Windows
Analysis Report
Payment Swift.doc
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
- WINWORD.EXE (PID: 2940 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\WINWOR D.EXE" /Au tomation - Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5) - EQNEDT32.EXE (PID: 2452 cmdline:
"C:\Progra m Files\Co mmon Files \Microsoft Shared\EQ UATION\EQN EDT32.EXE" -Embeddin g MD5: A87236E214F6D42A65F5DEDAC816AEC8) - microme09255.scr (PID: 3176 cmdline:
"C:\Users\ user\AppDa ta\Roaming \microme09 255.scr" MD5: 75DC78C375DFEE9C0B96FA476BCD5D1C) - microme09255.scr (PID: 3204 cmdline:
"C:\Users\ user\AppDa ta\Roaming \microme09 255.scr" MD5: 75DC78C375DFEE9C0B96FA476BCD5D1C) - EQNEDT32.EXE (PID: 3420 cmdline:
"C:\Progra m Files\Co mmon Files \Microsoft Shared\EQ UATION\EQN EDT32.EXE" -Embeddin g MD5: A87236E214F6D42A65F5DEDAC816AEC8)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Agent Tesla, AgentTesla | A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel. |
{"Exfil Mode": "SMTP", "Port": "587", "Host": "smtp.gmail.com", "Username": "micromeqbd@gmail.com", "Password": "tssveohxktcpzhdm"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
INDICATOR_RTF_MalVer_Objects | Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
MALWARE_Win_DLInjector02 | Detects downloader injector | ditekSHen |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 5 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
MALWARE_Win_DLInjector02 | Detects downloader injector | ditekSHen |
| |
MALWARE_Win_DLInjector02 | Detects downloader injector | ditekSHen |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID | Detects executables referencing Windows vault credential objects. Observed in infostealers | ditekSHen |
| |
Click to see the 16 entries |
System Summary |
---|
Source: | Author: Max Altgelt (Nextron Systems): |
Source: | Author: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: |
Source: | Author: Christopher Peacock @securepeacock, SCYTHE @scythe_io: |
Source: | Author: Brandon George (blog post), Thomas Patzke: |
Source: | Author: frack113: |
Source: | Author: frack113: |
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Exploits |
---|
Source: | Network connect: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Binary string: |
Software Vulnerabilities |
---|
Source: | Process created: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | File created: | Jump to behavior |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | .Net Code: |
Source: | Windows user hook set: | Jump to behavior |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Screenshot OCR: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Process Stats: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 5_2_001C3D2F | |
Source: | Code function: | 6_2_00393900 | |
Source: | Code function: | 6_2_0039F360 | |
Source: | Code function: | 6_2_00398C00 | |
Source: | Code function: | 6_2_00394518 | |
Source: | Code function: | 6_2_0039BE88 | |
Source: | Code function: | 6_2_00393C48 | |
Source: | Code function: | 6_2_0039E54A | |
Source: | Code function: | 6_2_00920980 | |
Source: | Code function: | 6_2_009255F0 | |
Source: | Code function: | 6_2_00926550 | |
Source: | Code function: | 6_2_00921A40 | |
Source: | Code function: | 6_2_00928778 |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: |
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | LNK file: |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Binary string: |
Source: | Static PE information: |
Source: | Code function: | 2_2_00607A6B | |
Source: | Code function: | 2_2_00607A73 | |
Source: | Code function: | 2_2_00607A7B | |
Source: | Code function: | 2_2_0060FA7F | |
Source: | Code function: | 2_2_00605453 | |
Source: | Code function: | 2_2_0061002B | |
Source: | Code function: | 2_2_00610033 | |
Source: | Code function: | 2_2_0060A8F3 | |
Source: | Code function: | 2_2_0060A8FB | |
Source: | Code function: | 2_2_0060F8AB | |
Source: | Code function: | 2_2_0060F8B3 | |
Source: | Code function: | 2_2_006052BF | |
Source: | Code function: | 2_2_0060FA87 | |
Source: | Code function: | 2_2_00608367 | |
Source: | Code function: | 2_2_0060836F | |
Source: | Code function: | 2_2_0060897B | |
Source: | Code function: | 2_2_00606D27 | |
Source: | Code function: | 2_2_00606D1F | |
Source: | Code function: | 2_2_00605FE3 | |
Source: | Code function: | 2_2_00605FEB | |
Source: | Code function: | 2_2_0060C3AB | |
Source: | Code function: | 2_2_00608983 | |
Source: | Code function: | 2_2_0060658F | |
Source: | Code function: | 2_2_00606597 | |
Source: | Code function: | 5_2_001C07E1 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Persistence and Installation Behavior |
---|
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Key value created or modified: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 121 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 11 Disable or Modify Tools | 2 OS Credential Dumping | 1 File and Directory Discovery | Remote Services | 11 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 111 Process Injection | 1 Deobfuscate/Decode Files or Information | 21 Input Capture | 24 System Information Discovery | Remote Desktop Protocol | 2 Data from Local System | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 33 Exploitation for Client Execution | Logon Script (Windows) | Logon Script (Windows) | 21 Obfuscated Files or Information | 1 Credentials in Registry | 11 Security Software Discovery | SMB/Windows Admin Shares | 1 Email Collection | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Install Root Certificate | NTDS | 1 Query Registry | Distributed Component Object Model | 21 Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Software Packing | LSA Secrets | 1 Process Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Timestomp | Cached Domain Credentials | 141 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | 1 Application Window Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 11 Masquerading | Proc Filesystem | 1 Remote System Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 1 Modify Registry | /etc/passwd and /etc/shadow | 1 System Network Configuration Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | 141 Virtualization/Sandbox Evasion | Network Sniffing | Network Service Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
Network Security Appliances | Domains | Compromise Software Dependencies and Development Tools | AppleScript | Launchd | Launchd | 111 Process Injection | Input Capture | System Network Connections Discovery | Software Deployment Tools | Remote Data Staging | Mail Protocols | Exfiltration Over Unencrypted Non-C2 Protocol | Firmware Corruption |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
43% | ReversingLabs | Document-RTF.Exploit.CVE-2017-11882 | ||
46% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
25% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
22% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
covid19help.top | 104.21.83.128 | true | true |
| unknown |
api.ipify.org | 172.67.74.152 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.21.83.128 | covid19help.top | United States | 13335 | CLOUDFLARENETUS | true | |
172.67.74.152 | api.ipify.org | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431944 |
Start date and time: | 2024-04-26 03:05:00 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 9m 4s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Payment Swift.doc |
Detection: | MAL |
Classification: | mal100.troj.spyw.expl.evad.winDOC@7/9@2/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, svchost.exe
- Execution Graph export aborted for target EQNEDT32.EXE, PID 2452 because there are no executed function
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
03:05:46 | API Interceptor | |
03:05:50 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.21.83.128 | Get hash | malicious | AgentTesla | Browse | ||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Remcos | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
172.67.74.152 | Get hash | malicious | Stealit | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Stealit | Browse |
| ||
Get hash | malicious | Stealit | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
covid19help.top | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
api.ipify.org | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | NetSupport RAT | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Latrodectus | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Latrodectus | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
7dcce5b76c8b17472d024758970a406b | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
36f7277af969a6947a61ae0b815907a1 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\microm[1].scr
Download File
Process: | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 857600 |
Entropy (8bit): | 7.172009190400047 |
Encrypted: | false |
SSDEEP: | 12288:yZ9pzkL1KcPt7sOcflZDLpp8jlMVGdAbNASR8OA10aIkiU:yZ9pzUH7ZEdv8JMVGdGAS210aIki |
MD5: | 75DC78C375DFEE9C0B96FA476BCD5D1C |
SHA1: | 2F61518B7B14B35B9E4FC53C99455C9D2293F139 |
SHA-256: | 5EA4437DF5DCC07B35C3959A6FC54D07415D77A659F277FD73F34CCCFBBFE1AD |
SHA-512: | 81673AB01120F7D15675852B4CF3ED020BE1D1BC8494D9DAC213D33324CD22CFE22652FCD85DA06E438C8494FCD19B1E638805651B5412A83AB9912D48015EDB |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{1654943A-8722-402F-85B2-DE354B391398}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 16384 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | CE338FE6899778AACFC28414F2D9498B |
SHA1: | 897256B6709E1A4DA9DABA92B6BDE39CCFCCD8C1 |
SHA-256: | 4FE7B59AF6DE3B665B67788CC2F99892AB827EFAE3A467342B3BB4E3BC8E5BFE |
SHA-512: | 6EB7F16CF7AFCABE9BDEA88BDAB0469A7937EB715ADA9DFD8F428D9D38D86133945F5F2F2688DDD96062223A39B5D47F07AFC3C48D9DB1D5EE3F41C8D274DCCF |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E7CB4438-AB7B-43D3-857E-02E3B20A8674}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 60416 |
Entropy (8bit): | 3.606068886856527 |
Encrypted: | false |
SSDEEP: | 768:igI2Q5Q6IQXwvW5Kq2g05gI2Q5Q6IQXwvW5Kq2g05gI2Q5Q6IQXwvW5Kq2g0bfxV:BSyemuSyemuSyemv7rlx |
MD5: | 5CFCC448FC348897F50C4BE101B8DD3F |
SHA1: | 15F0F4307A5F40EB626C1C4AA0A4D007D614FBF3 |
SHA-256: | DCD064EE0E77319C05CEFFAC8A26671154BDF7FB84EAFE7263B8FB32019BCA0D |
SHA-512: | AB167AE1B8A76A1263C512C6AC20CD5BD63240A511829A3C7A21330FD7A306E531BF938BBA1CDDEC92C0F23EFE540E900418CB9A12ACC48EDEFF25B75A6F0F83 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F049A0BE-DDAA-4F28-9F33-B6FAFB134366}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1024 |
Entropy (8bit): | 0.05390218305374581 |
Encrypted: | false |
SSDEEP: | 3:ol3lYdn:4Wn |
MD5: | 5D4D94EE7E06BBB0AF9584119797B23A |
SHA1: | DBB111419C704F116EFA8E72471DD83E86E49677 |
SHA-256: | 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1 |
SHA-512: | 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1029 |
Entropy (8bit): | 4.583397172116236 |
Encrypted: | false |
SSDEEP: | 12:81Ofh3gXg/XAlCPCHaXaTBbTB/Dr8xX+WR3OdcD4icvbGGec4yDtZ3YilMMEpxRL:8AH/XTKT9TxO/3CcXeDe2Dv3qKk7N |
MD5: | 274A778D3EC295F948D2E767D0C1EDC9 |
SHA1: | 18A8D36D9D25D86ED80373D972A125DF86E3F89C |
SHA-256: | C6BA8CFE0F5071CBC7788A1F7E720D8B34F0349A24E9F33B34473EA411E89BF9 |
SHA-512: | 4BDB099BF8422AFE4264016982D3918884135955B2C41043CC8CE6739309205F3A7A81B7D38274661677D879BAE7488F3F100E1B5F594F343E592BF37F280ACA |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.71506101220307 |
Encrypted: | false |
SSDEEP: | 3:M1OeLJNYCm42eLJNYCv:MMeNNoeNN1 |
MD5: | AF72F7B3C76B35416757E998225D56A7 |
SHA1: | 3A7C837E7D7E9E9AAFA64FDD33F32DB5883741D5 |
SHA-256: | A77B860B3E3355727944E733DC3214EF5977DEC0BC052C7CF93B1EF473B41A07 |
SHA-512: | 0F75C26ADEB0ADDA88E0FDFE5B261D1920B6BCC2ACC9B703125507D0AA4B79681091EFD9CDB23D5CAB2FA5AEC06CBBC88F0C2AD436ACCAD80491A79C6FE6A794 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.4797606462020307 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyHlqlzl0pbklMWjV4lc+/dllln:vdsCkWtWYlz21kF2JV/l |
MD5: | 2CF7D3B8DED3F1D5CE1AC92F3E51D4ED |
SHA1: | 95E13378EA9CACA068B2687F01E9EF13F56627C2 |
SHA-256: | 60DF94CDE4FD9B4A73BB13775079D75CE954B75DED5A2878277FA64AD767CAB1 |
SHA-512: | 2D5797FBBE44766D93A5DE3D92911358C70D8BE60D5DF542ECEDB77D1195DC1EEF85E4CA1445595BE81550335A20AB3F11B512385FE20F75B1E269D6AB048E0A |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 857600 |
Entropy (8bit): | 7.172009190400047 |
Encrypted: | false |
SSDEEP: | 12288:yZ9pzkL1KcPt7sOcflZDLpp8jlMVGdAbNASR8OA10aIkiU:yZ9pzUH7ZEdv8JMVGdGAS210aIki |
MD5: | 75DC78C375DFEE9C0B96FA476BCD5D1C |
SHA1: | 2F61518B7B14B35B9E4FC53C99455C9D2293F139 |
SHA-256: | 5EA4437DF5DCC07B35C3959A6FC54D07415D77A659F277FD73F34CCCFBBFE1AD |
SHA-512: | 81673AB01120F7D15675852B4CF3ED020BE1D1BC8494D9DAC213D33324CD22CFE22652FCD85DA06E438C8494FCD19B1E638805651B5412A83AB9912D48015EDB |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.4797606462020307 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyHlqlzl0pbklMWjV4lc+/dllln:vdsCkWtWYlz21kF2JV/l |
MD5: | 2CF7D3B8DED3F1D5CE1AC92F3E51D4ED |
SHA1: | 95E13378EA9CACA068B2687F01E9EF13F56627C2 |
SHA-256: | 60DF94CDE4FD9B4A73BB13775079D75CE954B75DED5A2878277FA64AD767CAB1 |
SHA-512: | 2D5797FBBE44766D93A5DE3D92911358C70D8BE60D5DF542ECEDB77D1195DC1EEF85E4CA1445595BE81550335A20AB3F11B512385FE20F75B1E269D6AB048E0A |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 3.4938105499758296 |
TrID: |
|
File name: | Payment Swift.doc |
File size: | 139'992 bytes |
MD5: | 67fea5000046ad95ddf9707506002eaa |
SHA1: | b41f04ef65206c9f0305cc0b124dc9a58f1fe0aa |
SHA256: | b8fa7245705f07d10b2f028be43ba688ca78ddc224665a2da85d529c124725b1 |
SHA512: | d829fd14378d1ed8a1a056c2a0d0aaf5989dffad2fc1311874a3ec4b7228ca009945b9e74889761e7e1c35f06dcd335758c7b7456c467a0544f21eb1c1ee1f3f |
SSDEEP: | 768:owAbZSibMX9gRWjtwAbZSibMX9gRWjtwAbZSibMX9gRWjJeHe6wUm/IqLUV0/s7B:owAlRkwAlRkwAlRIeHON7LUbTtP |
TLSH: | 82D3AD6DD34B02698F620337AB171E5142BDBA7EF38552B1306C537933EAC39A1252BD |
File Content Preview: | {\rtf1..{\*\F8pMt6S60258OYh1lcFW6M57GClhx94TnQGEjAamhe5cWZXtxZngF6FJbYdBAV0eCK3GN1ZCTJDxHvbLfDTg6zHB8XujP1hrm1lqcLPFb90ZRHvIBjpvRfCd}..{\108273978please click Enable editing from the yellow bar above.The independent auditors. opinion says the financial st |
Icon Hash: | 2764a3aaaeb7bdbf |
Id | Start | Format ID | Format | Classname | Datasize | Filename | Sourcepath | Temppath | Exploit |
---|---|---|---|---|---|---|---|---|---|
0 | 00007528h | no |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 03:05:48.805337906 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:48.805425882 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:48.805496931 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:48.819314957 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:48.819372892 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.099515915 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.099601030 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.105154991 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.105195045 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.105638981 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.105726004 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.175228119 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.216142893 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.676878929 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.676968098 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.677009106 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.677069902 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.677083969 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.677139044 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.677161932 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.677216053 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.677300930 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.677462101 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.677472115 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.677526951 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.677537918 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.677592993 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.677608013 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.677664995 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.677716970 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.677776098 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.677834988 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.677891016 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.677946091 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.678040981 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.678051949 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.678167105 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.681607962 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.811093092 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.811340094 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.811486959 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.811537981 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.811537981 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.811563015 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.811714888 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.811774969 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.811786890 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.811836004 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.811846972 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.811897993 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.811932087 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.811988115 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.812454939 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.812530041 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.812591076 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.812834024 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.812900066 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.812911987 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.812963009 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.813359022 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.813424110 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.813476086 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.813535929 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.813589096 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.813651085 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.813697100 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.813751936 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.813808918 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.813873053 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.814225912 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.814312935 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.814342976 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.814405918 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.814438105 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.814508915 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.957672119 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.957849026 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.957863092 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.957914114 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.957925081 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.957983971 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.957994938 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.958048105 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.958309889 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.958379984 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.958424091 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.958476067 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.958559036 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.958633900 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.958656073 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.958704948 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.958878994 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.958947897 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.958991051 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.959043980 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.960223913 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.960306883 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.960386038 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.960445881 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.960828066 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.960966110 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.961664915 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.961744070 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.961846113 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.961922884 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.962697983 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.962769032 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.962893963 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.962963104 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.963673115 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.963745117 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.964559078 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.964637995 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.964740038 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.964807987 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:49.964819908 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:49.964879990 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.095397949 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.095582962 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.096494913 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.096575975 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.096906900 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.096970081 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.097131014 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.097193956 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.097397089 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.097469091 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.097770929 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.097841024 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.098412037 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.098481894 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.098598003 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.098664045 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.099291086 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.099363089 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.100159883 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.100229979 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.100310087 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.100369930 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.101608992 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.101685047 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.102233887 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.102308989 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.102504015 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.102574110 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.103995085 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.104065895 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.104916096 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.105042934 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.108824968 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.108896017 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.108993053 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.109060049 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.109162092 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.109229088 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.109316111 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.109373093 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.109477043 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.109539986 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.109617949 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.109678984 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.109766006 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.109842062 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.109905958 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.109965086 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.110045910 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.110106945 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.110191107 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.110249996 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.110282898 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.110337973 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.276251078 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.276324987 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.276530027 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.276590109 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.279073954 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.279110909 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.279165030 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.279236078 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.279278040 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.279299021 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.279334068 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.279350996 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.280145884 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.280217886 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.282732010 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.282810926 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.282861948 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.282932043 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.284715891 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.284828901 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.284846067 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.284920931 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.287431955 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.287508011 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.287594080 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.287661076 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.289561987 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.289645910 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.289689064 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.289761066 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.292310953 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.292380095 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.292438984 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.292498112 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.295012951 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.295094013 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.295140982 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.295207024 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.296920061 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.296993017 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.297048092 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.297137022 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.299737930 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.299828053 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.299866915 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.299928904 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.301847935 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.301925898 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.301976919 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.302042961 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.304605961 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.304687023 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.304733992 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.304805040 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.306622982 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.306700945 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.306749105 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.306807041 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.306844950 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.306909084 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.372364998 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.372438908 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.372987032 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.373060942 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.382644892 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.382713079 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.382775068 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.382843018 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.385107040 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.385188103 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.385266066 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.385346889 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.387769938 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.387852907 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.387901068 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.387967110 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.389784098 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.389859915 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.389911890 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.389969110 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.401164055 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.401237011 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.401293039 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.401370049 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.401370049 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.403449059 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.403534889 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.403578043 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.403640985 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.406102896 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.406183004 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.406230927 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.406332016 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.406332016 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.408036947 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.408137083 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.408184052 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.408257961 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.408389091 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.410722017 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.410804033 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.410851955 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.410921097 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.412960052 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.413022041 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.413086891 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.413155079 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.413346052 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.415517092 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.415590048 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.415674925 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.415739059 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.417574883 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.417649031 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.417700052 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.417773008 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.418431044 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.420392036 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.420484066 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.420521975 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.420583963 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.421417952 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.422363043 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.422434092 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.422488928 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.422558069 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.425048113 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.425147057 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.425173044 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.425240040 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.427190065 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.427278042 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.427349091 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.427436113 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.428376913 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.429980993 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.430062056 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.430110931 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.430196047 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.432461023 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.432548046 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.432601929 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.432668924 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.434678078 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.434753895 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.434825897 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.434896946 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.437601089 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.437674999 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.437728882 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.437792063 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.439227104 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.439294100 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.439354897 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.439414978 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.442008018 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.442089081 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.442136049 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.442197084 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.443984032 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.444056034 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.444129944 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.444190025 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.446774960 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.446856022 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.446901083 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.446968079 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.497431040 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.497524977 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.497580051 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.497651100 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.499195099 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.499293089 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.499387980 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.499442101 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.514383078 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.514460087 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.514477015 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.514538050 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.514600992 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.514655113 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.514748096 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.514796019 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:50.514808893 CEST | 443 | 49161 | 104.21.83.128 | 192.168.2.22 |
Apr 26, 2024 03:05:50.514838934 CEST | 49161 | 443 | 192.168.2.22 | 104.21.83.128 |
Apr 26, 2024 03:05:51.676476955 CEST | 49162 | 443 | 192.168.2.22 | 172.67.74.152 |
Apr 26, 2024 03:05:51.676507950 CEST | 443 | 49162 | 172.67.74.152 | 192.168.2.22 |
Apr 26, 2024 03:05:51.677932024 CEST | 49162 | 443 | 192.168.2.22 | 172.67.74.152 |
Apr 26, 2024 03:05:51.686052084 CEST | 49162 | 443 | 192.168.2.22 | 172.67.74.152 |
Apr 26, 2024 03:05:51.686062098 CEST | 443 | 49162 | 172.67.74.152 | 192.168.2.22 |
Apr 26, 2024 03:05:51.959042072 CEST | 443 | 49162 | 172.67.74.152 | 192.168.2.22 |
Apr 26, 2024 03:05:51.959158897 CEST | 49162 | 443 | 192.168.2.22 | 172.67.74.152 |
Apr 26, 2024 03:05:52.028162956 CEST | 49162 | 443 | 192.168.2.22 | 172.67.74.152 |
Apr 26, 2024 03:05:52.028175116 CEST | 443 | 49162 | 172.67.74.152 | 192.168.2.22 |
Apr 26, 2024 03:05:52.029382944 CEST | 443 | 49162 | 172.67.74.152 | 192.168.2.22 |
Apr 26, 2024 03:05:52.236169100 CEST | 443 | 49162 | 172.67.74.152 | 192.168.2.22 |
Apr 26, 2024 03:05:52.236269951 CEST | 49162 | 443 | 192.168.2.22 | 172.67.74.152 |
Apr 26, 2024 03:05:52.307372093 CEST | 49162 | 443 | 192.168.2.22 | 172.67.74.152 |
Apr 26, 2024 03:05:52.352114916 CEST | 443 | 49162 | 172.67.74.152 | 192.168.2.22 |
Apr 26, 2024 03:05:52.477550983 CEST | 443 | 49162 | 172.67.74.152 | 192.168.2.22 |
Apr 26, 2024 03:05:52.477725983 CEST | 443 | 49162 | 172.67.74.152 | 192.168.2.22 |
Apr 26, 2024 03:05:52.477781057 CEST | 49162 | 443 | 192.168.2.22 | 172.67.74.152 |
Apr 26, 2024 03:05:52.515562057 CEST | 49162 | 443 | 192.168.2.22 | 172.67.74.152 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 03:05:48.587985992 CEST | 54562 | 53 | 192.168.2.22 | 8.8.8.8 |
Apr 26, 2024 03:05:48.788902044 CEST | 53 | 54562 | 8.8.8.8 | 192.168.2.22 |
Apr 26, 2024 03:05:51.500503063 CEST | 52917 | 53 | 192.168.2.22 | 8.8.8.8 |
Apr 26, 2024 03:05:51.662383080 CEST | 53 | 52917 | 8.8.8.8 | 192.168.2.22 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 26, 2024 03:05:48.587985992 CEST | 192.168.2.22 | 8.8.8.8 | 0xea0d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 03:05:51.500503063 CEST | 192.168.2.22 | 8.8.8.8 | 0xd734 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 26, 2024 03:05:48.788902044 CEST | 8.8.8.8 | 192.168.2.22 | 0xea0d | No error (0) | 104.21.83.128 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 03:05:48.788902044 CEST | 8.8.8.8 | 192.168.2.22 | 0xea0d | No error (0) | 172.67.175.222 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 03:05:51.662383080 CEST | 8.8.8.8 | 192.168.2.22 | 0xd734 | No error (0) | 172.67.74.152 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 03:05:51.662383080 CEST | 8.8.8.8 | 192.168.2.22 | 0xd734 | No error (0) | 104.26.13.205 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 03:05:51.662383080 CEST | 8.8.8.8 | 192.168.2.22 | 0xd734 | No error (0) | 104.26.12.205 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.22 | 49161 | 104.21.83.128 | 443 | 2452 | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 01:05:49 UTC | 312 | OUT | |
2024-04-26 01:05:49 UTC | 771 | IN | |
2024-04-26 01:05:49 UTC | 598 | IN | |
2024-04-26 01:05:49 UTC | 1369 | IN | |
2024-04-26 01:05:49 UTC | 1369 | IN | |
2024-04-26 01:05:49 UTC | 1369 | IN | |
2024-04-26 01:05:49 UTC | 1369 | IN | |
2024-04-26 01:05:49 UTC | 1369 | IN | |
2024-04-26 01:05:49 UTC | 1369 | IN | |
2024-04-26 01:05:49 UTC | 1369 | IN | |
2024-04-26 01:05:49 UTC | 1369 | IN | |
2024-04-26 01:05:49 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.22 | 49162 | 172.67.74.152 | 443 | 3204 | C:\Users\user\AppData\Roaming\microme09255.scr |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 01:05:52 UTC | 155 | OUT | |
2024-04-26 01:05:52 UTC | 211 | IN | |
2024-04-26 01:05:52 UTC | 15 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 03:05:45 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13ffe0000 |
File size: | 1'423'704 bytes |
MD5 hash: | 9EE74859D22DAE61F1750B3A1BACB6F5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 2 |
Start time: | 03:05:46 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 543'304 bytes |
MD5 hash: | A87236E214F6D42A65F5DEDAC816AEC8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 03:05:50 |
Start date: | 26/04/2024 |
Path: | C:\Users\user\AppData\Roaming\microme09255.scr |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xde0000 |
File size: | 857'600 bytes |
MD5 hash: | 75DC78C375DFEE9C0B96FA476BCD5D1C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 6 |
Start time: | 03:05:50 |
Start date: | 26/04/2024 |
Path: | C:\Users\user\AppData\Roaming\microme09255.scr |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xde0000 |
File size: | 857'600 bytes |
MD5 hash: | 75DC78C375DFEE9C0B96FA476BCD5D1C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Target ID: | 7 |
Start time: | 03:06:09 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 543'304 bytes |
MD5 hash: | A87236E214F6D42A65F5DEDAC816AEC8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Execution Graph
Execution Coverage: | 17.9% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 36.4% |
Total number of Nodes: | 33 |
Total number of Limit Nodes: | 1 |
Graph
Function 001C3D2F Relevance: 1.9, Strings: 1, Instructions: 619COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001C4C98 Relevance: 1.6, APIs: 1, Instructions: 104COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001C3A70 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001C4CA0 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001C37F0 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001C3B90 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0016D204 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0016D1FF Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 11% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 3 |
Total number of Limit Nodes: | 0 |
Graph
Function 00398C00 Relevance: 2.8, Instructions: 2816COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0039BE88 Relevance: 2.3, Instructions: 2310COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0039E54A Relevance: 1.0, Instructions: 1043COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0039F360 Relevance: .5, Instructions: 545COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00394518 Relevance: .3, Instructions: 266COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00393900 Relevance: .2, Instructions: 238COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00929FF0 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00929FF8 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0039E3BD Relevance: 1.4, Strings: 1, Instructions: 110COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00396590 Relevance: .6, Instructions: 575COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00398028 Relevance: .4, Instructions: 355COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00395088 Relevance: .3, Instructions: 259COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00398960 Relevance: .2, Instructions: 222COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00398390 Relevance: .1, Instructions: 147COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0039E280 Relevance: .1, Instructions: 96COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00398388 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00395C28 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0039E290 Relevance: .1, Instructions: 91COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00392168 Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0039FDA0 Relevance: .1, Instructions: 83COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0039FDB0 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00397F10 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00397E01 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00391529 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00391381 Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001FD110 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00397E10 Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00391710 Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00391538 Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00394E18 Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00390838 Relevance: .1, Instructions: 65COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00390848 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00391648 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0039FEC0 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0039FB78 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003964DC Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0039FEB0 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00391498 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001FD10B Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00396DB0 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |