555A8 | |
Source: | Code function: | 12_2_06D5B2B9 | |
Source: | Code function: | 12_2_06D53070 | |
Source: | Code function: | 12_2_06D5C168 | |
Source: | Code function: | 12_2_06D57D60 | |
Source: | Code function: | 12_2_06D57680 | |
Source: | Code function: | 12_2_06D5E388 | |
Source: | Code function: | 12_2_06D52342 | |
Source: | Code function: | 12_2_06D50040 | |
Source: | Code function: | 12_2_06D55CB7 | |
Source: | Code function: | 12_2_06D50006 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: |
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | .Net Code: |
Source: | Code function: | 6_2_03040CC2 | |
Source: | Code function: | 6_2_03040C3A | |
Source: | Code function: | 7_2_066304E7 | |
Source: | Code function: | 12_2_013D0CC2 | |
Source: | Code function: | 12_2_06D46EE0 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | Process created: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Registry key monitored for changes: | Jump to behavior | ||
Source: | Registry key monitored for changes: | Jump to behavior | ||
Source: | Registry key monitored for changes: | |||
Source: | Registry key monitored for changes: | |||
Source: | Registry key monitored for changes: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Malware Analysis System Evasion |
---|
Source: | File source: | ||
Source: | File source: |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | |||
Source: | Memory allocated: | |||
Source: | Memory allocated: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | |||
Source: | Window / User API: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: | |||
Source: | Thread delayed: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | File opened: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | File opened: | |||
Source: | File opened: | |||
Source: | Key opened: | |||
Source: | Key opened: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 121 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 11 Disable or Modify Tools | 2 OS Credential Dumping | 1 File and Directory Discovery | Remote Services | 11 Archive Collected Data | 1 Web Service | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Scheduled Task/Job | 1 Scheduled Task/Job | 111 Process Injection | 1 Deobfuscate/Decode Files or Information | 21 Input Capture | 24 System Information Discovery | Remote Desktop Protocol | 2 Data from Local System | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Scheduled Task/Job | 3 Obfuscated Files or Information | 1 Credentials in Registry | 1 Query Registry | SMB/Windows Admin Shares | 1 Email Collection | 11 Encrypted Channel | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 12 Software Packing | NTDS | 211 Security Software Discovery | Distributed Component Object Model | 21 Input Capture | 3 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 1 Process Discovery | SSH | 1 Clipboard Data | 14 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Masquerading | Cached Domain Credentials | 141 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 141 Virtualization/Sandbox Evasion | DCSync | 1 Application Window Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 111 Process Injection | Proc Filesystem | 1 System Network Configuration Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
71% | ReversingLabs | ByteCode-MSIL.Trojan.LokiBot | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
71% | ReversingLabs | ByteCode-MSIL.Trojan.LokiBot |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
api.ipify.org | 104.26.12.205 | true | false | high | |
api.telegram.org | 149.154.167.220 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
104.26.12.205 | api.ipify.org | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428897 |
Start date and time: | 2024-04-19 19:32:08 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 10m 42s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 15 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | z1E-catalogSamples.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@18/11@3/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target z1E-catalogSamples.exe, PID 4856 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- VT rate limit hit for: z1E-catalogSamples.exe
Time | Type | Description |
---|---|---|
19:33:01 | API Interceptor | |
19:33:03 | API Interceptor | |
19:33:04 | Task Scheduler | |
19:33:05 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
149.154.167.220 | Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | DanaBot | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | DCRat | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
104.26.12.205 | Get hash | malicious | Stealit | Browse |
| |
Get hash | malicious | Bunny Loader | Browse |
| ||
Get hash | malicious | Remcos | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
api.ipify.org | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | CredGrabber, Meduza Stealer, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Mint Stealer | Browse |
| ||
Get hash | malicious | Mint Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
api.telegram.org | Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | DanaBot | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | DCRat | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
TELEGRAMRU | Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | DanaBot | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | DCRat | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | PureLog Stealer, XWorm | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Process: | C:\Users\user\AppData\Roaming\vZkoWbol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1415 |
Entropy (8bit): | 5.352427679901606 |
Encrypted: | false |
SSDEEP: | 24:ML9E4KlKDE4KhKiKhPE4KMRbE4Kx1qE4qXKIE4oKNzKoZAE4Kze0E4x84j:MxHKlYHKh3oPHKMRbHKx1qHitHo6hAH4 |
MD5: | DE3D940E8A9B37DFC59B7160768581E1 |
SHA1: | BEBDEF8AD46E49F69824A37D87AC578DAA8721A6 |
SHA-256: | EF96DE13E112BE8682DDAFA535A2C22C98EBE65390BC43A435D35F92802EB905 |
SHA-512: | 68490DAE1E337E3A8A2D78CFB9EE5099A468EFBB9AB1E582E351A669A65B0233A4A354420F2CD7E235993A9CA166126A035E3DF24213FFC4ADE6C0714DD7AF56 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\z1E-catalogSamples.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1415 |
Entropy (8bit): | 5.352427679901606 |
Encrypted: | false |
SSDEEP: | 24:ML9E4KlKDE4KhKiKhPE4KMRbE4Kx1qE4qXKIE4oKNzKoZAE4Kze0E4x84j:MxHKlYHKh3oPHKMRbHKx1qHitHo6hAH4 |
MD5: | DE3D940E8A9B37DFC59B7160768581E1 |
SHA1: | BEBDEF8AD46E49F69824A37D87AC578DAA8721A6 |
SHA-256: | EF96DE13E112BE8682DDAFA535A2C22C98EBE65390BC43A435D35F92802EB905 |
SHA-512: | 68490DAE1E337E3A8A2D78CFB9EE5099A468EFBB9AB1E582E351A669A65B0233A4A354420F2CD7E235993A9CA166126A035E3DF24213FFC4ADE6C0714DD7AF56 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Download File
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2232 |
Entropy (8bit): | 5.380805901110357 |
Encrypted: | false |
SSDEEP: | 48:lylWSU4y4RQmFoUeWmfgZ9tK8NPZHUm7u1iMuge//ZPUyNs:lGLHyIFKL3IZ2KRH9Ougks |
MD5: | E2041D8B64796610583A0818907F6010 |
SHA1: | FB12EA7BC43EFD4EFB0F8517EF2B28DB37B63773 |
SHA-256: | B385BC696645A7AE27DAE1DE0C6F737C14BC9266E7465E366B7A59B376E7B68A |
SHA-512: | 95617EA8A038226E0DA45FDB21A1EC59BA855A57B696CF018AC4CED51088D04A58B6A24F55ADFC81B8EBD73841D282D3A12D851FA90309B8681F1CF0FE9AB108 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\z1E-catalogSamples.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1581 |
Entropy (8bit): | 5.101676095819727 |
Encrypted: | false |
SSDEEP: | 24:2di4+S2qhlZ1Muy1my3UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtn+xvn:cgergYrFdOFzOzN33ODOiDdKrsuTyv |
MD5: | 21B54999DABB8081011508222A9917C6 |
SHA1: | 1590369EA20195EA675500978662103CC3F34DF0 |
SHA-256: | 2FE3120B86569FC556C35CB00843C6B7BF62371A8ADB1B635EAAEF4C24A6C5B2 |
SHA-512: | CE14D9DC289E262963BB65F53E00DFAB663F1FDF513CF359C5E50B8F9C25A9DA8F0323ED96F4332DA85940D8E3C6543E00282D9CD51B206DDA0E9C6E5F64540A |
Malicious: | true |
Preview: |
Process: | C:\Users\user\AppData\Roaming\vZkoWbol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1581 |
Entropy (8bit): | 5.101676095819727 |
Encrypted: | false |
SSDEEP: | 24:2di4+S2qhlZ1Muy1my3UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtn+xvn:cgergYrFdOFzOzN33ODOiDdKrsuTyv |
MD5: | 21B54999DABB8081011508222A9917C6 |
SHA1: | 1590369EA20195EA675500978662103CC3F34DF0 |
SHA-256: | 2FE3120B86569FC556C35CB00843C6B7BF62371A8ADB1B635EAAEF4C24A6C5B2 |
SHA-512: | CE14D9DC289E262963BB65F53E00DFAB663F1FDF513CF359C5E50B8F9C25A9DA8F0323ED96F4332DA85940D8E3C6543E00282D9CD51B206DDA0E9C6E5F64540A |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\z1E-catalogSamples.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 704512 |
Entropy (8bit): | 7.9093549080558665 |
Encrypted: | false |
SSDEEP: | 12288:p+DOcsEdTxCGyzEcO8EupwU8VqZ33ojcXuh54OrTu94PvI2BNURvbrOj6uX:pST1eEcBEHqZc8O6+Pv+X3uX |
MD5: | 2D9DFDB275D38155CBA293DC619430FA |
SHA1: | 523F6A7040F3B330E708A3E84D48A18BDCD77110 |
SHA-256: | 9BF25EBE467E570FC91E2003B17061C765FCB54B6D505A7DB43263981504FA5F |
SHA-512: | B1809D426F7C9AE847E33BB0FB935194A9CFA098CF36F664DEAF8BD6B95A414F0FC0085EFBCB79272DAF7FDF45735E8841F1BD5102421AD276B5A784B5742C44 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\z1E-catalogSamples.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.9093549080558665 |
TrID: |
|
File name: | z1E-catalogSamples.exe |
File size: | 704'512 bytes |
MD5: | 2d9dfdb275d38155cba293dc619430fa |
SHA1: | 523f6a7040f3b330e708a3e84d48a18bdcd77110 |
SHA256: | 9bf25ebe467e570fc91e2003b17061c765fcb54b6d505a7db43263981504fa5f |
SHA512: | b1809d426f7c9ae847e33bb0fb935194a9cfa098cf36f664deaf8bd6b95a414f0fc0085efbcb79272daf7fdf45735e8841f1bd5102421ad276b5a784b5742c44 |
SSDEEP: | 12288:p+DOcsEdTxCGyzEcO8EupwU8VqZ33ojcXuh54OrTu94PvI2BNURvbrOj6uX:pST1eEcBEHqZc8O6+Pv+X3uX |
TLSH: | 6DE4230CAFE98E51C2AD07BED06394991B35D392E007FB066ED094EE1D537A2D1C5BA3 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../..f................................. ........@.. ....................... ............@................................ |
Icon Hash: | 9931c5b98687b385 |
Entrypoint: | 0x4ac4fe |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x661F0F2F [Tue Apr 16 23:52:15 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xac4b0 | 0x4b | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xae000 | 0x1600 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xb0000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0xaa504 | 0xaa600 | efc8e9a18a1893d428d58db5ed9404c4 | False | 0.9413503645451211 | data | 7.919359410493161 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0xae000 | 0x1600 | 0x1600 | 2ad9d646792a418e4acbd118fb762c4b | False | 0.7341974431818182 | data | 6.525337678803363 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xb0000 | 0xc | 0x200 | b4a6f2032cb6c7f12aac4e7429bf0505 | False | 0.041015625 | data | 0.08153941234324169 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0xae0c8 | 0xf5d | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | 0.9125349605898805 | ||
RT_GROUP_ICON | 0xaf038 | 0x14 | data | 1.05 | ||
RT_VERSION | 0xaf05c | 0x3c0 | data | 0.4510416666666667 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/19/24-19:33:10.146400 | TCP | 2851779 | ETPRO TROJAN Agent Tesla Telegram Exfil | 49708 | 443 | 192.168.2.5 | 149.154.167.220 |
04/19/24-19:33:06.739874 | TCP | 2851779 | ETPRO TROJAN Agent Tesla Telegram Exfil | 49706 | 443 | 192.168.2.5 | 149.154.167.220 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 19:33:04.543025017 CEST | 49705 | 443 | 192.168.2.5 | 104.26.12.205 |
Apr 19, 2024 19:33:04.543060064 CEST | 443 | 49705 | 104.26.12.205 | 192.168.2.5 |
Apr 19, 2024 19:33:04.543142080 CEST | 49705 | 443 | 192.168.2.5 | 104.26.12.205 |
Apr 19, 2024 19:33:04.549525023 CEST | 49705 | 443 | 192.168.2.5 | 104.26.12.205 |
Apr 19, 2024 19:33:04.549540043 CEST | 443 | 49705 | 104.26.12.205 | 192.168.2.5 |
Apr 19, 2024 19:33:04.776035070 CEST | 443 | 49705 | 104.26.12.205 | 192.168.2.5 |
Apr 19, 2024 19:33:04.776119947 CEST | 49705 | 443 | 192.168.2.5 | 104.26.12.205 |
Apr 19, 2024 19:33:04.778759003 CEST | 49705 | 443 | 192.168.2.5 | 104.26.12.205 |
Apr 19, 2024 19:33:04.778769016 CEST | 443 | 49705 | 104.26.12.205 | 192.168.2.5 |
Apr 19, 2024 19:33:04.779187918 CEST | 443 | 49705 | 104.26.12.205 | 192.168.2.5 |
Apr 19, 2024 19:33:04.833252907 CEST | 49705 | 443 | 192.168.2.5 | 104.26.12.205 |
Apr 19, 2024 19:33:04.839976072 CEST | 49705 | 443 | 192.168.2.5 | 104.26.12.205 |
Apr 19, 2024 19:33:04.880157948 CEST | 443 | 49705 | 104.26.12.205 | 192.168.2.5 |
Apr 19, 2024 19:33:05.080715895 CEST | 443 | 49705 | 104.26.12.205 | 192.168.2.5 |
Apr 19, 2024 19:33:05.080806017 CEST | 443 | 49705 | 104.26.12.205 | 192.168.2.5 |
Apr 19, 2024 19:33:05.081012011 CEST | 49705 | 443 | 192.168.2.5 | 104.26.12.205 |
Apr 19, 2024 19:33:05.086179972 CEST | 49705 | 443 | 192.168.2.5 | 104.26.12.205 |
Apr 19, 2024 19:33:05.926769018 CEST | 49706 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:33:05.926808119 CEST | 443 | 49706 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:33:05.926922083 CEST | 49706 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:33:05.943377018 CEST | 49706 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:33:05.943392992 CEST | 443 | 49706 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:33:06.374706984 CEST | 443 | 49706 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:33:06.374838114 CEST | 49706 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:33:06.379019976 CEST | 49706 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:33:06.379031897 CEST | 443 | 49706 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:33:06.379702091 CEST | 443 | 49706 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:33:06.381182909 CEST | 49706 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:33:06.424124002 CEST | 443 | 49706 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:33:06.739763021 CEST | 49706 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:33:06.739792109 CEST | 443 | 49706 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:33:06.784132957 CEST | 443 | 49706 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:33:06.833724976 CEST | 49706 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:33:07.060884953 CEST | 443 | 49706 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:33:07.061027050 CEST | 443 | 49706 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:33:07.061683893 CEST | 49706 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:33:07.063458920 CEST | 49706 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:33:08.187604904 CEST | 49707 | 443 | 192.168.2.5 | 104.26.12.205 |
Apr 19, 2024 19:33:08.187648058 CEST | 443 | 49707 | 104.26.12.205 | 192.168.2.5 |
Apr 19, 2024 19:33:08.187719107 CEST | 49707 | 443 | 192.168.2.5 | 104.26.12.205 |
Apr 19, 2024 19:33:08.192867041 CEST | 49707 | 443 | 192.168.2.5 | 104.26.12.205 |
Apr 19, 2024 19:33:08.192883015 CEST | 443 | 49707 | 104.26.12.205 | 192.168.2.5 |
Apr 19, 2024 19:33:08.409291983 CEST | 443 | 49707 | 104.26.12.205 | 192.168.2.5 |
Apr 19, 2024 19:33:08.409404039 CEST | 49707 | 443 | 192.168.2.5 | 104.26.12.205 |
Apr 19, 2024 19:33:08.410854101 CEST | 49707 | 443 | 192.168.2.5 | 104.26.12.205 |
Apr 19, 2024 19:33:08.410876989 CEST | 443 | 49707 | 104.26.12.205 | 192.168.2.5 |
Apr 19, 2024 19:33:08.411217928 CEST | 443 | 49707 | 104.26.12.205 | 192.168.2.5 |
Apr 19, 2024 19:33:08.458276987 CEST | 49707 | 443 | 192.168.2.5 | 104.26.12.205 |
Apr 19, 2024 19:33:08.469510078 CEST | 49707 | 443 | 192.168.2.5 | 104.26.12.205 |
Apr 19, 2024 19:33:08.512125015 CEST | 443 | 49707 | 104.26.12.205 | 192.168.2.5 |
Apr 19, 2024 19:33:08.728996992 CEST | 443 | 49707 | 104.26.12.205 | 192.168.2.5 |
Apr 19, 2024 19:33:08.729065895 CEST | 443 | 49707 | 104.26.12.205 | 192.168.2.5 |
Apr 19, 2024 19:33:08.729173899 CEST | 49707 | 443 | 192.168.2.5 | 104.26.12.205 |
Apr 19, 2024 19:33:08.732484102 CEST | 49707 | 443 | 192.168.2.5 | 104.26.12.205 |
Apr 19, 2024 19:33:09.367854118 CEST | 49708 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:33:09.367889881 CEST | 443 | 49708 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:33:09.367966890 CEST | 49708 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:33:09.368558884 CEST | 49708 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:33:09.368577003 CEST | 443 | 49708 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:33:09.784562111 CEST | 443 | 49708 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:33:09.784634113 CEST | 49708 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:33:09.786276102 CEST | 49708 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:33:09.786286116 CEST | 443 | 49708 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:33:09.786612034 CEST | 443 | 49708 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:33:09.790388107 CEST | 49708 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:33:09.836112022 CEST | 443 | 49708 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:33:10.146270037 CEST | 49708 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:33:10.146298885 CEST | 443 | 49708 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:33:10.192652941 CEST | 443 | 49708 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:33:10.239518881 CEST | 49708 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:33:10.562978029 CEST | 443 | 49708 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:33:10.563059092 CEST | 443 | 49708 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:33:10.563335896 CEST | 49708 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:33:10.563536882 CEST | 49708 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:13.260236979 CEST | 49717 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:13.260274887 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:13.260374069 CEST | 49717 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:13.260674953 CEST | 49717 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:13.260688066 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:13.682372093 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:13.694485903 CEST | 49717 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:13.694502115 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:14.052254915 CEST | 49717 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:14.052282095 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:14.052397966 CEST | 49717 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:14.052413940 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:14.052550077 CEST | 49717 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:14.052797079 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:14.091519117 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:14.145720959 CEST | 49717 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:14.916137934 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:14.916275978 CEST | 49717 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:14.916295052 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:14.916351080 CEST | 443 | 49717 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:14.916490078 CEST | 49717 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:14.916731119 CEST | 49717 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:34.829293966 CEST | 49719 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:34.829355001 CEST | 443 | 49719 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:34.829457998 CEST | 49719 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:34.829770088 CEST | 49719 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:34.829788923 CEST | 443 | 49719 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:35.271440029 CEST | 443 | 49719 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:35.281001091 CEST | 49719 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:35.281018972 CEST | 443 | 49719 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:35.630278111 CEST | 49719 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:35.630305052 CEST | 443 | 49719 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:35.630372047 CEST | 49719 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:35.630388021 CEST | 443 | 49719 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:35.630466938 CEST | 49719 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:35.630584955 CEST | 443 | 49719 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:35.692534924 CEST | 443 | 49719 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:35.739440918 CEST | 49719 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:36.370181084 CEST | 443 | 49719 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:36.370248079 CEST | 49719 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:36.370271921 CEST | 443 | 49719 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:36.370285034 CEST | 443 | 49719 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:36.370345116 CEST | 49719 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:36.370836020 CEST | 49719 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:58.154869080 CEST | 49720 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:58.154910088 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:58.155055046 CEST | 49720 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:58.155443907 CEST | 49720 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:58.155457020 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:58.575258970 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:58.577044010 CEST | 49720 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:58.577064991 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:58.927206993 CEST | 49720 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:58.927243948 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:58.927510977 CEST | 49720 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:58.927531958 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:58.927701950 CEST | 49720 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:58.927872896 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:58.984690905 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:59.192151070 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:59.192282915 CEST | 49720 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:59.703977108 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:59.704155922 CEST | 49720 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:59.704178095 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:59.704243898 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:59.709707022 CEST | 49720 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:59.709717035 CEST | 443 | 49720 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:34:59.709758043 CEST | 49720 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:59.709758043 CEST | 49720 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:34:59.713768959 CEST | 49720 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:07.251101017 CEST | 49721 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:07.251130104 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:07.251246929 CEST | 49721 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:07.253664970 CEST | 49721 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:07.253679991 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:07.682717085 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:07.685795069 CEST | 49721 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:07.685817957 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:08.037132978 CEST | 49721 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:08.037158966 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:08.037236929 CEST | 49721 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:08.037254095 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:08.037329912 CEST | 49721 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:08.037410021 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:08.098397970 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:08.267643929 CEST | 49721 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:09.159316063 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:09.159451962 CEST | 49721 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:09.159466982 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:09.159527063 CEST | 443 | 49721 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:09.159609079 CEST | 49721 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:09.159864902 CEST | 49721 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:10.531157970 CEST | 49722 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:10.531207085 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:10.531285048 CEST | 49722 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:10.531734943 CEST | 49722 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:10.531752110 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:10.949206114 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:10.952275038 CEST | 49722 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:10.952313900 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:11.303700924 CEST | 49722 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:11.303726912 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:11.308250904 CEST | 49722 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:11.308271885 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:11.308521032 CEST | 49722 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:11.308541059 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:11.357254982 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:11.508169889 CEST | 49722 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:12.138283014 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:12.138360023 CEST | 49722 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:12.138391972 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:12.138513088 CEST | 443 | 49722 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:12.138607025 CEST | 49722 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:12.138952971 CEST | 49722 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:16.816417933 CEST | 49723 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:16.816468954 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:16.816543102 CEST | 49723 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:16.816992044 CEST | 49723 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:16.817006111 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:17.227818966 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:17.242537022 CEST | 49723 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:17.242561102 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:17.609407902 CEST | 49723 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:17.609461069 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:17.609615088 CEST | 49723 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:17.609632969 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:17.609730005 CEST | 49723 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:17.609802008 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:17.632235050 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:17.836139917 CEST | 49723 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:18.359447956 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:18.359549046 CEST | 443 | 49723 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:18.359869003 CEST | 49723 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:18.360680103 CEST | 49723 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:27.897675991 CEST | 49724 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:27.897727013 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:27.899004936 CEST | 49724 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:27.899218082 CEST | 49724 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:27.899233103 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:28.324537039 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:28.327903032 CEST | 49724 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:28.327919960 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:28.679806948 CEST | 49724 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:28.679836035 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:28.684648991 CEST | 49724 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:28.684672117 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:28.684804916 CEST | 49724 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:28.684849024 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:28.741555929 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:28.829946041 CEST | 49724 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:29.625802040 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:29.625895023 CEST | 49724 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:29.625924110 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:29.626045942 CEST | 443 | 49724 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:29.626132011 CEST | 49724 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:29.626426935 CEST | 49724 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:35.974287033 CEST | 49725 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:35.974340916 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:35.974560976 CEST | 49725 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:35.975224018 CEST | 49725 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:35.975244999 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:36.386291981 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:36.390191078 CEST | 49725 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:36.390224934 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:36.743722916 CEST | 49725 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:36.743761063 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:36.744472027 CEST | 49725 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:36.744498968 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:36.749362946 CEST | 49725 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:36.749391079 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:36.795275927 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:37.000119925 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:37.000169039 CEST | 49725 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:38.300390959 CEST | 49726 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:38.300446033 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:38.300674915 CEST | 49726 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:38.301489115 CEST | 49726 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:38.301503897 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:38.306294918 CEST | 49725 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:38.306412935 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:38.306658030 CEST | 443 | 49725 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:38.306828022 CEST | 49725 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:38.306828976 CEST | 49725 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:38.724215031 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:38.724301100 CEST | 49726 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:38.729696989 CEST | 49726 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:38.729723930 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:38.729970932 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:38.733694077 CEST | 49726 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:38.776123047 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:39.083605051 CEST | 49726 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:39.083652020 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:39.083733082 CEST | 49726 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:39.083756924 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:39.083848953 CEST | 49726 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:39.083931923 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:39.094042063 CEST | 49727 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:39.094079971 CEST | 443 | 49727 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:39.094136953 CEST | 49727 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:39.094542027 CEST | 49727 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:39.094553947 CEST | 443 | 49727 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:39.145859957 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:39.248795033 CEST | 49726 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:39.505914927 CEST | 443 | 49727 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:39.508801937 CEST | 49727 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:39.508814096 CEST | 443 | 49727 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:39.809525967 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:39.809597969 CEST | 49726 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:39.809633017 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:39.809663057 CEST | 443 | 49726 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:39.809832096 CEST | 49726 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:39.813699007 CEST | 49726 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:39.864686012 CEST | 49727 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:39.864729881 CEST | 443 | 49727 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:39.865700006 CEST | 49727 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:39.865720987 CEST | 443 | 49727 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:39.869798899 CEST | 49727 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:39.869820118 CEST | 443 | 49727 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:39.924369097 CEST | 443 | 49727 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:40.005697012 CEST | 49727 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:40.629251003 CEST | 443 | 49727 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:40.629360914 CEST | 443 | 49727 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:40.629391909 CEST | 49727 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:40.629899025 CEST | 49727 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:40.629899025 CEST | 49727 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:55.296418905 CEST | 49728 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:55.296468973 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:55.296566010 CEST | 49728 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:55.296948910 CEST | 49728 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:55.296958923 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:55.722532034 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:55.724488020 CEST | 49728 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:55.724514961 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:56.083858013 CEST | 49728 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:56.083890915 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:56.084705114 CEST | 49728 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:56.084724903 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:56.084826946 CEST | 49728 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:56.084856987 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:56.140132904 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:56.317568064 CEST | 49728 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:56.963573933 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:56.963665962 CEST | 443 | 49728 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:35:56.963680029 CEST | 49728 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:56.963741064 CEST | 49728 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:35:56.964350939 CEST | 49728 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:03.118988037 CEST | 49729 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:03.119040012 CEST | 443 | 49729 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:03.119134903 CEST | 49729 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:03.119756937 CEST | 49729 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:03.119769096 CEST | 443 | 49729 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:03.543735981 CEST | 443 | 49729 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:03.546300888 CEST | 49729 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:03.546318054 CEST | 443 | 49729 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:03.897718906 CEST | 49729 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:03.897757053 CEST | 443 | 49729 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:03.905736923 CEST | 49729 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:03.905775070 CEST | 443 | 49729 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:03.911761045 CEST | 49729 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:03.911782026 CEST | 443 | 49729 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:03.969463110 CEST | 443 | 49729 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:04.025321007 CEST | 49729 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:04.677053928 CEST | 443 | 49729 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:04.677273035 CEST | 49729 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:04.677290916 CEST | 443 | 49729 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:04.679701090 CEST | 49729 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:04.679717064 CEST | 443 | 49729 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:04.679917097 CEST | 49729 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:04.679917097 CEST | 49729 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:10.120048046 CEST | 49730 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:10.120109081 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:10.120176077 CEST | 49730 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:10.120590925 CEST | 49730 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:10.120604992 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:10.533034086 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:10.535331011 CEST | 49730 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:10.535368919 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:10.880253077 CEST | 49730 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:10.880279064 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:10.880378008 CEST | 49730 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:10.880408049 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:10.880482912 CEST | 49730 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:10.880530119 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:10.942579985 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:11.005019903 CEST | 49730 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:11.644068956 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:11.644130945 CEST | 49730 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:11.644155025 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:11.644179106 CEST | 443 | 49730 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:11.644221067 CEST | 49730 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:11.644762039 CEST | 49730 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:30.681699991 CEST | 49731 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:30.681781054 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:30.681909084 CEST | 49731 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:30.685688972 CEST | 49731 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:30.685700893 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:31.109560013 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:31.112083912 CEST | 49731 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:31.112095118 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:31.458610058 CEST | 49731 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:31.458632946 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:31.458781004 CEST | 49731 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:31.458798885 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:31.458890915 CEST | 49731 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:31.458925962 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:31.527017117 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:31.637222052 CEST | 49731 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:32.399487972 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:32.399580956 CEST | 443 | 49731 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:32.399614096 CEST | 49731 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:32.399863958 CEST | 49731 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:32.402004957 CEST | 49731 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:35.311744928 CEST | 49732 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:35.311789036 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:35.311861038 CEST | 49732 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:35.312371016 CEST | 49732 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:35.312386990 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:35.727322102 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:35.729074955 CEST | 49732 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:35.729104996 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:36.083331108 CEST | 49732 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:36.083368063 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:36.083511114 CEST | 49732 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:36.083533049 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:36.083761930 CEST | 49732 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:36.083990097 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:36.136023998 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:36.317689896 CEST | 49733 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:36.317714930 CEST | 443 | 49733 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:36.317854881 CEST | 49733 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:36.318312883 CEST | 49733 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:36.318327904 CEST | 443 | 49733 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:36.333170891 CEST | 49732 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:36.741421938 CEST | 443 | 49733 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:36.743484020 CEST | 49733 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:36.743511915 CEST | 443 | 49733 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:36.967909098 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:36.967983961 CEST | 49732 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:36.967998028 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:36.968009949 CEST | 443 | 49732 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:36.968115091 CEST | 49732 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:36.968898058 CEST | 49732 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:37.099170923 CEST | 49733 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:37.099208117 CEST | 443 | 49733 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:37.099282980 CEST | 49733 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:37.099301100 CEST | 443 | 49733 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:37.101715088 CEST | 49733 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:37.101743937 CEST | 443 | 49733 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:37.160021067 CEST | 443 | 49733 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:37.317538977 CEST | 49733 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:37.609344959 CEST | 49734 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:37.609415054 CEST | 443 | 49734 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:37.609477997 CEST | 49734 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:37.609884024 CEST | 49734 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:37.609894991 CEST | 443 | 49734 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:37.834934950 CEST | 443 | 49733 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:37.835001945 CEST | 49733 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:37.835021019 CEST | 443 | 49733 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:37.835032940 CEST | 443 | 49733 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:37.835068941 CEST | 49733 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:37.836771965 CEST | 49733 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:37.900965929 CEST | 49735 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:37.901012897 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:37.901072979 CEST | 49735 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:37.901459932 CEST | 49735 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:37.901478052 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:37.907151937 CEST | 49734 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:37.952127934 CEST | 443 | 49734 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:38.032993078 CEST | 443 | 49734 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:38.033135891 CEST | 443 | 49734 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:38.033201933 CEST | 49734 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:38.033741951 CEST | 49734 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:38.318274021 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:38.318496943 CEST | 49735 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:38.321377993 CEST | 49735 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:38.321394920 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:38.321779013 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:38.324091911 CEST | 49735 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:38.368125916 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:38.677090883 CEST | 49735 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:38.677129030 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:38.677607059 CEST | 49735 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:38.677625895 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:38.677823067 CEST | 49735 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:38.677839041 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:38.728374004 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:38.820691109 CEST | 49735 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:39.410235882 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:39.410305023 CEST | 49735 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:39.410327911 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:39.410343885 CEST | 443 | 49735 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:39.410394907 CEST | 49735 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:39.410959005 CEST | 49735 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:41.364725113 CEST | 49736 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:41.364767075 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:41.364872932 CEST | 49736 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:41.365228891 CEST | 49736 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:41.365238905 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:41.789993048 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:41.791965008 CEST | 49736 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:41.791984081 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:42.149715900 CEST | 49736 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:42.149751902 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:42.150074959 CEST | 49736 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:42.150101900 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:42.150355101 CEST | 49736 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:42.150381088 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:42.206207037 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:42.333688021 CEST | 49736 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:42.917834044 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:42.917917967 CEST | 443 | 49736 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:42.917947054 CEST | 49736 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:42.918068886 CEST | 49736 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:42.919720888 CEST | 49736 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:50.079829931 CEST | 49737 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:50.079879045 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:50.084121943 CEST | 49737 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:50.084121943 CEST | 49737 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:50.084167957 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:50.506361961 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:50.507925034 CEST | 49737 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:50.507946968 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:50.867882967 CEST | 49737 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:50.867919922 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:50.868026018 CEST | 49737 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:50.868046999 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:50.868153095 CEST | 49737 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:50.868185997 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:50.926700115 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:51.020596027 CEST | 49737 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:51.663280010 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:51.663330078 CEST | 49737 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:51.663345098 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:51.663358927 CEST | 443 | 49737 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:51.663408995 CEST | 49737 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:51.663897038 CEST | 49737 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:55.376014948 CEST | 49738 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:55.376133919 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:55.376205921 CEST | 49738 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:55.376703978 CEST | 49738 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:55.376734018 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:55.803983927 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:55.806668043 CEST | 49738 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:55.806727886 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:56.161742926 CEST | 49738 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:56.161848068 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:56.169753075 CEST | 49738 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:56.169831038 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:56.173741102 CEST | 49738 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:56.173803091 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:56.223915100 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:56.333240986 CEST | 49738 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:56.898598909 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:56.898845911 CEST | 443 | 49738 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:36:56.899373055 CEST | 49738 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:36:56.899373055 CEST | 49738 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:37:12.098566055 CEST | 49739 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:37:12.098627090 CEST | 443 | 49739 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:37:12.098762989 CEST | 49739 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:37:12.099195004 CEST | 49739 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:37:12.099222898 CEST | 443 | 49739 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:37:12.193020105 CEST | 49740 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:37:12.193065882 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:37:12.193130970 CEST | 49740 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:37:12.193521023 CEST | 49740 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:37:12.193533897 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:37:12.524112940 CEST | 443 | 49739 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:37:12.527358055 CEST | 49739 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:37:12.527457952 CEST | 443 | 49739 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:37:12.607883930 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:37:12.609946012 CEST | 49740 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:37:12.609965086 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:37:12.880309105 CEST | 49739 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:37:12.880389929 CEST | 443 | 49739 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:37:12.880515099 CEST | 49739 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:37:12.880554914 CEST | 443 | 49739 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:37:12.880649090 CEST | 49739 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:37:12.880712986 CEST | 443 | 49739 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:37:12.957851887 CEST | 443 | 49739 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:37:12.958271980 CEST | 49740 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:37:12.958304882 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:37:12.958384991 CEST | 49740 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:37:12.958395004 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:37:12.958475113 CEST | 49740 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:37:12.958504915 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:37:13.004965067 CEST | 49739 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:37:13.018131971 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:37:13.067512035 CEST | 49740 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:37:13.742862940 CEST | 443 | 49739 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:37:13.742939949 CEST | 443 | 49739 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:37:13.742940903 CEST | 49739 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:37:13.742991924 CEST | 49739 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:37:13.743285894 CEST | 49739 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:37:13.808924913 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:37:13.808995962 CEST | 49740 | 443 | 192.168.2.5 | 149.154.167.220 |
Apr 19, 2024 19:37:13.808998108 CEST | 443 | 49740 | 149.154.167.220 | 192.168.2.5 |
Apr 19, 2024 19:37:13.809051991 CEST | 49740 | 443 | 192.168.2.5 | 149.154.167.220 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 19:33:04.422277927 CEST | 53076 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 19, 2024 19:33:04.527829885 CEST | 53 | 53076 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 19:33:05.819991112 CEST | 52707 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 19, 2024 19:33:05.925828934 CEST | 53 | 52707 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 19:37:12.085498095 CEST | 57280 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 19, 2024 19:37:12.192385912 CEST | 53 | 57280 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 19, 2024 19:33:04.422277927 CEST | 192.168.2.5 | 1.1.1.1 | 0x4003 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 19:33:05.819991112 CEST | 192.168.2.5 | 1.1.1.1 | 0x56c9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 19:37:12.085498095 CEST | 192.168.2.5 | 1.1.1.1 | 0x8543 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 19, 2024 19:33:04.527829885 CEST | 1.1.1.1 | 192.168.2.5 | 0x4003 | No error (0) | 104.26.12.205 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 19:33:04.527829885 CEST | 1.1.1.1 | 192.168.2.5 | 0x4003 | No error (0) | 104.26.13.205 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 19:33:04.527829885 CEST | 1.1.1.1 | 192.168.2.5 | 0x4003 | No error (0) | 172.67.74.152 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 19:33:05.925828934 CEST | 1.1.1.1 | 192.168.2.5 | 0x56c9 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 19:37:12.192385912 CEST | 1.1.1.1 | 192.168.2.5 | 0x8543 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49705 | 104.26.12.205 | 443 | 3472 | C:\Users\user\Desktop\z1E-catalogSamples.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:33:04 UTC | 155 | OUT | |
2024-04-19 17:33:05 UTC | 211 | IN | |
2024-04-19 17:33:05 UTC | 12 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49706 | 149.154.167.220 | 443 | 3472 | C:\Users\user\Desktop\z1E-catalogSamples.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:33:06 UTC | 260 | OUT | |
2024-04-19 17:33:06 UTC | 971 | OUT | |
2024-04-19 17:33:06 UTC | 25 | IN | |
2024-04-19 17:33:07 UTC | 1115 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49707 | 104.26.12.205 | 443 | 7324 | C:\Users\user\AppData\Roaming\vZkoWbol.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:33:08 UTC | 155 | OUT | |
2024-04-19 17:33:08 UTC | 211 | IN | |
2024-04-19 17:33:08 UTC | 12 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49708 | 149.154.167.220 | 443 | 7324 | C:\Users\user\AppData\Roaming\vZkoWbol.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:33:09 UTC | 260 | OUT | |
2024-04-19 17:33:10 UTC | 971 | OUT | |
2024-04-19 17:33:10 UTC | 25 | IN | |
2024-04-19 17:33:10 UTC | 1115 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49717 | 149.154.167.220 | 443 | 3472 | C:\Users\user\Desktop\z1E-catalogSamples.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:34:13 UTC | 238 | OUT | |
2024-04-19 17:34:14 UTC | 1024 | OUT | |
2024-04-19 17:34:14 UTC | 16355 | OUT | |
2024-04-19 17:34:14 UTC | 16355 | OUT | |
2024-04-19 17:34:14 UTC | 16355 | OUT | |
2024-04-19 17:34:14 UTC | 15447 | OUT | |
2024-04-19 17:34:14 UTC | 1558 | OUT | |
2024-04-19 17:34:14 UTC | 50 | OUT | |
2024-04-19 17:34:14 UTC | 25 | IN | |
2024-04-19 17:34:14 UTC | 1485 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.5 | 49719 | 149.154.167.220 | 443 | 3472 | C:\Users\user\Desktop\z1E-catalogSamples.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:34:35 UTC | 238 | OUT | |
2024-04-19 17:34:35 UTC | 1024 | OUT | |
2024-04-19 17:34:35 UTC | 16355 | OUT | |
2024-04-19 17:34:35 UTC | 16355 | OUT | |
2024-04-19 17:34:35 UTC | 16355 | OUT | |
2024-04-19 17:34:35 UTC | 15447 | OUT | |
2024-04-19 17:34:35 UTC | 1558 | OUT | |
2024-04-19 17:34:35 UTC | 50 | OUT | |
2024-04-19 17:34:35 UTC | 25 | IN | |
2024-04-19 17:34:36 UTC | 1482 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.5 | 49720 | 149.154.167.220 | 443 | 3472 | C:\Users\user\Desktop\z1E-catalogSamples.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:34:58 UTC | 262 | OUT | |
2024-04-19 17:34:58 UTC | 1024 | OUT | |
2024-04-19 17:34:58 UTC | 16355 | OUT | |
2024-04-19 17:34:58 UTC | 16355 | OUT | |
2024-04-19 17:34:58 UTC | 16355 | OUT | |
2024-04-19 17:34:58 UTC | 15447 | OUT | |
2024-04-19 17:34:58 UTC | 1558 | OUT | |
2024-04-19 17:34:58 UTC | 50 | OUT | |
2024-04-19 17:34:58 UTC | 25 | IN | |
2024-04-19 17:34:59 UTC | 1482 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.5 | 49721 | 149.154.167.220 | 443 | 3472 | C:\Users\user\Desktop\z1E-catalogSamples.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:35:07 UTC | 262 | OUT | |
2024-04-19 17:35:08 UTC | 1024 | OUT | |
2024-04-19 17:35:08 UTC | 16355 | OUT | |
2024-04-19 17:35:08 UTC | 16355 | OUT | |
2024-04-19 17:35:08 UTC | 16355 | OUT | |
2024-04-19 17:35:08 UTC | 15447 | OUT | |
2024-04-19 17:35:08 UTC | 1569 | OUT | |
2024-04-19 17:35:08 UTC | 50 | OUT | |
2024-04-19 17:35:08 UTC | 25 | IN | |
2024-04-19 17:35:09 UTC | 1482 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.5 | 49722 | 149.154.167.220 | 443 | 3472 | C:\Users\user\Desktop\z1E-catalogSamples.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:35:10 UTC | 262 | OUT | |
2024-04-19 17:35:11 UTC | 1024 | OUT | |
2024-04-19 17:35:11 UTC | 16355 | OUT | |
2024-04-19 17:35:11 UTC | 16355 | OUT | |
2024-04-19 17:35:11 UTC | 16355 | OUT | |
2024-04-19 17:35:11 UTC | 15447 | OUT | |
2024-04-19 17:35:11 UTC | 1569 | OUT | |
2024-04-19 17:35:11 UTC | 50 | OUT | |
2024-04-19 17:35:11 UTC | 25 | IN | |
2024-04-19 17:35:12 UTC | 1482 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.5 | 49723 | 149.154.167.220 | 443 | 7324 | C:\Users\user\AppData\Roaming\vZkoWbol.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:35:17 UTC | 262 | OUT | |
2024-04-19 17:35:17 UTC | 1024 | OUT | |
2024-04-19 17:35:17 UTC | 16355 | OUT | |
2024-04-19 17:35:17 UTC | 16355 | OUT | |
2024-04-19 17:35:17 UTC | 16355 | OUT | |
2024-04-19 17:35:17 UTC | 15447 | OUT | |
2024-04-19 17:35:17 UTC | 1569 | OUT | |
2024-04-19 17:35:17 UTC | 50 | OUT | |
2024-04-19 17:35:17 UTC | 25 | IN | |
2024-04-19 17:35:18 UTC | 1482 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.5 | 49724 | 149.154.167.220 | 443 | 3472 | C:\Users\user\Desktop\z1E-catalogSamples.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:35:28 UTC | 262 | OUT | |
2024-04-19 17:35:28 UTC | 1024 | OUT | |
2024-04-19 17:35:28 UTC | 16355 | OUT | |
2024-04-19 17:35:28 UTC | 16355 | OUT | |
2024-04-19 17:35:28 UTC | 16355 | OUT | |
2024-04-19 17:35:28 UTC | 15447 | OUT | |
2024-04-19 17:35:28 UTC | 6419 | OUT | |
2024-04-19 17:35:28 UTC | 50 | OUT | |
2024-04-19 17:35:28 UTC | 25 | IN | |
2024-04-19 17:35:29 UTC | 1482 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.5 | 49725 | 149.154.167.220 | 443 | 7324 | C:\Users\user\AppData\Roaming\vZkoWbol.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:35:36 UTC | 238 | OUT | |
2024-04-19 17:35:36 UTC | 1024 | OUT | |
2024-04-19 17:35:36 UTC | 16355 | OUT | |
2024-04-19 17:35:36 UTC | 16355 | OUT | |
2024-04-19 17:35:36 UTC | 16355 | OUT | |
2024-04-19 17:35:36 UTC | 15447 | OUT | |
2024-04-19 17:35:36 UTC | 1569 | OUT | |
2024-04-19 17:35:36 UTC | 50 | OUT | |
2024-04-19 17:35:36 UTC | 25 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
12 | 192.168.2.5 | 49726 | 149.154.167.220 | 443 | 7324 | C:\Users\user\AppData\Roaming\vZkoWbol.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:35:38 UTC | 262 | OUT | |
2024-04-19 17:35:39 UTC | 1024 | OUT | |
2024-04-19 17:35:39 UTC | 16355 | OUT | |
2024-04-19 17:35:39 UTC | 16355 | OUT | |
2024-04-19 17:35:39 UTC | 16355 | OUT | |
2024-04-19 17:35:39 UTC | 15447 | OUT | |
2024-04-19 17:35:39 UTC | 1569 | OUT | |
2024-04-19 17:35:39 UTC | 50 | OUT | |
2024-04-19 17:35:39 UTC | 25 | IN | |
2024-04-19 17:35:39 UTC | 1482 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
13 | 192.168.2.5 | 49727 | 149.154.167.220 | 443 | 7324 | C:\Users\user\AppData\Roaming\vZkoWbol.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:35:39 UTC | 262 | OUT | |
2024-04-19 17:35:39 UTC | 1024 | OUT | |
2024-04-19 17:35:39 UTC | 16355 | OUT | |
2024-04-19 17:35:39 UTC | 16355 | OUT | |
2024-04-19 17:35:39 UTC | 16355 | OUT | |
2024-04-19 17:35:39 UTC | 15447 | OUT | |
2024-04-19 17:35:39 UTC | 1569 | OUT | |
2024-04-19 17:35:39 UTC | 50 | OUT | |
2024-04-19 17:35:39 UTC | 25 | IN | |
2024-04-19 17:35:40 UTC | 1482 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
14 | 192.168.2.5 | 49728 | 149.154.167.220 | 443 | 3472 | C:\Users\user\Desktop\z1E-catalogSamples.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:35:55 UTC | 262 | OUT | |
2024-04-19 17:35:56 UTC | 1024 | OUT | |
2024-04-19 17:35:56 UTC | 16355 | OUT | |
2024-04-19 17:35:56 UTC | 16355 | OUT | |
2024-04-19 17:35:56 UTC | 16355 | OUT | |
2024-04-19 17:35:56 UTC | 15447 | OUT | |
2024-04-19 17:35:56 UTC | 1569 | OUT | |
2024-04-19 17:35:56 UTC | 50 | OUT | |
2024-04-19 17:35:56 UTC | 25 | IN | |
2024-04-19 17:35:56 UTC | 1485 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
15 | 192.168.2.5 | 49729 | 149.154.167.220 | 443 | 7324 | C:\Users\user\AppData\Roaming\vZkoWbol.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:36:03 UTC | 238 | OUT | |
2024-04-19 17:36:03 UTC | 1024 | OUT | |
2024-04-19 17:36:03 UTC | 16355 | OUT | |
2024-04-19 17:36:03 UTC | 16355 | OUT | |
2024-04-19 17:36:03 UTC | 16355 | OUT | |
2024-04-19 17:36:03 UTC | 15447 | OUT | |
2024-04-19 17:36:03 UTC | 1552 | OUT | |
2024-04-19 17:36:03 UTC | 50 | OUT | |
2024-04-19 17:36:03 UTC | 25 | IN | |
2024-04-19 17:36:04 UTC | 1482 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
16 | 192.168.2.5 | 49730 | 149.154.167.220 | 443 | 3472 | C:\Users\user\Desktop\z1E-catalogSamples.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:36:10 UTC | 262 | OUT | |
2024-04-19 17:36:10 UTC | 1024 | OUT | |
2024-04-19 17:36:10 UTC | 16355 | OUT | |
2024-04-19 17:36:10 UTC | 16355 | OUT | |
2024-04-19 17:36:10 UTC | 16355 | OUT | |
2024-04-19 17:36:10 UTC | 15447 | OUT | |
2024-04-19 17:36:10 UTC | 1552 | OUT | |
2024-04-19 17:36:10 UTC | 50 | OUT | |
2024-04-19 17:36:10 UTC | 25 | IN | |
2024-04-19 17:36:11 UTC | 1482 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
17 | 192.168.2.5 | 49731 | 149.154.167.220 | 443 | 7324 | C:\Users\user\AppData\Roaming\vZkoWbol.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:36:31 UTC | 238 | OUT | |
2024-04-19 17:36:31 UTC | 1024 | OUT | |
2024-04-19 17:36:31 UTC | 16355 | OUT | |
2024-04-19 17:36:31 UTC | 16355 | OUT | |
2024-04-19 17:36:31 UTC | 16355 | OUT | |
2024-04-19 17:36:31 UTC | 15447 | OUT | |
2024-04-19 17:36:31 UTC | 1552 | OUT | |
2024-04-19 17:36:31 UTC | 50 | OUT | |
2024-04-19 17:36:31 UTC | 25 | IN | |
2024-04-19 17:36:32 UTC | 1482 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
18 | 192.168.2.5 | 49732 | 149.154.167.220 | 443 | 3472 | C:\Users\user\Desktop\z1E-catalogSamples.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:36:35 UTC | 262 | OUT | |
2024-04-19 17:36:36 UTC | 1024 | OUT | |
2024-04-19 17:36:36 UTC | 16355 | OUT | |
2024-04-19 17:36:36 UTC | 16355 | OUT | |
2024-04-19 17:36:36 UTC | 16355 | OUT | |
2024-04-19 17:36:36 UTC | 15447 | OUT | |
2024-04-19 17:36:36 UTC | 1552 | OUT | |
2024-04-19 17:36:36 UTC | 50 | OUT | |
2024-04-19 17:36:36 UTC | 25 | IN | |
2024-04-19 17:36:36 UTC | 1485 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
19 | 192.168.2.5 | 49733 | 149.154.167.220 | 443 | 7324 | C:\Users\user\AppData\Roaming\vZkoWbol.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:36:36 UTC | 238 | OUT | |
2024-04-19 17:36:37 UTC | 1024 | OUT | |
2024-04-19 17:36:37 UTC | 16355 | OUT | |
2024-04-19 17:36:37 UTC | 16355 | OUT | |
2024-04-19 17:36:37 UTC | 16355 | OUT | |
2024-04-19 17:36:37 UTC | 15447 | OUT | |
2024-04-19 17:36:37 UTC | 1552 | OUT | |
2024-04-19 17:36:37 UTC | 50 | OUT | |
2024-04-19 17:36:37 UTC | 25 | IN | |
2024-04-19 17:36:37 UTC | 1485 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
20 | 192.168.2.5 | 49735 | 149.154.167.220 | 443 | 3472 | C:\Users\user\Desktop\z1E-catalogSamples.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:36:38 UTC | 262 | OUT | |
2024-04-19 17:36:38 UTC | 1024 | OUT | |
2024-04-19 17:36:38 UTC | 16355 | OUT | |
2024-04-19 17:36:38 UTC | 16355 | OUT | |
2024-04-19 17:36:38 UTC | 16355 | OUT | |
2024-04-19 17:36:38 UTC | 15447 | OUT | |
2024-04-19 17:36:38 UTC | 1552 | OUT | |
2024-04-19 17:36:38 UTC | 50 | OUT | |
2024-04-19 17:36:38 UTC | 25 | IN | |
2024-04-19 17:36:39 UTC | 1482 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
21 | 192.168.2.5 | 49736 | 149.154.167.220 | 443 | 3472 | C:\Users\user\Desktop\z1E-catalogSamples.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:36:41 UTC | 238 | OUT | |
2024-04-19 17:36:42 UTC | 1024 | OUT | |
2024-04-19 17:36:42 UTC | 16355 | OUT | |
2024-04-19 17:36:42 UTC | 16355 | OUT | |
2024-04-19 17:36:42 UTC | 16355 | OUT | |
2024-04-19 17:36:42 UTC | 15447 | OUT | |
2024-04-19 17:36:42 UTC | 1552 | OUT | |
2024-04-19 17:36:42 UTC | 50 | OUT | |
2024-04-19 17:36:42 UTC | 25 | IN | |
2024-04-19 17:36:42 UTC | 1482 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
22 | 192.168.2.5 | 49737 | 149.154.167.220 | 443 | 3472 | C:\Users\user\Desktop\z1E-catalogSamples.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:36:50 UTC | 262 | OUT | |
2024-04-19 17:36:50 UTC | 1024 | OUT | |
2024-04-19 17:36:50 UTC | 16355 | OUT | |
2024-04-19 17:36:50 UTC | 16355 | OUT | |
2024-04-19 17:36:50 UTC | 16355 | OUT | |
2024-04-19 17:36:50 UTC | 15447 | OUT | |
2024-04-19 17:36:50 UTC | 1552 | OUT | |
2024-04-19 17:36:50 UTC | 50 | OUT | |
2024-04-19 17:36:50 UTC | 25 | IN | |
2024-04-19 17:36:51 UTC | 1482 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
23 | 192.168.2.5 | 49738 | 149.154.167.220 | 443 | 7324 | C:\Users\user\AppData\Roaming\vZkoWbol.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:36:55 UTC | 238 | OUT | |
2024-04-19 17:36:56 UTC | 1024 | OUT | |
2024-04-19 17:36:56 UTC | 16355 | OUT | |
2024-04-19 17:36:56 UTC | 16355 | OUT | |
2024-04-19 17:36:56 UTC | 16355 | OUT | |
2024-04-19 17:36:56 UTC | 15447 | OUT | |
2024-04-19 17:36:56 UTC | 1552 | OUT | |
2024-04-19 17:36:56 UTC | 50 | OUT | |
2024-04-19 17:36:56 UTC | 25 | IN | |
2024-04-19 17:36:56 UTC | 1482 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
24 | 192.168.2.5 | 49739 | 149.154.167.220 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:37:12 UTC | 238 | OUT | |
2024-04-19 17:37:12 UTC | 1024 | OUT | |
2024-04-19 17:37:12 UTC | 16355 | OUT | |
2024-04-19 17:37:12 UTC | 16355 | OUT | |
2024-04-19 17:37:12 UTC | 16355 | OUT | |
2024-04-19 17:37:12 UTC | 15447 | OUT | |
2024-04-19 17:37:12 UTC | 1565 | OUT | |
2024-04-19 17:37:12 UTC | 50 | OUT | |
2024-04-19 17:37:12 UTC | 25 | IN | |
2024-04-19 17:37:13 UTC | 1482 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
25 | 192.168.2.5 | 49740 | 149.154.167.220 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:37:12 UTC | 262 | OUT | |
2024-04-19 17:37:12 UTC | 1024 | OUT | |
2024-04-19 17:37:12 UTC | 16355 | OUT | |
2024-04-19 17:37:12 UTC | 16355 | OUT | |
2024-04-19 17:37:12 UTC | 16355 | OUT | |
2024-04-19 17:37:12 UTC | 15447 | OUT | |
2024-04-19 17:37:12 UTC | 1565 | OUT | |
2024-04-19 17:37:12 UTC | 50 | OUT | |
2024-04-19 17:37:13 UTC | 25 | IN | |
2024-04-19 17:37:13 UTC | 1485 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 19:33:01 |
Start date: | 19/04/2024 |
Path: | C:\Users\user\Desktop\z1E-catalogSamples.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xc00000 |
File size: | 704'512 bytes |
MD5 hash: | 2D9DFDB275D38155CBA293DC619430FA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 19:33:03 |
Start date: | 19/04/2024 |
Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9a0000 |
File size: | 433'152 bytes |
MD5 hash: | C32CA4ACFCC635EC1EA6ED8A34DF5FAC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 19:33:03 |
Start date: | 19/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d64d0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 19:33:03 |
Start date: | 19/04/2024 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8c0000 |
File size: | 187'904 bytes |
MD5 hash: | 48C2FE20575769DE916F48EF0676A965 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 19:33:03 |
Start date: | 19/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d64d0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 19:33:03 |
Start date: | 19/04/2024 |
Path: | C:\Users\user\Desktop\z1E-catalogSamples.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd90000 |
File size: | 704'512 bytes |
MD5 hash: | 2D9DFDB275D38155CBA293DC619430FA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Target ID: | 7 |
Start time: | 19:33:04 |
Start date: | 19/04/2024 |
Path: | C:\Users\user\AppData\Roaming\vZkoWbol.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd60000 |
File size: | 704'512 bytes |
MD5 hash: | 2D9DFDB275D38155CBA293DC619430FA |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 8 |
Start time: | 19:33:04 |
Start date: | 19/04/2024 |
Path: | C:\Windows\System32\wbem\WmiPrvSE.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ef0c0000 |
File size: | 496'640 bytes |
MD5 hash: | 60FF40CFD7FB8FE41EE4FE9AE5FE1C51 |
Has elevated privileges: | true |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 19:33:07 |
Start date: | 19/04/2024 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8c0000 |
File size: | 187'904 bytes |
MD5 hash: | 48C2FE20575769DE916F48EF0676A965 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 10 |
Start time: | 19:33:07 |
Start date: | 19/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d64d0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 11 |
Start time: | 19:33:07 |
Start date: | 19/04/2024 |
Path: | C:\Users\user\AppData\Roaming\vZkoWbol.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x350000 |
File size: | 704'512 bytes |
MD5 hash: | 2D9DFDB275D38155CBA293DC619430FA |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 12 |
Start time: | 19:33:07 |
Start date: | 19/04/2024 |
Path: | C:\Users\user\AppData\Roaming\vZkoWbol.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xcc0000 |
File size: | 704'512 bytes |
MD5 hash: | 2D9DFDB275D38155CBA293DC619430FA |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Function 01619BF0 Relevance: .2, Instructions: 201COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01615E34 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016149DC Relevance: 1.6, APIs: 1, Instructions: 96COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BD034 Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013AD72C Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BD055 Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BD0DC Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BD294 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013AD727 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BD28F Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0161E368 Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 065B0040 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 11.1% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 148 |
Total number of Limit Nodes: | 18 |
Graph
Function 06CE2350 Relevance: 9.0, Strings: 6, Instructions: 1497COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE7D60 Relevance: 3.0, Strings: 2, Instructions: 472COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE65C8 Relevance: .8, Instructions: 815COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CEC168 Relevance: .6, Instructions: 639COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CEB2B9 Relevance: .6, Instructions: 607COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE55A8 Relevance: .6, Instructions: 591COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE9130 Relevance: 5.2, Strings: 4, Instructions: 230COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CECF30 Relevance: 4.5, Strings: 3, Instructions: 797COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE4B78 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CEC9F0 Relevance: 2.9, Strings: 2, Instructions: 402COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE9125 Relevance: 2.7, Strings: 2, Instructions: 156COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE4B68 Relevance: 2.6, Strings: 2, Instructions: 142COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CD2593 Relevance: 1.6, APIs: 1, Instructions: 115COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CD2598 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CD5EDC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CD62E8 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CD62F0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CD9A0F Relevance: 1.6, APIs: 1, Instructions: 58COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CD9A10 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0304EA60 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CD14EB Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CD14F0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CD608C Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CD5F34 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CD74B8 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CD7D81 Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CEDAB0 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CEDA9D Relevance: 1.4, Strings: 1, Instructions: 114COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE21B5 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE21C8 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE82D6 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE61C0 Relevance: .2, Instructions: 229COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE42B1 Relevance: .2, Instructions: 225COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE42C0 Relevance: .2, Instructions: 218COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE45CC Relevance: .2, Instructions: 216COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CEAF08 Relevance: .2, Instructions: 215COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE45E0 Relevance: .2, Instructions: 210COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CEEAE8 Relevance: .2, Instructions: 204COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CEEAF8 Relevance: .2, Instructions: 201COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CEFB87 Relevance: .2, Instructions: 176COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CEF939 Relevance: .2, Instructions: 167COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CEF948 Relevance: .2, Instructions: 163COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE5430 Relevance: .1, Instructions: 126COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE2078 Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE2088 Relevance: .1, Instructions: 91COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE3AB1 Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE3AC0 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0151D006 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0151D044 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0151D20C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0151D3BC Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE6CF8 Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE3070 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE3BD0 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE4210 Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CEED69 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE3888 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0151D207 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0151D3B7 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CEA2E7 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE3890 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE4220 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE3BBF Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CEED78 Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CEAF03 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CEA2F8 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CEC9E1 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CEC7B8 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE6448 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE6458 Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE7680 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CEA920 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE7080 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CEB9E8 Relevance: 7.7, Strings: 6, Instructions: 197COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE83B8 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06CE87D0 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 15.1% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 174 |
Total number of Limit Nodes: | 6 |
Graph
Function 0663AB8C Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 031249DC Relevance: 1.6, APIs: 1, Instructions: 96COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03125E34 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0663B7F8 Relevance: 1.6, APIs: 1, Instructions: 69windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0663744C Relevance: 1.6, APIs: 1, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06637450 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 066371C8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06637298 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 066372A0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06637110 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06637118 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06639088 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0170D034 Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0170D055 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0170D294 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0170D0DC Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0170D28F Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 11% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 150 |
Total number of Limit Nodes: | 19 |
Graph
Function 06D53070 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D57D60 Relevance: 3.0, Strings: 2, Instructions: 474COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D52342 Relevance: 1.0, Instructions: 1023COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D565C8 Relevance: .8, Instructions: 833COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D5C168 Relevance: .6, Instructions: 648COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D5B2B9 Relevance: .6, Instructions: 611COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D555A8 Relevance: .6, Instructions: 594COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D59130 Relevance: 5.2, Strings: 4, Instructions: 230COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D5CF30 Relevance: 4.6, Strings: 3, Instructions: 802COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D54B78 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D5911F Relevance: 2.7, Strings: 2, Instructions: 181COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D54B68 Relevance: 2.6, Strings: 2, Instructions: 148COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013DE978 Relevance: 1.6, APIs: 1, Instructions: 138COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D42593 Relevance: 1.6, APIs: 1, Instructions: 115COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D42598 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D45EDC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D462E8 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D462F0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D49A0F Relevance: 1.6, APIs: 1, Instructions: 58COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D49A10 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013DEA60 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D414EB Relevance: 1.6, APIs: 1, Instructions: 51COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D414F0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D4608C Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D45F34 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D474B8 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D47D81 Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D5DA9D Relevance: 1.4, Strings: 1, Instructions: 126COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D521C8 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D582D6 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D561C0 Relevance: .2, Instructions: 229COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D542B1 Relevance: .2, Instructions: 227COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D545CC Relevance: .2, Instructions: 222COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D5AF08 Relevance: .2, Instructions: 215COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D545E0 Relevance: .2, Instructions: 210COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D5EAE8 Relevance: .2, Instructions: 206COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D5EAF8 Relevance: .2, Instructions: 201COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D5FB87 Relevance: .2, Instructions: 180COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D5F939 Relevance: .2, Instructions: 173COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D5F948 Relevance: .2, Instructions: 163COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D55421 Relevance: .1, Instructions: 132COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D52078 Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D52088 Relevance: .1, Instructions: 91COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D53AB1 Relevance: .1, Instructions: 79COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D53AC0 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0134D3BC Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0134D044 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0134D20C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D54210 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D53BD0 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D5ED69 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D53888 Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D5A2E7 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0134D3B7 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0134D03F Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0134D207 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D53BBF Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D53890 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D54220 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D5ED78 Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D5AF02 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D5A2F8 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D56448 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D57680 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D5A920 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D57080 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D5B9E8 Relevance: 7.7, Strings: 6, Instructions: 197COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D583B8 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06D587D0 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |