Windows
Analysis Report
gunzipped.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- gunzipped.exe (PID: 6640 cmdline:
"C:\Users\ user\Deskt op\gunzipp ed.exe" MD5: 4B905E6548F4D5040FAB8962CB71877E) - powershell.exe (PID: 6948 cmdline:
"C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" Add-MpPref erence -Ex clusionPat h "C:\User s\user\App Data\Roami ng\mPvIOxE ZXJsdYp.ex e" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC) - conhost.exe (PID: 6696 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - WmiPrvSE.exe (PID: 7396 cmdline:
C:\Windows \system32\ wbem\wmipr vse.exe -s ecured -Em bedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51) - schtasks.exe (PID: 7188 cmdline:
"C:\Window s\System32 \schtasks. exe" /Crea te /TN "Up dates\mPvI OxEZXJsdYp " /XML "C: \Users\use r\AppData\ Local\Temp \tmp510D.t mp" MD5: 48C2FE20575769DE916F48EF0676A965) - conhost.exe (PID: 7208 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - gunzipped.exe (PID: 7320 cmdline:
"C:\Users\ user\Deskt op\gunzipp ed.exe" MD5: 4B905E6548F4D5040FAB8962CB71877E) - gunzipped.exe (PID: 7328 cmdline:
"C:\Users\ user\Deskt op\gunzipp ed.exe" MD5: 4B905E6548F4D5040FAB8962CB71877E)
- mPvIOxEZXJsdYp.exe (PID: 7368 cmdline:
C:\Users\u ser\AppDat a\Roaming\ mPvIOxEZXJ sdYp.exe MD5: 4B905E6548F4D5040FAB8962CB71877E) - schtasks.exe (PID: 7500 cmdline:
"C:\Window s\System32 \schtasks. exe" /Crea te /TN "Up dates\mPvI OxEZXJsdYp " /XML "C: \Users\use r\AppData\ Local\Temp \tmp5B1F.t mp" MD5: 48C2FE20575769DE916F48EF0676A965) - conhost.exe (PID: 7512 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - mPvIOxEZXJsdYp.exe (PID: 7600 cmdline:
"C:\Users\ user\AppDa ta\Roaming \mPvIOxEZX JsdYp.exe" MD5: 4B905E6548F4D5040FAB8962CB71877E) - mPvIOxEZXJsdYp.exe (PID: 7608 cmdline:
"C:\Users\ user\AppDa ta\Roaming \mPvIOxEZX JsdYp.exe" MD5: 4B905E6548F4D5040FAB8962CB71877E)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Loki Password Stealer (PWS), LokiBot | "Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2 |
{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://45.77.223.48/~blog/?ajax=a"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Lokibot_1 | Yara detected Lokibot | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | ||
JoeSecurity_Lokibot | Yara detected Lokibot | Joe Security | ||
JoeSecurity_aPLib_compressed_binary | Yara detected aPLib compressed binary | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Windows_Trojan_Lokibot_1f885282 | unknown | unknown |
| |
Click to see the 54 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | ||
JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | ||
JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | ||
JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | ||
JoeSecurity_Lokibot | Yara detected Lokibot | Joe Security | ||
Click to see the 67 entries |
System Summary |
---|
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Persistence and Installation Behavior |
---|
Source: | Author: Joe Security: |
Timestamp: | 04/26/24-04:57:31.331813 |
SID: | 2024318 |
Source Port: | 49758 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:25.359561 |
SID: | 2024318 |
Source Port: | 49752 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:09.548217 |
SID: | 2024312 |
Source Port: | 49738 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:25.359561 |
SID: | 2021641 |
Source Port: | 49752 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:31.331813 |
SID: | 2024313 |
Source Port: | 49758 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:31.331813 |
SID: | 2021641 |
Source Port: | 49758 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:21.056286 |
SID: | 2024318 |
Source Port: | 49746 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:23.949613 |
SID: | 2021641 |
Source Port: | 49749 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:25.359561 |
SID: | 2024313 |
Source Port: | 49752 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:21.056286 |
SID: | 2024313 |
Source Port: | 49746 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:21.056286 |
SID: | 2021641 |
Source Port: | 49746 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:23.949613 |
SID: | 2024318 |
Source Port: | 49749 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:08.113616 |
SID: | 2021641 |
Source Port: | 49737 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:08.113616 |
SID: | 2024317 |
Source Port: | 49737 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:16.639664 |
SID: | 2024313 |
Source Port: | 49743 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:16.639664 |
SID: | 2021641 |
Source Port: | 49743 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:16.639664 |
SID: | 2024318 |
Source Port: | 49743 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:29.559162 |
SID: | 2021641 |
Source Port: | 49757 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:26.717841 |
SID: | 2021641 |
Source Port: | 49754 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:29.559162 |
SID: | 2024318 |
Source Port: | 49757 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:29.559162 |
SID: | 2024313 |
Source Port: | 49757 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:12.236287 |
SID: | 2021641 |
Source Port: | 49742 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:19.622306 |
SID: | 2021641 |
Source Port: | 49745 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:12.236287 |
SID: | 2024318 |
Source Port: | 49742 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:26.717841 |
SID: | 2024313 |
Source Port: | 49754 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:19.622306 |
SID: | 2024313 |
Source Port: | 49745 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:26.717841 |
SID: | 2024318 |
Source Port: | 49754 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:08.113616 |
SID: | 2024312 |
Source Port: | 49737 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:19.622306 |
SID: | 2024318 |
Source Port: | 49745 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:12.236287 |
SID: | 2024313 |
Source Port: | 49742 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:28.121110 |
SID: | 2024313 |
Source Port: | 49756 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:10.856048 |
SID: | 2024318 |
Source Port: | 49741 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:23.949613 |
SID: | 2024313 |
Source Port: | 49749 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:18.033252 |
SID: | 2024318 |
Source Port: | 49744 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:22.484753 |
SID: | 2021641 |
Source Port: | 49747 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:10.856048 |
SID: | 2021641 |
Source Port: | 49741 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:28.121110 |
SID: | 2021641 |
Source Port: | 49756 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:10.856048 |
SID: | 2024313 |
Source Port: | 49741 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:18.033252 |
SID: | 2024313 |
Source Port: | 49744 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:22.484753 |
SID: | 2024313 |
Source Port: | 49747 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:09.548217 |
SID: | 2021641 |
Source Port: | 49738 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:28.121110 |
SID: | 2024318 |
Source Port: | 49756 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:09.548217 |
SID: | 2024317 |
Source Port: | 49738 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:22.484753 |
SID: | 2024318 |
Source Port: | 49747 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-04:57:18.033252 |
SID: | 2021641 |
Source Port: | 49744 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | URL Reputation: | ||
Source: | URL Reputation: | ||
Source: | URL Reputation: | ||
Source: | URL Reputation: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Static PE information: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Code function: | 13_2_00404ED4 |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_0772FA30 | |
Source: | Code function: | 0_2_0772FA28 |
Source: | Code function: | 0_2_00FAD2A4 | |
Source: | Code function: | 0_2_077223E0 | |
Source: | Code function: | 0_2_077220C8 | |
Source: | Code function: | 0_2_07721688 | |
Source: | Code function: | 0_2_07721450 | |
Source: | Code function: | 0_2_07721441 | |
Source: | Code function: | 0_2_077223D1 | |
Source: | Code function: | 0_2_07720228 | |
Source: | Code function: | 0_2_07720219 | |
Source: | Code function: | 0_2_0772D1B8 | |
Source: | Code function: | 0_2_0772D1A9 | |
Source: | Code function: | 0_2_07723070 | |
Source: | Code function: | 0_2_07723060 | |
Source: | Code function: | 0_2_077210E0 | |
Source: | Code function: | 0_2_077210D1 | |
Source: | Code function: | 0_2_077220B8 | |
Source: | Code function: | 0_2_07725F70 | |
Source: | Code function: | 0_2_07725F61 | |
Source: | Code function: | 0_2_0772EDF0 | |
Source: | Code function: | 0_2_0772CD80 | |
Source: | Code function: | 0_2_0772C942 | |
Source: | Code function: | 0_2_0772C948 | |
Source: | Code function: | 0_2_07724910 | |
Source: | Code function: | 0_2_07724901 | |
Source: | Code function: | 0_2_0772E9B8 | |
Source: | Code function: | 8_2_02B9D2A4 | |
Source: | Code function: | 8_2_0585D320 | |
Source: | Code function: | 8_2_0585EF80 | |
Source: | Code function: | 8_2_05852757 | |
Source: | Code function: | 8_2_05852768 | |
Source: | Code function: | 8_2_05850007 | |
Source: | Code function: | 8_2_05850040 | |
Source: | Code function: | 8_2_058523B0 | |
Source: | Code function: | 8_2_0585D310 | |
Source: | Code function: | 8_2_0585EF70 | |
Source: | Code function: | 8_2_05852E80 | |
Source: | Code function: | 8_2_072223E0 | |
Source: | Code function: | 8_2_072220C8 | |
Source: | Code function: | 8_2_0722E748 | |
Source: | Code function: | 8_2_07221688 | |
Source: | Code function: | 8_2_07221441 | |
Source: | Code function: | 8_2_07221450 | |
Source: | Code function: | 8_2_072223D1 | |
Source: | Code function: | 8_2_07220228 | |
Source: | Code function: | 8_2_07220219 | |
Source: | Code function: | 8_2_0722D1A8 | |
Source: | Code function: | 8_2_0722D1B8 | |
Source: | Code function: | 8_2_07223060 | |
Source: | Code function: | 8_2_07223070 | |
Source: | Code function: | 8_2_072220B8 | |
Source: | Code function: | 8_2_072210E0 | |
Source: | Code function: | 8_2_072210D1 | |
Source: | Code function: | 8_2_07225F6F | |
Source: | Code function: | 8_2_07225F70 | |
Source: | Code function: | 8_2_0722CD80 | |
Source: | Code function: | 8_2_0722EDF0 | |
Source: | Code function: | 8_2_0722490F | |
Source: | Code function: | 8_2_07224910 | |
Source: | Code function: | 8_2_0722C944 | |
Source: | Code function: | 8_2_0722C948 | |
Source: | Code function: | 8_2_0722E9B8 | |
Source: | Code function: | 8_2_0742F580 | |
Source: | Code function: | 8_2_0742EB18 | |
Source: | Code function: | 8_2_074253B8 | |
Source: | Code function: | 8_2_0742E290 | |
Source: | Code function: | 8_2_074249F8 | |
Source: | Code function: | 8_2_0742EFE0 | |
Source: | Code function: | 8_2_0742D780 | |
Source: | Code function: | 8_2_07426CA8 | |
Source: | Code function: | 8_2_07426CB8 | |
Source: | Code function: | 8_2_074253A7 | |
Source: | Code function: | 8_2_07425110 | |
Source: | Code function: | 8_2_07425120 | |
Source: | Code function: | 8_2_074249EB | |
Source: | Code function: | 13_2_0040549C | |
Source: | Code function: | 13_2_004029D4 |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: |
Source: | Suspicious method names: | ||
Source: | Suspicious method names: | ||
Source: | Suspicious method names: | ||
Source: | Suspicious method names: |
Source: | Classification label: |
Source: | Code function: | 13_2_0040434D |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_052EDDA8 | |
Source: | Code function: | 0_2_052E9EA4 | |
Source: | Code function: | 8_2_0585F888 | |
Source: | Code function: | 8_2_0585F87E | |
Source: | Code function: | 8_2_0722490C | |
Source: | Code function: | 8_2_0742AAB3 | |
Source: | Code function: | 13_2_00402AD4 | |
Source: | Code function: | 13_2_00402AFC |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | Process created: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File source: | ||
Source: | File source: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 13_2_0040317B |
Source: | Code function: | 13_2_00402B7C |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Code function: | 13_2_0040D069 | |
Source: | Code function: | 13_2_0040D069 |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Scheduled Task/Job | 1 Scheduled Task/Job | 111 Process Injection | 1 Masquerading | 2 OS Credential Dumping | 121 Security Software Discovery | Remote Services | 1 Email Collection | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 Scheduled Task/Job | 11 Disable or Modify Tools | 2 Credentials in Registry | 1 Process Discovery | Remote Desktop Protocol | 11 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 41 Virtualization/Sandbox Evasion | Security Account Manager | 41 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | 2 Data from Local System | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 111 Process Injection | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | 111 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Deobfuscate/Decode Files or Information | LSA Secrets | 1 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 3 Obfuscated Files or Information | Cached Domain Credentials | 13 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 22 Software Packing | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
32% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
18% | ReversingLabs | Win32.Trojan.Generic | ||
32% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | URL Reputation | malware | ||
100% | URL Reputation | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | URL Reputation | malware | ||
0% | URL Reputation | safe | ||
100% | URL Reputation | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
NaN% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
45.77.223.48 | unknown | United States | 20473 | AS-CHOOPAUS | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431964 |
Start date and time: | 2024-04-26 04:56:10 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 7m 27s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 18 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | gunzipped.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@20/13@0/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
03:57:06 | Task Scheduler | |
04:57:04 | API Interceptor | |
04:57:05 | API Interceptor | |
04:57:07 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
45.77.223.48 | Get hash | malicious | Lokibot, PureLog Stealer | Browse |
| |
Get hash | malicious | Lokibot, PureLog Stealer | Browse |
| ||
Get hash | malicious | Lokibot, PureLog Stealer | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AS-CHOOPAUS | Get hash | malicious | Lokibot, PureLog Stealer | Browse |
| |
Get hash | malicious | Lokibot, PureLog Stealer | Browse |
| ||
Get hash | malicious | Lokibot, PureLog Stealer | Browse |
| ||
Get hash | malicious | PikaBot | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook, PureLog Stealer | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | FormBook, GuLoader | Browse |
|
Process: | C:\Users\user\Desktop\gunzipped.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1216 |
Entropy (8bit): | 5.34331486778365 |
Encrypted: | false |
SSDEEP: | 24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ |
MD5: | 1330C80CAAC9A0FB172F202485E9B1E8 |
SHA1: | 86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492 |
SHA-256: | B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560 |
SHA-512: | 75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Users\user\AppData\Roaming\mPvIOxEZXJsdYp.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1216 |
Entropy (8bit): | 5.34331486778365 |
Encrypted: | false |
SSDEEP: | 24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ |
MD5: | 1330C80CAAC9A0FB172F202485E9B1E8 |
SHA1: | 86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492 |
SHA-256: | B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560 |
SHA-512: | 75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Download File
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2232 |
Entropy (8bit): | 5.379677338874509 |
Encrypted: | false |
SSDEEP: | 48:tWSU4xymI4RfoUeW+gZ9tK8NPZHUxL7u1iMuge//ZuUyus:tLHxvIIwLgZ2KRHWLOugIs |
MD5: | D9B3B1E79DF444E11801E4C8824D3DC1 |
SHA1: | F96D6D68C57452C8CF4CA61BC78C3626A58F78E7 |
SHA-256: | E27D2875176040071D8358525C821BA3CD92E42BA6146A43E8A6E2075C025DFD |
SHA-512: | 9DF885DBB14EEC29A5C3EB0FF2272988AA22D291D52C123F73C834B30CFEE1F66DE79E1C5D5D6097CE3083628700FAEB703110E58071FDEFCC904ECF8300B93E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\gunzipped.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1580 |
Entropy (8bit): | 5.12294802265756 |
Encrypted: | false |
SSDEEP: | 24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtad7xvn:cge1wYrFdOFzOzN33ODOiDdKrsuTCv |
MD5: | E78528F29C281C0F288ABE992CCA06D1 |
SHA1: | 1478063B53A4A79C7440ACD309E45AEEF3654C25 |
SHA-256: | CE0471D4E81227FC3EBAEBC5E3DAB5F9ED98DECC4B6D389D0B472A84637D644A |
SHA-512: | D684050C32BF833EFF9A2177709F79303A7437267D1EA2102151CF160AB79117C7280A00BA5EC95EDDB3D8E676DF03D9AF76EF1D506A67117B6E3DD0EF36FDF9 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\AppData\Roaming\mPvIOxEZXJsdYp.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1580 |
Entropy (8bit): | 5.12294802265756 |
Encrypted: | false |
SSDEEP: | 24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtad7xvn:cge1wYrFdOFzOzN33ODOiDdKrsuTCv |
MD5: | E78528F29C281C0F288ABE992CCA06D1 |
SHA1: | 1478063B53A4A79C7440ACD309E45AEEF3654C25 |
SHA-256: | CE0471D4E81227FC3EBAEBC5E3DAB5F9ED98DECC4B6D389D0B472A84637D644A |
SHA-512: | D684050C32BF833EFF9A2177709F79303A7437267D1EA2102151CF160AB79117C7280A00BA5EC95EDDB3D8E676DF03D9AF76EF1D506A67117B6E3DD0EF36FDF9 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\gunzipped.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06
Download File
Process: | C:\Users\user\Desktop\gunzipped.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 46 |
Entropy (8bit): | 1.0424600748477153 |
Encrypted: | false |
SSDEEP: | 3:/lbq:4 |
MD5: | 8CB7B7F28464C3FCBAE8A10C46204572 |
SHA1: | 767FE80969EC2E67F54CC1B6D383C76E7859E2DE |
SHA-256: | ED5E3DCEB0A1D68803745084985051C1ED41E11AC611DF8600B1A471F3752E96 |
SHA-512: | 9BA84225FDB6C0FD69AD99B69824EC5B8D2B8FD3BB4610576DB4AD79ADF381F7F82C4C9522EC89F7171907577FAF1B4E70B82364F516CF8BBFED99D2ADEA43AF |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\gunzipped.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 705032 |
Entropy (8bit): | 7.950061434391321 |
Encrypted: | false |
SSDEEP: | 12288:6jqnHvjNIrpf9rN/mc/CPV77Qykhe+AK9hCqAZHApvF1sdsgTWEmBuPg6AbTokR:6GPjKr5BNDAF7GAKeZHApvFWdsisBuoT |
MD5: | 4B905E6548F4D5040FAB8962CB71877E |
SHA1: | 15C3785700D10E32CE7E17D706194DD9BAA8442A |
SHA-256: | 6FD2687A66899AA63357F7434A418B2BD873EEBDA9520129B20FD3E7E889CED1 |
SHA-512: | 75BEEFB8E58CC71F433980CEB6FF74C022D35332037B905E9E6644E09DEA33BA36B41DD4C8E1E6874F302208FCCD93AD258C74D09C08828D65BF7661026A3CAD |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\gunzipped.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.950061434391321 |
TrID: |
|
File name: | gunzipped.exe |
File size: | 705'032 bytes |
MD5: | 4b905e6548f4d5040fab8962cb71877e |
SHA1: | 15c3785700d10e32ce7e17d706194dd9baa8442a |
SHA256: | 6fd2687a66899aa63357f7434a418b2bd873eebda9520129b20fd3e7e889ced1 |
SHA512: | 75beefb8e58cc71f433980ceb6ff74c022d35332037b905e9e6644e09dea33ba36b41dd4c8e1e6874f302208fccd93ad258c74d09c08828d65bf7661026a3cad |
SSDEEP: | 12288:6jqnHvjNIrpf9rN/mc/CPV77Qykhe+AK9hCqAZHApvF1sdsgTWEmBuPg6AbTokR:6GPjKr5BNDAF7GAKeZHApvFWdsisBuoT |
TLSH: | 2CE412617778D393C2B15BB045B8D5AA5BB7A5563A20D3CD0DA4618F2BD0B80FF20B63 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....+f..............0..T...6.......s... ........@.. ....................................@................................ |
Icon Hash: | 49598b8999894929 |
Entrypoint: | 0x4a73ce |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x662B05C9 [Fri Apr 26 01:39:21 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Signature Valid: | false |
Signature Issuer: | CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB |
Signature Validation Error: | The digital signature of the object did not verify |
Error Number: | -2146869232 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | DABD77E44EF6B3BB91740FA46696B779 |
Thumbprint SHA-1: | 5B9E273CF11941FD8C6BE3F038C4797BBE884268 |
Thumbprint SHA-256: | 4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570 |
Serial: | 7C1118CBBADC95DA3752C46E47A27438 |
Instruction |
---|
jmp dword ptr [00402000h] |
cmp byte ptr [edi+38h], cl |
pop edx |
xor eax, 50374856h |
xor al, 00h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [ecx+42h], al |
cmp byte ptr [esp+esi+51h], dl |
cmp byte ptr [ecx+4Fh], dl |
inc esp |
push ebp |
inc ebp |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xa737c | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xa8000 | 0x3204 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0xa8c00 | 0x3608 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xac000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0xa53f4 | 0xa5400 | 3a556957711ec72af595ebb21532f82d | False | 0.9293373558055976 | data | 7.958469565640936 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0xa8000 | 0x3204 | 0x3400 | ed07a8a4fcd614debca9a1d7299c7c22 | False | 0.8815354567307693 | data | 7.559385490334242 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xac000 | 0xc | 0x200 | 8375fa9d1f50fda2a9cab47641c55246 | False | 0.044921875 | data | 0.10191042566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0xa80c8 | 0x2d07 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | 0.9655591220612475 | ||
RT_GROUP_ICON | 0xaade0 | 0x14 | data | 1.05 | ||
RT_VERSION | 0xaae04 | 0x3fc | data | 0.42745098039215684 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/26/24-04:57:31.331813 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:25.359561 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49752 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:09.548217 | TCP | 2024312 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 | 49738 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:25.359561 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49752 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:31.331813 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:31.331813 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:21.056286 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49746 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:23.949613 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49749 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:25.359561 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49752 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:21.056286 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49746 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:21.056286 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49746 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:23.949613 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49749 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:08.113616 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49737 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:08.113616 | TCP | 2024317 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 | 49737 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:16.639664 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49743 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:16.639664 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49743 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:16.639664 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49743 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:29.559162 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:26.717841 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49754 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:29.559162 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:29.559162 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:12.236287 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49742 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:19.622306 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49745 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:12.236287 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49742 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:26.717841 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49754 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:19.622306 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49745 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:26.717841 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49754 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:08.113616 | TCP | 2024312 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 | 49737 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:19.622306 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49745 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:12.236287 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49742 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:28.121110 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49756 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:10.856048 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49741 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:23.949613 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49749 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:18.033252 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49744 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:22.484753 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49747 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:10.856048 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49741 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:28.121110 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49756 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:10.856048 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49741 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:18.033252 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49744 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:22.484753 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49747 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:09.548217 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49738 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:28.121110 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49756 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:09.548217 | TCP | 2024317 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 | 49738 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:22.484753 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49747 | 80 | 192.168.2.4 | 45.77.223.48 |
04/26/24-04:57:18.033252 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49744 | 80 | 192.168.2.4 | 45.77.223.48 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 04:57:07.923290014 CEST | 49737 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:08.111411095 CEST | 80 | 49737 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:08.111506939 CEST | 49737 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:08.113615990 CEST | 49737 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:08.298657894 CEST | 80 | 49737 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:08.300956964 CEST | 49737 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:08.486089945 CEST | 80 | 49737 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:09.199505091 CEST | 80 | 49737 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:09.199570894 CEST | 80 | 49737 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:09.199605942 CEST | 80 | 49737 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:09.199619055 CEST | 49737 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:09.199660063 CEST | 49737 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:09.199660063 CEST | 49737 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:09.208127975 CEST | 80 | 49737 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:09.208230019 CEST | 49737 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:09.208436966 CEST | 80 | 49737 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:09.208486080 CEST | 49737 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:09.208544970 CEST | 80 | 49737 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:09.208606958 CEST | 49737 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:09.208736897 CEST | 80 | 49737 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:09.208790064 CEST | 49737 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:09.208884001 CEST | 80 | 49737 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:09.208923101 CEST | 80 | 49737 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:09.208925009 CEST | 49737 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:09.208965063 CEST | 49737 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:09.209387064 CEST | 80 | 49737 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:09.209435940 CEST | 49737 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:09.359895945 CEST | 49738 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:09.385356903 CEST | 80 | 49737 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:09.385416985 CEST | 49737 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:09.385420084 CEST | 80 | 49737 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:09.385526896 CEST | 80 | 49737 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:09.385575056 CEST | 49737 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:09.545978069 CEST | 80 | 49738 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:09.546103001 CEST | 49738 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:09.548217058 CEST | 49738 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:09.734386921 CEST | 80 | 49738 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:09.736443043 CEST | 49738 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:09.922961950 CEST | 80 | 49738 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:10.612135887 CEST | 80 | 49738 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:10.612238884 CEST | 80 | 49738 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:10.612258911 CEST | 49738 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:10.612287045 CEST | 49738 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:10.612293005 CEST | 80 | 49738 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:10.612355947 CEST | 49738 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:10.621912956 CEST | 80 | 49738 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:10.621972084 CEST | 49738 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:10.622256994 CEST | 80 | 49738 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:10.622311115 CEST | 49738 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:10.622353077 CEST | 80 | 49738 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:10.622391939 CEST | 49738 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:10.622523069 CEST | 80 | 49738 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:10.622662067 CEST | 80 | 49738 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:10.622710943 CEST | 49738 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:10.622710943 CEST | 49738 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:10.622757912 CEST | 80 | 49738 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:10.622801065 CEST | 80 | 49738 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:10.622806072 CEST | 49738 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:10.622838974 CEST | 49738 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:10.666614056 CEST | 49741 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:10.797975063 CEST | 80 | 49738 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:10.798130035 CEST | 80 | 49738 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:10.798132896 CEST | 49738 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:10.798177958 CEST | 49738 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:10.798229933 CEST | 80 | 49738 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:10.798275948 CEST | 49738 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:10.854001045 CEST | 80 | 49741 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:10.854126930 CEST | 49741 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:10.856048107 CEST | 49741 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:11.042500019 CEST | 80 | 49741 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:11.042620897 CEST | 49741 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:11.229470015 CEST | 80 | 49741 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:11.914695024 CEST | 80 | 49741 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:11.914824009 CEST | 49741 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:11.914849997 CEST | 80 | 49741 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:11.914946079 CEST | 49741 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:11.915000916 CEST | 80 | 49741 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:11.915123940 CEST | 49741 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:11.923022032 CEST | 80 | 49741 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:11.923074007 CEST | 49741 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:11.923624039 CEST | 80 | 49741 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:11.923701048 CEST | 49741 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:11.924005985 CEST | 80 | 49741 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:11.924051046 CEST | 49741 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:11.924097061 CEST | 80 | 49741 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:11.924233913 CEST | 80 | 49741 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:11.924268007 CEST | 49741 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:11.924268007 CEST | 49741 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:11.924304962 CEST | 80 | 49741 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:11.924349070 CEST | 49741 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:11.924384117 CEST | 80 | 49741 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:11.924424887 CEST | 49741 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:12.046821117 CEST | 49742 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:12.101588011 CEST | 80 | 49741 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:12.101649046 CEST | 49741 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:12.101721048 CEST | 80 | 49741 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:12.101773977 CEST | 49741 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:12.101883888 CEST | 80 | 49741 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:12.102046013 CEST | 49741 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:12.233901024 CEST | 80 | 49742 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:12.234015942 CEST | 49742 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:12.236287117 CEST | 49742 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:12.423437119 CEST | 80 | 49742 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:12.423620939 CEST | 49742 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:12.611402988 CEST | 80 | 49742 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:16.293761015 CEST | 80 | 49742 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:16.293822050 CEST | 80 | 49742 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:16.293935061 CEST | 49742 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:16.293935061 CEST | 49742 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:16.293987036 CEST | 80 | 49742 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:16.294023037 CEST | 80 | 49742 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:16.294042110 CEST | 49742 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:16.294135094 CEST | 49742 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:16.294197083 CEST | 80 | 49742 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:16.294250011 CEST | 49742 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:16.302445889 CEST | 80 | 49742 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:16.302510023 CEST | 49742 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:16.302654028 CEST | 80 | 49742 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:16.302719116 CEST | 49742 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:16.302778959 CEST | 80 | 49742 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:16.302838087 CEST | 49742 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:16.302870989 CEST | 80 | 49742 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:16.302926064 CEST | 49742 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:16.303112030 CEST | 80 | 49742 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:16.303174019 CEST | 49742 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:16.448174953 CEST | 49743 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:16.480768919 CEST | 80 | 49742 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:16.480848074 CEST | 49742 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:16.480866909 CEST | 80 | 49742 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:16.480936050 CEST | 49742 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:16.636265039 CEST | 80 | 49743 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:16.636383057 CEST | 49743 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:16.639663935 CEST | 49743 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:16.828164101 CEST | 80 | 49743 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:16.828258991 CEST | 49743 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:17.014755011 CEST | 80 | 49743 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:17.695516109 CEST | 80 | 49743 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:17.695570946 CEST | 80 | 49743 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:17.695606947 CEST | 80 | 49743 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:17.695652008 CEST | 49743 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:17.695652962 CEST | 49743 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:17.695663929 CEST | 80 | 49743 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:17.695754051 CEST | 49743 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:17.695754051 CEST | 49743 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:17.704400063 CEST | 80 | 49743 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:17.704464912 CEST | 49743 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:17.704700947 CEST | 80 | 49743 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:17.704756021 CEST | 49743 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:17.704804897 CEST | 80 | 49743 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:17.704859018 CEST | 49743 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:17.704909086 CEST | 80 | 49743 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:17.704962969 CEST | 49743 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:17.705291986 CEST | 80 | 49743 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:17.705348015 CEST | 49743 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:17.705385923 CEST | 80 | 49743 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:17.705434084 CEST | 49743 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:17.843854904 CEST | 49744 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:17.883229017 CEST | 80 | 49743 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:17.883285046 CEST | 80 | 49743 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:17.883327007 CEST | 49743 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:17.883372068 CEST | 49743 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:18.029932022 CEST | 80 | 49744 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:18.030092955 CEST | 49744 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:18.033252001 CEST | 49744 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:18.220571041 CEST | 80 | 49744 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:18.220884085 CEST | 49744 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:18.408260107 CEST | 80 | 49744 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:19.100035906 CEST | 80 | 49744 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:19.100183964 CEST | 80 | 49744 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:19.100338936 CEST | 49744 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:19.100435972 CEST | 49744 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:19.107551098 CEST | 80 | 49744 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:19.107640028 CEST | 49744 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:19.107820988 CEST | 80 | 49744 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:19.107876062 CEST | 49744 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:19.107978106 CEST | 80 | 49744 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:19.108031034 CEST | 49744 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:19.108160019 CEST | 80 | 49744 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:19.108222008 CEST | 49744 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:19.108257055 CEST | 80 | 49744 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:19.108298063 CEST | 80 | 49744 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:19.108316898 CEST | 49744 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:19.108347893 CEST | 49744 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:19.108381033 CEST | 80 | 49744 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:19.108422041 CEST | 80 | 49744 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:19.108431101 CEST | 49744 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:19.108576059 CEST | 49744 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:19.286609888 CEST | 80 | 49744 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:19.286674023 CEST | 80 | 49744 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:19.286686897 CEST | 49744 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:19.286761999 CEST | 49744 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:19.432156086 CEST | 49745 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:19.620418072 CEST | 80 | 49745 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:19.620548964 CEST | 49745 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:19.622306108 CEST | 49745 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:19.809357882 CEST | 80 | 49745 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:19.809474945 CEST | 49745 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:19.996522903 CEST | 80 | 49745 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:20.685904026 CEST | 80 | 49745 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:20.686014891 CEST | 80 | 49745 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:20.686095953 CEST | 80 | 49745 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:20.686105013 CEST | 49745 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:20.693898916 CEST | 80 | 49745 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:20.693964958 CEST | 49745 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:20.694194078 CEST | 80 | 49745 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:20.694323063 CEST | 80 | 49745 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:20.694375992 CEST | 49745 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:20.694431067 CEST | 80 | 49745 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:20.694722891 CEST | 80 | 49745 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:20.694788933 CEST | 49745 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:20.694843054 CEST | 80 | 49745 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:20.694936037 CEST | 80 | 49745 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:20.694986105 CEST | 49745 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:20.714508057 CEST | 49745 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:20.867063046 CEST | 49746 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:20.873770952 CEST | 80 | 49745 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:20.873842001 CEST | 80 | 49745 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:20.873845100 CEST | 49745 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:20.874186039 CEST | 49745 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:20.880363941 CEST | 80 | 49745 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:20.880424023 CEST | 49745 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:20.880460024 CEST | 80 | 49745 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:20.880507946 CEST | 49745 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:20.894118071 CEST | 80 | 49745 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:20.894179106 CEST | 80 | 49745 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:20.894371033 CEST | 49745 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:21.054208994 CEST | 80 | 49746 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:21.054305077 CEST | 49746 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:21.056286097 CEST | 49746 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:21.244081020 CEST | 80 | 49746 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:21.244206905 CEST | 49746 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:21.432917118 CEST | 80 | 49746 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:22.132865906 CEST | 80 | 49746 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:22.132925987 CEST | 80 | 49746 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:22.132961988 CEST | 80 | 49746 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:22.133001089 CEST | 49746 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:22.137578011 CEST | 49746 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:22.140810966 CEST | 80 | 49746 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:22.140899897 CEST | 49746 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:22.141139984 CEST | 80 | 49746 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:22.141199112 CEST | 49746 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:22.141222000 CEST | 80 | 49746 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:22.141275883 CEST | 49746 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:22.141365051 CEST | 80 | 49746 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:22.141418934 CEST | 49746 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:22.141568899 CEST | 80 | 49746 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:22.141647100 CEST | 80 | 49746 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:22.141664028 CEST | 49746 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:22.141685009 CEST | 80 | 49746 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:22.141712904 CEST | 49746 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:22.141733885 CEST | 49746 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:22.293154001 CEST | 49747 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:22.320334911 CEST | 80 | 49746 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:22.320395947 CEST | 80 | 49746 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:22.320415974 CEST | 49746 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:22.320492029 CEST | 49746 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:22.481096029 CEST | 80 | 49747 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:22.481204033 CEST | 49747 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:22.484752893 CEST | 49747 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:22.673346996 CEST | 80 | 49747 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:22.673417091 CEST | 49747 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:22.859450102 CEST | 80 | 49747 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:23.609919071 CEST | 80 | 49747 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:23.610166073 CEST | 49747 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:23.610285044 CEST | 80 | 49747 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:23.610388994 CEST | 49747 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:23.610569000 CEST | 80 | 49747 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:23.610644102 CEST | 80 | 49747 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:23.610702038 CEST | 80 | 49747 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:23.610708952 CEST | 49747 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:23.610723019 CEST | 80 | 49747 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:23.610755920 CEST | 49747 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:23.610755920 CEST | 49747 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:23.610780001 CEST | 49747 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:23.610948086 CEST | 80 | 49747 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:23.611046076 CEST | 49747 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:23.620151043 CEST | 80 | 49747 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:23.620254993 CEST | 49747 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:23.620531082 CEST | 80 | 49747 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:23.620781898 CEST | 49747 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:23.620814085 CEST | 80 | 49747 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:23.620865107 CEST | 49747 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:23.759970903 CEST | 49749 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:23.797566891 CEST | 80 | 49747 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:23.797714949 CEST | 49747 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:23.797832966 CEST | 80 | 49747 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:23.797852039 CEST | 80 | 49747 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:23.798005104 CEST | 49747 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:23.947489977 CEST | 80 | 49749 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:23.947652102 CEST | 49749 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:23.949613094 CEST | 49749 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:24.135274887 CEST | 80 | 49749 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:24.135469913 CEST | 49749 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:24.323218107 CEST | 80 | 49749 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:25.019373894 CEST | 80 | 49749 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:25.019418001 CEST | 80 | 49749 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:25.019454002 CEST | 80 | 49749 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:25.019479036 CEST | 49749 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:25.019532919 CEST | 49749 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:25.037470102 CEST | 80 | 49749 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:25.037529945 CEST | 49749 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:25.038317919 CEST | 80 | 49749 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:25.038352966 CEST | 80 | 49749 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:25.038369894 CEST | 49749 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:25.038403988 CEST | 49749 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:25.038508892 CEST | 80 | 49749 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:25.038574934 CEST | 80 | 49749 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:25.038628101 CEST | 49749 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:25.038671970 CEST | 80 | 49749 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:25.038727999 CEST | 49749 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:25.038753986 CEST | 80 | 49749 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:25.038806915 CEST | 49749 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:25.167203903 CEST | 49752 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:25.207221985 CEST | 80 | 49749 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:25.207340002 CEST | 80 | 49749 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:25.207410097 CEST | 49749 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:25.355699062 CEST | 80 | 49752 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:25.356329918 CEST | 49752 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:25.359560966 CEST | 49752 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:25.547977924 CEST | 80 | 49752 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:25.548858881 CEST | 49752 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:25.735784054 CEST | 80 | 49752 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:26.395539999 CEST | 80 | 49752 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:26.395642042 CEST | 80 | 49752 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:26.395678997 CEST | 80 | 49752 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:26.395708084 CEST | 49752 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:26.395804882 CEST | 49752 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:26.403814077 CEST | 80 | 49752 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:26.403881073 CEST | 49752 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:26.404172897 CEST | 80 | 49752 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:26.404225111 CEST | 49752 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:26.404267073 CEST | 80 | 49752 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:26.404314041 CEST | 49752 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:26.404463053 CEST | 80 | 49752 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:26.404515028 CEST | 49752 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:26.404619932 CEST | 80 | 49752 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:26.404661894 CEST | 80 | 49752 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:26.404670954 CEST | 49752 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:26.404719114 CEST | 49752 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:26.404908895 CEST | 80 | 49752 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:26.404958010 CEST | 49752 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:26.530611038 CEST | 49754 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:26.583791018 CEST | 80 | 49752 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:26.583941936 CEST | 80 | 49752 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:26.583949089 CEST | 49752 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:26.584084988 CEST | 49752 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:26.715686083 CEST | 80 | 49754 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:26.715909958 CEST | 49754 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:26.717840910 CEST | 49754 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:26.902813911 CEST | 80 | 49754 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:26.902945995 CEST | 49754 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:27.087979078 CEST | 80 | 49754 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:27.786895990 CEST | 80 | 49754 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:27.787105083 CEST | 49754 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:27.787142038 CEST | 80 | 49754 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:27.787182093 CEST | 80 | 49754 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:27.787209034 CEST | 49754 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:27.787261963 CEST | 49754 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:27.796138048 CEST | 80 | 49754 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:27.796210051 CEST | 49754 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:27.796384096 CEST | 80 | 49754 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:27.796442032 CEST | 49754 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:27.796498060 CEST | 80 | 49754 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:27.796552896 CEST | 49754 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:27.796567917 CEST | 80 | 49754 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:27.796621084 CEST | 49754 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:27.796766996 CEST | 80 | 49754 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:27.796825886 CEST | 49754 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:27.796864986 CEST | 80 | 49754 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:27.796925068 CEST | 49754 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:27.796940088 CEST | 80 | 49754 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:27.796994925 CEST | 49754 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:27.931890965 CEST | 49756 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:27.973927021 CEST | 80 | 49754 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:27.973982096 CEST | 80 | 49754 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:27.974014044 CEST | 49754 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:27.974052906 CEST | 49754 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:27.974065065 CEST | 80 | 49754 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:27.974123955 CEST | 49754 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:28.117835045 CEST | 80 | 49756 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:28.118099928 CEST | 49756 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:28.121109962 CEST | 49756 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:28.306951046 CEST | 80 | 49756 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:28.307106018 CEST | 49756 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:28.493248940 CEST | 80 | 49756 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:29.217129946 CEST | 80 | 49756 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:29.217288017 CEST | 49756 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:29.217364073 CEST | 80 | 49756 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:29.217422962 CEST | 49756 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:29.218043089 CEST | 80 | 49756 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:29.218125105 CEST | 80 | 49756 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:29.218183994 CEST | 49756 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:29.218230963 CEST | 49756 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:29.218283892 CEST | 80 | 49756 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:29.218338966 CEST | 49756 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:29.228532076 CEST | 80 | 49756 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:29.228645086 CEST | 49756 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:29.229114056 CEST | 80 | 49756 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:29.229161024 CEST | 49756 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:29.229190111 CEST | 80 | 49756 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:29.229237080 CEST | 49756 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:29.229394913 CEST | 80 | 49756 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:29.229441881 CEST | 49756 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:29.229522943 CEST | 80 | 49756 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:29.229573011 CEST | 49756 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:29.370728016 CEST | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:29.403855085 CEST | 80 | 49756 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:29.403923988 CEST | 49756 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:29.404023886 CEST | 80 | 49756 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:29.404078960 CEST | 49756 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:29.404145956 CEST | 80 | 49756 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:29.404189110 CEST | 49756 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:29.557292938 CEST | 80 | 49757 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:29.557408094 CEST | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:29.559161901 CEST | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:29.746802092 CEST | 80 | 49757 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:29.746954918 CEST | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:29.935898066 CEST | 80 | 49757 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:30.692130089 CEST | 80 | 49757 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:30.692235947 CEST | 80 | 49757 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:30.692286015 CEST | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:30.692322016 CEST | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:30.710560083 CEST | 80 | 49757 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:30.710674047 CEST | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:30.710963964 CEST | 80 | 49757 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:30.711021900 CEST | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:30.711483955 CEST | 80 | 49757 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:30.711538076 CEST | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:30.711704969 CEST | 80 | 49757 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:30.711745977 CEST | 80 | 49757 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:30.711760044 CEST | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:30.711783886 CEST | 80 | 49757 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:30.711796045 CEST | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:30.711834908 CEST | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:30.879601955 CEST | 80 | 49757 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:30.879647970 CEST | 80 | 49757 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:30.879822016 CEST | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:30.886200905 CEST | 80 | 49757 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:30.886241913 CEST | 80 | 49757 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:30.886277914 CEST | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:30.886320114 CEST | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:30.899617910 CEST | 80 | 49757 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:30.899899960 CEST | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:30.899961948 CEST | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:30.900691032 CEST | 80 | 49757 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:30.900758028 CEST | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:30.901294947 CEST | 80 | 49757 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:30.901335001 CEST | 80 | 49757 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:30.901350021 CEST | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:30.901385069 CEST | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:30.914644003 CEST | 80 | 49757 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:30.914684057 CEST | 80 | 49757 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:30.914860964 CEST | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:31.067734957 CEST | 80 | 49757 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:31.067867994 CEST | 80 | 49757 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:31.067898035 CEST | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:31.067940950 CEST | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:31.074855089 CEST | 80 | 49757 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:31.074923038 CEST | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:31.080804110 CEST | 80 | 49757 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:31.080879927 CEST | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:31.087826967 CEST | 80 | 49757 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:31.087883949 CEST | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:31.087925911 CEST | 80 | 49757 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:31.087966919 CEST | 80 | 49757 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:31.087979078 CEST | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:31.088016033 CEST | 49757 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:31.141340971 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:31.328401089 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:31.328519106 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:31.331813097 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:31.519808054 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:31.520076036 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:31.707026005 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.388147116 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.388205051 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.388237953 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.388269901 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:32.388273001 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.388323069 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:32.396579981 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.396946907 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.396998882 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:32.397033930 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.397167921 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.397217035 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:32.397382975 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.397422075 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.397471905 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:32.575109005 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.575407028 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.575690031 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:32.581938028 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.582007885 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.582170963 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:32.595308065 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.595391989 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.595592976 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:32.609242916 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.609292984 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.609457016 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:32.622853994 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.622922897 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.623096943 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:32.636352062 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.636392117 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.636604071 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:32.649532080 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.649570942 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.649813890 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:32.664279938 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.664319992 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.664518118 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:32.675971985 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.676024914 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.676127911 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:32.689115047 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.689203978 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.689407110 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:32.763685942 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.763746023 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.763829947 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:32.770451069 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.770493984 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.770617962 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:32.783751011 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.783826113 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.783962965 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:32.796765089 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.796827078 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.796892881 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:32.809767008 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.809844017 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.809894085 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:32.823591948 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.823662043 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.823714018 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:32.836800098 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.836873055 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.836930037 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:32.849589109 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.849643946 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.849805117 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:32.862072945 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.862095118 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.862166882 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:32.873693943 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.873759985 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.873812914 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:32.884862900 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.884944916 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.884998083 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:32.895673990 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.895756960 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.895855904 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:32.906224966 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.906336069 CEST | 80 | 49758 | 45.77.223.48 | 192.168.2.4 |
Apr 26, 2024 04:57:32.906393051 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
Apr 26, 2024 04:57:38.434670925 CEST | 49758 | 80 | 192.168.2.4 | 45.77.223.48 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49737 | 45.77.223.48 | 80 | 7328 | C:\Users\user\Desktop\gunzipped.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 04:57:08.113615990 CEST | 238 | OUT | |
Apr 26, 2024 04:57:08.300956964 CEST | 176 | OUT | |
Apr 26, 2024 04:57:09.199505091 CEST | 215 | IN | |
Apr 26, 2024 04:57:09.199570894 CEST | 64 | IN | |
Apr 26, 2024 04:57:09.199605942 CEST | 77 | IN | |
Apr 26, 2024 04:57:09.208127975 CEST | 57 | IN | |
Apr 26, 2024 04:57:09.208436966 CEST | 32 | IN | |
Apr 26, 2024 04:57:09.208544970 CEST | 134 | IN | |
Apr 26, 2024 04:57:09.208736897 CEST | 152 | IN | |
Apr 26, 2024 04:57:09.208884001 CEST | 1289 | IN | |
Apr 26, 2024 04:57:09.208923101 CEST | 1289 | IN | |
Apr 26, 2024 04:57:09.209387064 CEST | 1289 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49738 | 45.77.223.48 | 80 | 7328 | C:\Users\user\Desktop\gunzipped.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 04:57:09.548217058 CEST | 238 | OUT | |
Apr 26, 2024 04:57:09.736443043 CEST | 176 | OUT | |
Apr 26, 2024 04:57:10.612135887 CEST | 215 | IN | |
Apr 26, 2024 04:57:10.612238884 CEST | 59 | IN | |
Apr 26, 2024 04:57:10.612293005 CEST | 82 | IN | |
Apr 26, 2024 04:57:10.621912956 CEST | 57 | IN | |
Apr 26, 2024 04:57:10.622256994 CEST | 32 | IN | |
Apr 26, 2024 04:57:10.622353077 CEST | 134 | IN | |
Apr 26, 2024 04:57:10.622523069 CEST | 152 | IN | |
Apr 26, 2024 04:57:10.622662067 CEST | 1289 | IN | |
Apr 26, 2024 04:57:10.622757912 CEST | 1289 | IN | |
Apr 26, 2024 04:57:10.622801065 CEST | 1289 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49741 | 45.77.223.48 | 80 | 7328 | C:\Users\user\Desktop\gunzipped.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 04:57:10.856048107 CEST | 238 | OUT | |
Apr 26, 2024 04:57:11.042620897 CEST | 149 | OUT | |
Apr 26, 2024 04:57:11.914695024 CEST | 215 | IN | |
Apr 26, 2024 04:57:11.914849997 CEST | 59 | IN | |
Apr 26, 2024 04:57:11.915000916 CEST | 82 | IN | |
Apr 26, 2024 04:57:11.923022032 CEST | 57 | IN | |
Apr 26, 2024 04:57:11.923624039 CEST | 32 | IN | |
Apr 26, 2024 04:57:11.924005985 CEST | 134 | IN | |
Apr 26, 2024 04:57:11.924097061 CEST | 152 | IN | |
Apr 26, 2024 04:57:11.924233913 CEST | 1289 | IN | |
Apr 26, 2024 04:57:11.924304962 CEST | 1289 | IN | |
Apr 26, 2024 04:57:11.924384117 CEST | 670 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49742 | 45.77.223.48 | 80 | 7328 | C:\Users\user\Desktop\gunzipped.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 04:57:12.236287117 CEST | 238 | OUT | |
Apr 26, 2024 04:57:12.423620939 CEST | 149 | OUT | |
Apr 26, 2024 04:57:16.293761015 CEST | 215 | IN | |
Apr 26, 2024 04:57:16.293822050 CEST | 59 | IN | |
Apr 26, 2024 04:57:16.293987036 CEST | 5 | IN | |
Apr 26, 2024 04:57:16.294023037 CEST | 6 | IN | |
Apr 26, 2024 04:57:16.294197083 CEST | 71 | IN | |
Apr 26, 2024 04:57:16.302445889 CEST | 57 | IN | |
Apr 26, 2024 04:57:16.302654028 CEST | 32 | IN | |
Apr 26, 2024 04:57:16.302778959 CEST | 134 | IN | |
Apr 26, 2024 04:57:16.302870989 CEST | 152 | IN | |
Apr 26, 2024 04:57:16.303112030 CEST | 1289 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49743 | 45.77.223.48 | 80 | 7328 | C:\Users\user\Desktop\gunzipped.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 04:57:16.639663935 CEST | 238 | OUT | |
Apr 26, 2024 04:57:16.828258991 CEST | 149 | OUT | |
Apr 26, 2024 04:57:17.695516109 CEST | 215 | IN | |
Apr 26, 2024 04:57:17.695570946 CEST | 59 | IN | |
Apr 26, 2024 04:57:17.695606947 CEST | 11 | IN | |
Apr 26, 2024 04:57:17.695663929 CEST | 71 | IN | |
Apr 26, 2024 04:57:17.704400063 CEST | 57 | IN | |
Apr 26, 2024 04:57:17.704700947 CEST | 32 | IN | |
Apr 26, 2024 04:57:17.704804897 CEST | 134 | IN | |
Apr 26, 2024 04:57:17.704909086 CEST | 152 | IN | |
Apr 26, 2024 04:57:17.705291986 CEST | 1289 | IN | |
Apr 26, 2024 04:57:17.705385923 CEST | 1289 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49744 | 45.77.223.48 | 80 | 7328 | C:\Users\user\Desktop\gunzipped.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 04:57:18.033252001 CEST | 238 | OUT | |
Apr 26, 2024 04:57:18.220884085 CEST | 149 | OUT | |
Apr 26, 2024 04:57:19.100035906 CEST | 215 | IN | |
Apr 26, 2024 04:57:19.100183964 CEST | 141 | IN | |
Apr 26, 2024 04:57:19.107551098 CEST | 57 | IN | |
Apr 26, 2024 04:57:19.107820988 CEST | 32 | IN | |
Apr 26, 2024 04:57:19.107978106 CEST | 134 | IN | |
Apr 26, 2024 04:57:19.108160019 CEST | 152 | IN | |
Apr 26, 2024 04:57:19.108257055 CEST | 1289 | IN | |
Apr 26, 2024 04:57:19.108298063 CEST | 1289 | IN | |
Apr 26, 2024 04:57:19.108381033 CEST | 1289 | IN | |
Apr 26, 2024 04:57:19.108422041 CEST | 1289 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49745 | 45.77.223.48 | 80 | 7328 | C:\Users\user\Desktop\gunzipped.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 04:57:19.622306108 CEST | 238 | OUT | |
Apr 26, 2024 04:57:19.809474945 CEST | 149 | OUT | |
Apr 26, 2024 04:57:20.685904026 CEST | 215 | IN | |
Apr 26, 2024 04:57:20.686014891 CEST | 59 | IN | |
Apr 26, 2024 04:57:20.686095953 CEST | 82 | IN | |
Apr 26, 2024 04:57:20.693898916 CEST | 57 | IN | |
Apr 26, 2024 04:57:20.694194078 CEST | 32 | IN | |
Apr 26, 2024 04:57:20.694323063 CEST | 134 | IN | |
Apr 26, 2024 04:57:20.694431067 CEST | 152 | IN | |
Apr 26, 2024 04:57:20.694722891 CEST | 1289 | IN | |
Apr 26, 2024 04:57:20.694843054 CEST | 1289 | IN | |
Apr 26, 2024 04:57:20.694936037 CEST | 1289 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49746 | 45.77.223.48 | 80 | 7328 | C:\Users\user\Desktop\gunzipped.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 04:57:21.056286097 CEST | 238 | OUT | |
Apr 26, 2024 04:57:21.244206905 CEST | 149 | OUT | |
Apr 26, 2024 04:57:22.132865906 CEST | 215 | IN | |
Apr 26, 2024 04:57:22.132925987 CEST | 59 | IN | |
Apr 26, 2024 04:57:22.132961988 CEST | 82 | IN | |
Apr 26, 2024 04:57:22.140810966 CEST | 57 | IN | |
Apr 26, 2024 04:57:22.141139984 CEST | 32 | IN | |
Apr 26, 2024 04:57:22.141222000 CEST | 134 | IN | |
Apr 26, 2024 04:57:22.141365051 CEST | 152 | IN | |
Apr 26, 2024 04:57:22.141568899 CEST | 1289 | IN | |
Apr 26, 2024 04:57:22.141647100 CEST | 1289 | IN | |
Apr 26, 2024 04:57:22.141685009 CEST | 670 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.4 | 49747 | 45.77.223.48 | 80 | 7328 | C:\Users\user\Desktop\gunzipped.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 04:57:22.484752893 CEST | 238 | OUT | |
Apr 26, 2024 04:57:22.673417091 CEST | 149 | OUT | |
Apr 26, 2024 04:57:23.609919071 CEST | 215 | IN | |
Apr 26, 2024 04:57:23.610285044 CEST | 22 | IN | |
Apr 26, 2024 04:57:23.610569000 CEST | 12 | IN | |
Apr 26, 2024 04:57:23.610644102 CEST | 25 | IN | |
Apr 26, 2024 04:57:23.610702038 CEST | 5 | IN | |
Apr 26, 2024 04:57:23.610723019 CEST | 6 | IN | |
Apr 26, 2024 04:57:23.610948086 CEST | 71 | IN | |
Apr 26, 2024 04:57:23.620151043 CEST | 57 | IN | |
Apr 26, 2024 04:57:23.620531082 CEST | 32 | IN | |
Apr 26, 2024 04:57:23.620814085 CEST | 134 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.4 | 49749 | 45.77.223.48 | 80 | 7328 | C:\Users\user\Desktop\gunzipped.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 04:57:23.949613094 CEST | 238 | OUT | |
Apr 26, 2024 04:57:24.135469913 CEST | 149 | OUT | |
Apr 26, 2024 04:57:25.019373894 CEST | 215 | IN | |
Apr 26, 2024 04:57:25.019418001 CEST | 70 | IN | |
Apr 26, 2024 04:57:25.019454002 CEST | 71 | IN | |
Apr 26, 2024 04:57:25.037470102 CEST | 57 | IN | |
Apr 26, 2024 04:57:25.038317919 CEST | 32 | IN | |
Apr 26, 2024 04:57:25.038352966 CEST | 134 | IN | |
Apr 26, 2024 04:57:25.038508892 CEST | 1289 | IN | |
Apr 26, 2024 04:57:25.038574934 CEST | 1289 | IN | |
Apr 26, 2024 04:57:25.038671970 CEST | 1289 | IN | |
Apr 26, 2024 04:57:25.038753986 CEST | 1289 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.4 | 49752 | 45.77.223.48 | 80 | 7328 | C:\Users\user\Desktop\gunzipped.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 04:57:25.359560966 CEST | 238 | OUT | |
Apr 26, 2024 04:57:25.548858881 CEST | 149 | OUT | |
Apr 26, 2024 04:57:26.395539999 CEST | 215 | IN | |
Apr 26, 2024 04:57:26.395642042 CEST | 59 | IN | |
Apr 26, 2024 04:57:26.395678997 CEST | 82 | IN | |
Apr 26, 2024 04:57:26.403814077 CEST | 57 | IN | |
Apr 26, 2024 04:57:26.404172897 CEST | 32 | IN | |
Apr 26, 2024 04:57:26.404267073 CEST | 134 | IN | |
Apr 26, 2024 04:57:26.404463053 CEST | 152 | IN | |
Apr 26, 2024 04:57:26.404619932 CEST | 1289 | IN | |
Apr 26, 2024 04:57:26.404661894 CEST | 1289 | IN | |
Apr 26, 2024 04:57:26.404908895 CEST | 1289 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.4 | 49754 | 45.77.223.48 | 80 | 7328 | C:\Users\user\Desktop\gunzipped.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 04:57:26.717840910 CEST | 238 | OUT | |
Apr 26, 2024 04:57:26.902945995 CEST | 149 | OUT | |
Apr 26, 2024 04:57:27.786895990 CEST | 215 | IN | |
Apr 26, 2024 04:57:27.787142038 CEST | 59 | IN | |
Apr 26, 2024 04:57:27.787182093 CEST | 82 | IN | |
Apr 26, 2024 04:57:27.796138048 CEST | 57 | IN | |
Apr 26, 2024 04:57:27.796384096 CEST | 32 | IN | |
Apr 26, 2024 04:57:27.796498060 CEST | 134 | IN | |
Apr 26, 2024 04:57:27.796567917 CEST | 152 | IN | |
Apr 26, 2024 04:57:27.796766996 CEST | 1289 | IN | |
Apr 26, 2024 04:57:27.796864986 CEST | 1289 | IN | |
Apr 26, 2024 04:57:27.796940088 CEST | 1289 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
12 | 192.168.2.4 | 49756 | 45.77.223.48 | 80 | 7328 | C:\Users\user\Desktop\gunzipped.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 04:57:28.121109962 CEST | 238 | OUT | |
Apr 26, 2024 04:57:28.307106018 CEST | 149 | OUT | |
Apr 26, 2024 04:57:29.217129946 CEST | 215 | IN | |
Apr 26, 2024 04:57:29.217364073 CEST | 59 | IN | |
Apr 26, 2024 04:57:29.218043089 CEST | 5 | IN | |
Apr 26, 2024 04:57:29.218125105 CEST | 6 | IN | |
Apr 26, 2024 04:57:29.218283892 CEST | 71 | IN | |
Apr 26, 2024 04:57:29.228532076 CEST | 57 | IN | |
Apr 26, 2024 04:57:29.229114056 CEST | 32 | IN | |
Apr 26, 2024 04:57:29.229190111 CEST | 134 | IN | |
Apr 26, 2024 04:57:29.229394913 CEST | 152 | IN | |
Apr 26, 2024 04:57:29.229522943 CEST | 1289 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
13 | 192.168.2.4 | 49757 | 45.77.223.48 | 80 | 7328 | C:\Users\user\Desktop\gunzipped.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 04:57:29.559161901 CEST | 238 | OUT | |
Apr 26, 2024 04:57:29.746954918 CEST | 149 | OUT | |
Apr 26, 2024 04:57:30.692130089 CEST | 59 | IN | |
Apr 26, 2024 04:57:30.692235947 CEST | 82 | IN | |
Apr 26, 2024 04:57:30.710560083 CEST | 57 | IN | |
Apr 26, 2024 04:57:30.710963964 CEST | 32 | IN | |
Apr 26, 2024 04:57:30.711483955 CEST | 152 | IN | |
Apr 26, 2024 04:57:30.711704969 CEST | 1289 | IN | |
Apr 26, 2024 04:57:30.711745977 CEST | 1289 | IN | |
Apr 26, 2024 04:57:30.711783886 CEST | 670 | IN | |
Apr 26, 2024 04:57:30.879601955 CEST | 1289 | IN | |
Apr 26, 2024 04:57:30.899617910 CEST | 215 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
14 | 192.168.2.4 | 49758 | 45.77.223.48 | 80 | 7328 | C:\Users\user\Desktop\gunzipped.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 04:57:31.331813097 CEST | 238 | OUT | |
Apr 26, 2024 04:57:31.520076036 CEST | 149 | OUT | |
Apr 26, 2024 04:57:32.388147116 CEST | 215 | IN | |
Apr 26, 2024 04:57:32.388205051 CEST | 59 | IN | |
Apr 26, 2024 04:57:32.388237953 CEST | 11 | IN | |
Apr 26, 2024 04:57:32.388273001 CEST | 71 | IN | |
Apr 26, 2024 04:57:32.396579981 CEST | 57 | IN | |
Apr 26, 2024 04:57:32.396946907 CEST | 32 | IN | |
Apr 26, 2024 04:57:32.397033930 CEST | 134 | IN | |
Apr 26, 2024 04:57:32.397167921 CEST | 152 | IN | |
Apr 26, 2024 04:57:32.397382975 CEST | 1289 | IN | |
Apr 26, 2024 04:57:32.397422075 CEST | 1289 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 04:57:03 |
Start date: | 26/04/2024 |
Path: | C:\Users\user\Desktop\gunzipped.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8d0000 |
File size: | 705'032 bytes |
MD5 hash: | 4B905E6548F4D5040FAB8962CB71877E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 04:57:05 |
Start date: | 26/04/2024 |
Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x40000 |
File size: | 433'152 bytes |
MD5 hash: | C32CA4ACFCC635EC1EA6ED8A34DF5FAC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 04:57:05 |
Start date: | 26/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 04:57:05 |
Start date: | 26/04/2024 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2b0000 |
File size: | 187'904 bytes |
MD5 hash: | 48C2FE20575769DE916F48EF0676A965 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 04:57:05 |
Start date: | 26/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 04:57:05 |
Start date: | 26/04/2024 |
Path: | C:\Users\user\Desktop\gunzipped.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x3f0000 |
File size: | 705'032 bytes |
MD5 hash: | 4B905E6548F4D5040FAB8962CB71877E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 7 |
Start time: | 04:57:05 |
Start date: | 26/04/2024 |
Path: | C:\Users\user\Desktop\gunzipped.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 705'032 bytes |
MD5 hash: | 4B905E6548F4D5040FAB8962CB71877E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 8 |
Start time: | 04:57:06 |
Start date: | 26/04/2024 |
Path: | C:\Users\user\AppData\Roaming\mPvIOxEZXJsdYp.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9c0000 |
File size: | 705'032 bytes |
MD5 hash: | 4B905E6548F4D5040FAB8962CB71877E |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 9 |
Start time: | 04:57:06 |
Start date: | 26/04/2024 |
Path: | C:\Windows\System32\wbem\WmiPrvSE.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff693ab0000 |
File size: | 496'640 bytes |
MD5 hash: | 60FF40CFD7FB8FE41EE4FE9AE5FE1C51 |
Has elevated privileges: | true |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 10 |
Start time: | 04:57:08 |
Start date: | 26/04/2024 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2b0000 |
File size: | 187'904 bytes |
MD5 hash: | 48C2FE20575769DE916F48EF0676A965 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 11 |
Start time: | 04:57:08 |
Start date: | 26/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 12 |
Start time: | 04:57:08 |
Start date: | 26/04/2024 |
Path: | C:\Users\user\AppData\Roaming\mPvIOxEZXJsdYp.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x460000 |
File size: | 705'032 bytes |
MD5 hash: | 4B905E6548F4D5040FAB8962CB71877E |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 13 |
Start time: | 04:57:08 |
Start date: | 26/04/2024 |
Path: | C:\Users\user\AppData\Roaming\mPvIOxEZXJsdYp.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xba0000 |
File size: | 705'032 bytes |
MD5 hash: | 4B905E6548F4D5040FAB8962CB71877E |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Execution Graph
Execution Coverage: | 9.2% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 3.1% |
Total number of Nodes: | 96 |
Total number of Limit Nodes: | 4 |
Graph
Function 0772FA28 Relevance: 1.6, APIs: 1, Instructions: 54nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0772FA30 Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 077223E0 Relevance: .2, Instructions: 231COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 077223D1 Relevance: .2, Instructions: 223COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 077220C8 Relevance: .2, Instructions: 204COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 077220B8 Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FAD378 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E4FA8 Relevance: 2.7, Strings: 2, Instructions: 211COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E4B78 Relevance: 2.7, Strings: 2, Instructions: 171COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E06E8 Relevance: 2.7, Strings: 2, Instructions: 164COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E06F8 Relevance: 2.7, Strings: 2, Instructions: 158COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FAACE8 Relevance: 1.7, APIs: 1, Instructions: 206COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FA44E4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FA58F3 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0772F948 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0772F6C2 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0772F6C8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0772F950 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FAD5C0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0772F799 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FAA0A8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FAB159 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0772F7A0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0772F612 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0772F618 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FAAED8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E4CEC Relevance: 1.4, Strings: 1, Instructions: 128COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E436C Relevance: 1.3, Strings: 1, Instructions: 99COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E53F4 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E52F8 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E52E8 Relevance: 1.3, Strings: 1, Instructions: 60COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052EB910 Relevance: .7, Instructions: 728COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E8890 Relevance: .6, Instructions: 551COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052ED5A8 Relevance: .5, Instructions: 500COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E8881 Relevance: .3, Instructions: 329COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052ED1E0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052ED1D0 Relevance: .2, Instructions: 212COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052EEB70 Relevance: .2, Instructions: 208COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052EB2A0 Relevance: .2, Instructions: 197COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052EA621 Relevance: .2, Instructions: 178COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052EA440 Relevance: .2, Instructions: 172COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052EEB60 Relevance: .2, Instructions: 166COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052ED598 Relevance: .2, Instructions: 163COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E4330 Relevance: .2, Instructions: 154COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052EB291 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E4D24 Relevance: .1, Instructions: 130COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E1220 Relevance: .1, Instructions: 124COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E0040 Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E17B8 Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E9518 Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E9528 Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E0006 Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E729B Relevance: .1, Instructions: 96COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052EA42F Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E4324 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E04E8 Relevance: .1, Instructions: 93COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E9420 Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E72A8 Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E04F8 Relevance: .1, Instructions: 89COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E7E88 Relevance: .1, Instructions: 89COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E4F6C Relevance: .1, Instructions: 86COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E5579 Relevance: .1, Instructions: 83COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F2D110 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F2D3D8 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E7B40 Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F3D1D4 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F3D01C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052EC450 Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E4F98 Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E0410 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F3D005 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F2D3D3 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F2D10B Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E0420 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E83EA Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E17E0 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F3D1CF Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E5DD1 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E4F8C Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E4B4C Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052EDDF1 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E5898 Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E20C1 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E20D0 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052EDE08 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F2D745 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E672A Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E9760 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E6D28 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E6D30 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E7C10 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E9750 Relevance: .0, Instructions: 40COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E7C20 Relevance: .0, Instructions: 40COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E5E00 Relevance: .0, Instructions: 40COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E7E68 Relevance: .0, Instructions: 40COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E8231 Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E9B98 Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E82C9 Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E9B19 Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E71F8 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E9F78 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E9B28 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E8240 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F2D744 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E6E61 Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E7208 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E9F68 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052EA3D8 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E6E00 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E6A48 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E4D64 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E7DF0 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052EAF5F Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E18AC Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E5292 Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E52A0 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E7E00 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052EAF70 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052EAE30 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052EAE98 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052EAE40 Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07725F70 Relevance: 5.3, Strings: 4, Instructions: 259COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07725F61 Relevance: 4.0, Strings: 3, Instructions: 257COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0772D1B8 Relevance: .3, Instructions: 312COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0772EDF0 Relevance: .3, Instructions: 312COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0772CD80 Relevance: .3, Instructions: 312COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0772C948 Relevance: .3, Instructions: 312COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0772E9B8 Relevance: .3, Instructions: 312COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07724901 Relevance: .3, Instructions: 267COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FAD2A4 Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07724910 Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07720228 Relevance: .2, Instructions: 184COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07720219 Relevance: .2, Instructions: 180COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07721688 Relevance: .2, Instructions: 157COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 077210E0 Relevance: .2, Instructions: 153COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 077210D1 Relevance: .1, Instructions: 148COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07723070 Relevance: .1, Instructions: 142COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07723060 Relevance: .1, Instructions: 140COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0772D1A9 Relevance: .1, Instructions: 133COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0772C942 Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07721450 Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07721441 Relevance: .1, Instructions: 96COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E09D0 Relevance: 41.7, Strings: 33, Instructions: 440COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052E09E0 Relevance: 41.7, Strings: 33, Instructions: 434COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 8.9% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 84 |
Total number of Limit Nodes: | 5 |
Graph
Function 02B9D368 Relevance: 6.1, APIs: 4, Instructions: 131threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9D378 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9ACE8 Relevance: 1.7, APIs: 1, Instructions: 195COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B944E4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B958EC Relevance: 1.6, APIs: 1, Instructions: 94COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0722F948 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0722F6C2 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0722F6C8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0722F950 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9D5B8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9D5C0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0722F799 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9A0A8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0722F7A0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9B159 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0722F612 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0722F618 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9AED8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0113D3D8 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0114D1D4 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0114D01C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0114D006 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0113D3D3 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0114D1CF Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0113D745 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0113D744 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 3% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 1.3% |
Total number of Nodes: | 300 |
Total number of Limit Nodes: | 13 |
Graph
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404DF3 Relevance: 1.5, APIs: 1, Instructions: 13networkCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402C1F Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413A3F Relevance: 1.5, APIs: 1, Instructions: 12COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D069 Relevance: 12.6, Strings: 10, Instructions: 138COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402B7C Relevance: 2.5, APIs: 2, Instructions: 20memoryCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404ED4 Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040317B Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404E17 Relevance: 7.6, APIs: 5, Instructions: 72networkCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |