Windows Analysis Report SecuriteInfo.com.Exploit.Siggen3.20906.5188.xls
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Qbot |
---|
{"Bot id": "tr", "Campaign": "1632817399", "Version": "402.363", "C2 list": ["105.198.236.99:443", "140.82.49.12:443", "37.210.152.224:995", "89.101.97.139:443", "81.241.252.59:2078", "27.223.92.142:995", "81.250.153.227:2222", "73.151.236.31:443", "47.22.148.6:443", "122.11.220.212:2222", "120.151.47.189:443", "199.27.127.129:443", "216.201.162.158:443", "136.232.34.70:443", "76.25.142.196:443", "181.118.183.94:443", "120.150.218.241:995", "185.250.148.74:443", "95.77.223.148:443", "75.66.88.33:443", "45.46.53.140:2222", "173.25.166.81:443", "103.148.120.144:443", "173.21.10.71:2222", "186.18.205.199:995", "71.74.12.34:443", "67.165.206.193:993", "47.40.196.233:2222", "68.204.7.158:443", "47.40.196.233:2222", "24.229.150.54:995", "109.12.111.14:443", "177.130.82.197:2222", "72.252.201.69:443", "24.55.112.61:443", "24.139.72.117:443", "187.156.138.172:443", "71.80.168.245:443", "105.157.55.133:995", "82.77.137.101:995", "173.234.155.233:443", "75.188.35.168:443", "5.238.149.235:61202", "73.77.87.137:443", "182.176.112.182:443", "96.37.113.36:993", "162.244.227.34:443", "92.59.35.196:2222", "196.218.227.241:995", "68.207.102.78:443", "2.188.27.77:443", "189.210.115.207:443", "181.163.96.53:443", "75.107.26.196:465", "185.250.148.74:2222", "68.186.192.69:443"]}
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_Excel4Macro_AutoOpen | Detects Excel4 macro use with auto open / close | John Lambert @JohnLaTwC |
| |
JoeSecurity_HiddenMacro | Yara detected hidden Macro 4.0 in Excel | Joe Security |
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Qbot_1 | Yara detected Qbot | Joe Security | ||
JoeSecurity_Qbot_1 | Yara detected Qbot | Joe Security |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Qbot_1 | Yara detected Qbot | Joe Security | ||
JoeSecurity_Qbot_1 | Yara detected Qbot | Joe Security | ||
JoeSecurity_Qbot_1 | Yara detected Qbot | Joe Security | ||
JoeSecurity_Qbot_1 | Yara detected Qbot | Joe Security | ||
JoeSecurity_Qbot_1 | Yara detected Qbot | Joe Security |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Microsoft Office Product Spawning Windows Shell | Show sources |
Source: | Author: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: |
Sigma detected: Regsvr32 Command Line Without DLL | Show sources |
Source: | Author: Florian Roth: |
Persistence and Installation Behavior: |
---|
Sigma detected: Schedule system process | Show sources |
Source: | Author: Joe Security: |
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Machine Learning detection for dropped file | Show sources |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 9_2_1000AEF6 | |
Source: | Code function: | 17_2_00AFAEF6 |
Software Vulnerabilities: |
---|
Document exploit detected (drops PE files) | Show sources |
Source: | File created: | Jump to dropped file |
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: | Jump to behavior |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | JA3 fingerprint: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary: |
---|
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Office process drops PE file | Show sources |
Source: | File created: | Jump to dropped file | ||
Source: | File created: |
Source: | Matched rule: |
Source: | Code function: | 9_2_10015000 | |
Source: | Code function: | 9_2_10016EF0 | |
Source: | Code function: | 9_2_1001237E | |
Source: | Code function: | 9_2_10011790 | |
Source: | Code function: | 9_2_100153BF | |
Source: | Code function: | 17_2_00B05000 | |
Source: | Code function: | 17_2_00B06EF0 | |
Source: | Code function: | 17_2_00B053BF | |
Source: | Code function: | 17_2_00B01790 | |
Source: | Code function: | 17_2_00B0237E |
Source: | Code function: | 9_2_1000C702 | |
Source: | Code function: | 9_2_1000CBB9 |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | OLE indicator, VBA macros: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 9_2_1000D565 |
Source: | File read: | Jump to behavior |
Source: | OLE indicator, Workbook stream: |
Source: | Code function: | 9_2_1000ABE5 |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Code function: | 9_2_1000A55C |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 9_2_100212C2 | |
Source: | Code function: | 9_2_10026721 | |
Source: | Code function: | 9_2_10025F4E | |
Source: | Code function: | 9_2_1002415A | |
Source: | Code function: | 9_2_1002415F | |
Source: | Code function: | 9_2_10021410 | |
Source: | Code function: | 9_2_1006D882 | |
Source: | Code function: | 17_2_00B0D50E | |
Source: | Code function: | 17_2_00B0D50E | |
Source: | Code function: | 17_2_00B0A00F | |
Source: | Code function: | 17_2_00B09E32 | |
Source: | Code function: | 17_2_00B09E32 | |
Source: | Code function: | 17_2_00B0BB26 |
Source: | Code function: | 9_2_1000DFEF |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Persistence and Installation Behavior: |
---|
Source: | File created: | Jump to dropped file | ||
Source: | File created: | |||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Uses schtasks.exe or at.exe to add and modify task schedules | Show sources |
Source: | Process created: |
Hooking and other Techniques for Hiding and Protection: |
---|
Overwrites code with unconditional jumps - possibly settings hooks in foreign process | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 9_2_1000D061 |
Source: | Code function: | 9_2_1000AEF6 | |
Source: | Code function: | 17_2_00AFAEF6 |
Source: | Code function: | 9_2_10005F63 |
Source: | Code function: | 9_2_1000DFEF |
Source: | Code function: | 9_2_1006BF06 | |
Source: | Code function: | 9_2_1006BAE5 | |
Source: | Code function: | 9_2_1006BDDA |
Source: | Code function: | 17_2_00AF5A54 |
HIPS / PFW / Operating System Protection Evasion: |
---|
Maps a DLL or memory area into another process | Show sources |
Source: | Section loaded: | Jump to behavior |
Injects code into the Windows Explorer (explorer.exe) | Show sources |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Yara detected hidden Macro 4.0 in Excel | Show sources |
Source: | File source: |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 17_2_00AF31B5 |
Source: | Code function: | 9_2_100097ED |
Source: | Code function: | 9_2_1000D061 |
Stealing of Sensitive Information: |
---|
Yara detected Qbot | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Qbot | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scheduled Task/Job1 | Scheduled Task/Job1 | Process Injection213 | Masquerading11 | Credential API Hooking1 | System Time Discovery1 | Remote Services | Credential API Hooking1 | Exfiltration Over Other Network Medium | Encrypted Channel11 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scripting1 | DLL Side-Loading1 | Scheduled Task/Job1 | Disable or Modify Tools1 | LSASS Memory | Security Software Discovery1 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Ingress Tool Transfer3 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | Native API1 | Logon Script (Windows) | DLL Side-Loading1 | Virtualization/Sandbox Evasion1 | Security Account Manager | Virtualization/Sandbox Evasion1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol3 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | Exploitation for Client Execution33 | Logon Script (Mac) | Logon Script (Mac) | Process Injection213 | NTDS | Process Discovery3 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol14 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Scripting1 | LSA Secrets | File and Directory Discovery2 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Obfuscated Files or Information1 | Cached Domain Credentials | System Information Discovery15 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Software Packing1 | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | DLL Side-Loading1 | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
15% | Virustotal | Browse | ||
22% | ReversingLabs | Document-Excel.Downloader.EncDoc |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML |
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
3% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
mercanets.com | 162.222.225.250 | true | false |
| unknown |
geit.in | 162.251.80.22 | true | false |
| unknown |
gillcart.com | 199.79.63.251 | true | false |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown | |
false |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
199.79.63.251 | gillcart.com | United States | 394695 | PUBLIC-DOMAIN-REGISTRYUS | false | |
162.251.80.22 | geit.in | United States | 394695 | PUBLIC-DOMAIN-REGISTRYUS | false | |
162.222.225.250 | mercanets.com | United States | 394695 | PUBLIC-DOMAIN-REGISTRYUS | false |
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 493727 |
Start date: | 29.09.2021 |
Start time: | 23:44:43 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 49s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | SecuriteInfo.com.Exploit.Siggen3.20906.5188.xls |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Run name: | Potential for more IOCs and behavior |
Number of analysed new started processes analysed: | 27 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.expl.evad.winXLS@12/4@3/3 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
199.79.63.251 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
162.251.80.22 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
162.222.225.250 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
geit.in | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
mercanets.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
gillcart.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
PUBLIC-DOMAIN-REGISTRYUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
PUBLIC-DOMAIN-REGISTRYUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
PUBLIC-DOMAIN-REGISTRYUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\SysWOW64\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 473006 |
Entropy (8bit): | 5.994144001754251 |
Encrypted: | false |
SSDEEP: | 12288:VvT1+i+eRbPqeSIvNMenaJ8rECkSNDopGI5coPYb:Vv3F+ex1MruECBf3oPYb |
MD5: | 278368FD7DC7D1302DC580D367812157 |
SHA1: | 09ABAC3BEFF021940C813BD89B657E229BA52625 |
SHA-256: | B1D77E98C39262F39E1C1ABEA5657D55295B25D7E5BD96CFF1F41B7F2C9A5FDC |
SHA-512: | FD35A602091C33F7E8BFEBC777B9114F5643A4F896B6388D77A0C2BDE7375259C69A5EE4F9964D4FC88B275FAD08D9EC6B9251D8E715E5168C5568A42129FCA7 |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 138728 |
Entropy (8bit): | 5.360381536028763 |
Encrypted: | false |
SSDEEP: | 1536:ycQIKNZeBdA3gBwfnQ9DQW+z2Y34Zzi7nXboOidX8E6LWME9:BWQ9DQW+zGXh1 |
MD5: | E57A09A0B33F2D9E769DFF2452969F69 |
SHA1: | 31E51D5538731C2BD07454D660B566AD14C04791 |
SHA-256: | E53015CC46C85CA20B9B1053EB8369DA384424E051C2994C094ED0CCE399DD81 |
SHA-512: | C20C675D42ABA5F0C99715A24A915E30BC240321F05B14D8C977AB9E5A1A4C6614F124FFB81CB8FF96BF372FFBE60D661E7508C13259608DE47A9E7253F05ACF |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 468910 |
Entropy (8bit): | 5.986572146199657 |
Encrypted: | false |
SSDEEP: | 12288:avT1+i+eRbPqeSIvNMenaJ8rECkSNDopGI5coPYb:av3F+ex1MruECBf3oPYb |
MD5: | BB240163D2BA2520EF5BD6003FCA4914 |
SHA1: | 9C9446B5C67CFC4645D32748DD90EDD54C365BC5 |
SHA-256: | A5A61A4018D8D68DA99FED20588FFA87526B71909303B8C7FC195E6964355ACD |
SHA-512: | 1D0A014F37AD825AEB866B618E1ADD2CB835710CA7B3082DC1B8F8690F25B4925EA41EFA862F091484DB2F8C76D42B8DC8B047BD4FB7B7278D5EF497E648BCEF |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.351326128821904 |
TrID: |
|
File name: | SecuriteInfo.com.Exploit.Siggen3.20906.5188.xls |
File size: | 250368 |
MD5: | 7b83b99dace5664b9ab5c0c3882be408 |
SHA1: | 4c4893beca92234c023ee2dfff759e155c643ed3 |
SHA256: | e005a59b0ab458c8a1ab6883e17504382bd72d2e9de8eb99c785de520c258c0c |
SHA512: | 49f7f8746555e83d7a52afb63c108597db8510df1e4d0c5b350848d411245b700e012ba09421a39466a487f9450439b7aa4b7fea459c88d90299b3de1289bd24 |
SSDEEP: | 6144:iKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgD9fWvcZZdtLq1JOjbwvOMPDslAvS3+Hw7c:n9fVrLmUjbwvrDa33LvfH1WO2 |
File Content Preview: | ........................>...................................................................................................................................................................................................................................... |
File Icon |
---|
Icon Hash: | 74ecd4c6c3c6c4d8 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OLE | |
Number of OLE Files: | 1 |
OLE File "SecuriteInfo.com.Exploit.Siggen3.20906.5188.xls" |
---|
Indicators | |
---|---|
Has Summary Info: | True |
Application Name: | Microsoft Excel |
Encrypted Document: | False |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | True |
Summary | |
---|---|
Code Page: | 1251 |
Author: | |
Last Saved By: | |
Create Time: | 2015-06-05 18:19:34 |
Last Saved Time: | 2021-09-29 07:59:46 |
Creating Application: | |
Security: | 0 |
Document Summary | |
---|---|
Document Code Page: | 1251 |
Thumbnail Scaling Desired: | False |
Company: | |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 1048576 |
Streams |
---|
Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5DocumentSummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.419621160955 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . , . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . s s s y y y m 1 . . . . . s s s s y y m m 2 . . . . . S h e e t . . . . . E D . . . . . R H Y . . . . . S b r 1 |
Data Raw: | fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 2c 01 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 ec 00 00 00 |
Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5SummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.275408622527 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . X . . . . . . . h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . ? R , . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 a0 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 58 00 00 00 12 00 00 00 68 00 00 00 0c 00 00 00 80 00 00 00 0d 00 00 00 8c 00 00 00 13 00 00 00 98 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 08 00 00 00 |
Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 238868 |
---|
General | |
---|---|
Stream Path: | Workbook |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 238868 |
Entropy: | 7.53398047476 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . Z O . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . . . 4 . < . 8 . = . B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . V e 1 8 . . . . . . . X . @ . . . . . . . |
Data Raw: | 09 08 10 00 00 06 05 00 5a 4f cd 07 c9 00 02 00 06 08 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 05 00 01 10 04 34 04 3c 04 38 04 3d 04 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 29, 2021 23:45:37.821923971 CEST | 49724 | 443 | 192.168.2.3 | 199.79.63.251 |
Sep 29, 2021 23:45:37.821978092 CEST | 443 | 49724 | 199.79.63.251 | 192.168.2.3 |
Sep 29, 2021 23:45:37.822072983 CEST | 49724 | 443 | 192.168.2.3 | 199.79.63.251 |
Sep 29, 2021 23:45:37.822890043 CEST | 49724 | 443 | 192.168.2.3 | 199.79.63.251 |
Sep 29, 2021 23:45:37.822917938 CEST | 443 | 49724 | 199.79.63.251 | 192.168.2.3 |
Sep 29, 2021 23:45:38.334270000 CEST | 443 | 49724 | 199.79.63.251 | 192.168.2.3 |
Sep 29, 2021 23:45:38.334453106 CEST | 49724 | 443 | 192.168.2.3 | 199.79.63.251 |
Sep 29, 2021 23:45:38.344326019 CEST | 49724 | 443 | 192.168.2.3 | 199.79.63.251 |
Sep 29, 2021 23:45:38.344356060 CEST | 443 | 49724 | 199.79.63.251 | 192.168.2.3 |
Sep 29, 2021 23:45:38.344615936 CEST | 443 | 49724 | 199.79.63.251 | 192.168.2.3 |
Sep 29, 2021 23:45:38.345256090 CEST | 49724 | 443 | 192.168.2.3 | 199.79.63.251 |
Sep 29, 2021 23:45:38.346095085 CEST | 49724 | 443 | 192.168.2.3 | 199.79.63.251 |
Sep 29, 2021 23:45:38.387149096 CEST | 443 | 49724 | 199.79.63.251 | 192.168.2.3 |
Sep 29, 2021 23:45:39.347887039 CEST | 443 | 49724 | 199.79.63.251 | 192.168.2.3 |
Sep 29, 2021 23:45:39.347930908 CEST | 443 | 49724 | 199.79.63.251 | 192.168.2.3 |
Sep 29, 2021 23:45:39.347992897 CEST | 49724 | 443 | 192.168.2.3 | 199.79.63.251 |
Sep 29, 2021 23:45:39.348025084 CEST | 443 | 49724 | 199.79.63.251 | 192.168.2.3 |
Sep 29, 2021 23:45:39.348043919 CEST | 49724 | 443 | 192.168.2.3 | 199.79.63.251 |
Sep 29, 2021 23:45:39.349128962 CEST | 49724 | 443 | 192.168.2.3 | 199.79.63.251 |
Sep 29, 2021 23:45:39.349148989 CEST | 443 | 49724 | 199.79.63.251 | 192.168.2.3 |
Sep 29, 2021 23:45:39.349242926 CEST | 49724 | 443 | 192.168.2.3 | 199.79.63.251 |
Sep 29, 2021 23:45:39.349855900 CEST | 49724 | 443 | 192.168.2.3 | 199.79.63.251 |
Sep 29, 2021 23:45:39.349888086 CEST | 49724 | 443 | 192.168.2.3 | 199.79.63.251 |
Sep 29, 2021 23:45:39.485572100 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:39.485604048 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:39.485712051 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:39.486475945 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:39.486495972 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:39.995295048 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:39.995395899 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:40.000176907 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:40.000185013 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:40.000405073 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:40.000462055 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:40.001036882 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:40.043152094 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:40.475905895 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:40.475943089 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:40.475972891 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:40.475994110 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:40.478354931 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:40.478365898 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:40.714987040 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:40.715008974 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:40.715111017 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:40.715179920 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:40.715221882 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:40.715249062 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:40.715270042 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:40.715292931 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:40.715327024 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:40.715332031 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:40.715348959 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:40.715396881 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:40.715411901 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:40.715456009 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:40.790704012 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:40.790834904 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:40.790865898 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:40.790925026 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:40.947875977 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:40.948003054 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:40.948031902 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:40.948072910 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:40.948092937 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:40.948139906 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:40.948256969 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:40.948344946 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:40.948364019 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:40.948493004 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:40.948568106 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:40.948651075 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:40.948672056 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:40.948734045 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:40.978956938 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:40.979072094 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:40.979494095 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:40.979515076 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:40.979571104 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.190315008 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.190344095 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.190496922 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.190856934 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.190898895 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.191051006 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.191159010 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.191310883 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.191329002 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.191482067 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.191489935 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.191513062 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.191598892 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.191689014 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.191703081 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.191787958 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.191826105 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.191976070 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.191994905 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.192106962 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.192194939 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.192332029 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.192348957 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.192436934 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.192471027 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.192605019 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.192621946 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.192718029 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.192848921 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.193018913 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.193038940 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.193095922 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.193161964 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.193185091 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.193269014 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.193377018 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.193504095 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.193681002 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.193698883 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.193805933 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.218668938 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.218861103 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.218868971 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.218900919 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.218974113 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.219053030 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.219070911 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.219142914 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.264555931 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.264727116 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.264755964 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.264786959 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.264853954 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.264909029 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.431543112 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.431761980 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.431799889 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.431889057 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.431904078 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.431926966 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.431994915 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.432070971 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.432087898 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.432163000 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.432192087 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.432213068 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.432262897 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.432323933 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.432343960 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.432364941 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.432430983 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.432492971 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.432590008 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.432717085 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.432732105 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.432811022 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.432816029 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.432838917 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.432898045 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.432970047 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.432971954 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.432995081 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.433051109 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.433134079 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.433151007 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.433227062 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.433255911 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.433270931 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.433337927 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.433407068 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.433408022 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.433435917 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.433491945 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.433568954 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.433573008 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.433594942 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.433659077 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.433746099 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.433764935 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.433826923 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.433873892 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.433887959 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.433959007 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.433968067 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.434070110 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.434086084 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.434161901 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.434175014 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.434263945 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.434282064 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.434345007 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.434422016 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.434427023 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.434448957 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.434514999 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.434609890 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.434612036 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.434668064 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.434777975 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.434791088 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.434838057 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.434895992 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.434912920 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.434967995 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.434990883 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.435115099 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.435137987 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.435236931 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.698847055 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.698875904 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.698999882 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.699012041 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.699038982 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.699105978 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.699141026 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.699172020 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.699259996 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.699459076 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.699565887 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.699568033 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.699590921 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.699661016 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.699675083 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.699685097 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.699706078 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.699791908 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.699795961 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.699816942 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.699873924 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.699889898 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.699902058 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.699929953 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.699964046 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.699980974 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.699995041 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.700000048 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.700007915 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.700031042 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.700037956 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.700061083 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.700062990 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.700103045 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.700115919 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.700134039 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.700139046 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.700176001 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.700189114 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.700208902 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.700213909 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.700243950 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.700258970 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.700275898 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.700292110 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.700333118 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.700340986 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.700357914 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.700406075 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.700426102 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.700433969 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.700440884 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.700454950 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.700480938 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.700495005 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.700521946 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.700570107 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.710911036 CEST | 49738 | 443 | 192.168.2.3 | 162.251.80.22 |
Sep 29, 2021 23:45:41.710944891 CEST | 443 | 49738 | 162.251.80.22 | 192.168.2.3 |
Sep 29, 2021 23:45:41.968044996 CEST | 49752 | 443 | 192.168.2.3 | 162.222.225.250 |
Sep 29, 2021 23:45:41.968101978 CEST | 443 | 49752 | 162.222.225.250 | 192.168.2.3 |
Sep 29, 2021 23:45:41.968269110 CEST | 49752 | 443 | 192.168.2.3 | 162.222.225.250 |
Sep 29, 2021 23:45:41.969397068 CEST | 49752 | 443 | 192.168.2.3 | 162.222.225.250 |
Sep 29, 2021 23:45:41.969425917 CEST | 443 | 49752 | 162.222.225.250 | 192.168.2.3 |
Sep 29, 2021 23:45:42.469434023 CEST | 443 | 49752 | 162.222.225.250 | 192.168.2.3 |
Sep 29, 2021 23:45:42.469532967 CEST | 49752 | 443 | 192.168.2.3 | 162.222.225.250 |
Sep 29, 2021 23:45:42.476418018 CEST | 49752 | 443 | 192.168.2.3 | 162.222.225.250 |
Sep 29, 2021 23:45:42.476432085 CEST | 443 | 49752 | 162.222.225.250 | 192.168.2.3 |
Sep 29, 2021 23:45:42.476680994 CEST | 443 | 49752 | 162.222.225.250 | 192.168.2.3 |
Sep 29, 2021 23:45:42.476751089 CEST | 49752 | 443 | 192.168.2.3 | 162.222.225.250 |
Sep 29, 2021 23:45:42.477380991 CEST | 49752 | 443 | 192.168.2.3 | 162.222.225.250 |
Sep 29, 2021 23:45:42.519136906 CEST | 443 | 49752 | 162.222.225.250 | 192.168.2.3 |
Sep 29, 2021 23:45:44.476270914 CEST | 443 | 49752 | 162.222.225.250 | 192.168.2.3 |
Sep 29, 2021 23:45:44.476423979 CEST | 443 | 49752 | 162.222.225.250 | 192.168.2.3 |
Sep 29, 2021 23:45:44.476442099 CEST | 49752 | 443 | 192.168.2.3 | 162.222.225.250 |
Sep 29, 2021 23:45:44.476490021 CEST | 49752 | 443 | 192.168.2.3 | 162.222.225.250 |
Sep 29, 2021 23:45:44.478199005 CEST | 49752 | 443 | 192.168.2.3 | 162.222.225.250 |
Sep 29, 2021 23:45:44.478239059 CEST | 443 | 49752 | 162.222.225.250 | 192.168.2.3 |
Sep 29, 2021 23:45:44.478277922 CEST | 49752 | 443 | 192.168.2.3 | 162.222.225.250 |
Sep 29, 2021 23:45:44.478307009 CEST | 49752 | 443 | 192.168.2.3 | 162.222.225.250 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 29, 2021 23:45:28.494210005 CEST | 52206 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:45:28.574611902 CEST | 56844 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:45:28.598423004 CEST | 58045 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:45:28.613317966 CEST | 53 | 52206 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:45:28.690145969 CEST | 53 | 56844 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:45:28.722018957 CEST | 53 | 58045 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:45:29.237890959 CEST | 57459 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:45:29.352591038 CEST | 53 | 57459 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:45:32.304583073 CEST | 57875 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:45:33.320091963 CEST | 57875 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:45:33.438595057 CEST | 53 | 57875 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:45:36.026088953 CEST | 54154 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:45:36.150233030 CEST | 53 | 54154 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:45:37.291699886 CEST | 52806 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:45:37.407661915 CEST | 53 | 52806 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:45:37.705020905 CEST | 53910 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:45:37.819569111 CEST | 53 | 53910 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:45:38.288856030 CEST | 52806 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:45:38.400434017 CEST | 53 | 52806 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:45:39.335782051 CEST | 52806 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:45:39.362862110 CEST | 64021 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:45:39.452197075 CEST | 53 | 52806 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:45:39.481199980 CEST | 53 | 64021 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:45:39.599226952 CEST | 60784 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:45:39.721508980 CEST | 53 | 60784 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:45:41.336085081 CEST | 52806 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:45:41.451344013 CEST | 53 | 52806 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:45:41.725260019 CEST | 51143 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:45:41.963067055 CEST | 53 | 51143 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:45:45.383542061 CEST | 52806 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:45:45.506244898 CEST | 53 | 52806 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:45:52.568393946 CEST | 56009 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:45:52.705120087 CEST | 53 | 56009 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:45:58.358753920 CEST | 59026 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:45:58.492579937 CEST | 53 | 59026 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:46:13.663846016 CEST | 49572 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:46:13.805028915 CEST | 53 | 49572 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:46:16.438081026 CEST | 60823 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:46:16.578440905 CEST | 53 | 60823 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:46:17.694287062 CEST | 52130 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:46:17.901379108 CEST | 53 | 52130 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:46:18.965082884 CEST | 55102 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:46:19.123353958 CEST | 53 | 55102 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:46:19.564786911 CEST | 56236 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:46:19.706991911 CEST | 53 | 56236 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:46:20.022239923 CEST | 56527 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:46:20.170953035 CEST | 53 | 56527 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:46:21.240654945 CEST | 49559 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:46:21.376467943 CEST | 53 | 49559 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:46:22.527937889 CEST | 52650 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:46:22.675168037 CEST | 53 | 52650 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:46:23.907902956 CEST | 63297 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:46:24.047070980 CEST | 53 | 63297 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:46:24.588015079 CEST | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:46:24.728986025 CEST | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:46:26.234682083 CEST | 53615 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:46:26.396428108 CEST | 53 | 53615 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:46:27.055633068 CEST | 50728 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:46:27.195471048 CEST | 53 | 50728 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:46:27.205462933 CEST | 53777 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:46:27.350475073 CEST | 53 | 53777 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:46:27.884777069 CEST | 57106 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:46:28.025418997 CEST | 53 | 57106 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:46:28.487222910 CEST | 60352 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:46:28.650146008 CEST | 53 | 60352 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:46:29.049592018 CEST | 56773 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:46:29.195369005 CEST | 53 | 56773 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:46:30.986731052 CEST | 60982 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:46:31.123006105 CEST | 53 | 60982 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:46:31.432497025 CEST | 58058 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:46:31.572757959 CEST | 53 | 58058 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:46:41.286484957 CEST | 64367 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:46:41.426651001 CEST | 53 | 64367 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:46:43.920655966 CEST | 51539 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:46:44.067890882 CEST | 53 | 51539 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:46:59.655370951 CEST | 55393 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:46:59.780313015 CEST | 53 | 55393 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:47:22.966129065 CEST | 50585 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:47:23.096263885 CEST | 53 | 50585 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:47:23.652939081 CEST | 63456 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:47:23.771456957 CEST | 53 | 63456 | 8.8.8.8 | 192.168.2.3 |
Sep 29, 2021 23:47:54.395596981 CEST | 58540 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 29, 2021 23:47:54.523077965 CEST | 53 | 58540 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Sep 29, 2021 23:45:37.705020905 CEST | 192.168.2.3 | 8.8.8.8 | 0x2059 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 29, 2021 23:45:39.362862110 CEST | 192.168.2.3 | 8.8.8.8 | 0x16a | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 29, 2021 23:45:41.725260019 CEST | 192.168.2.3 | 8.8.8.8 | 0xca2c | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Sep 29, 2021 23:45:37.819569111 CEST | 8.8.8.8 | 192.168.2.3 | 0x2059 | No error (0) | 199.79.63.251 | A (IP address) | IN (0x0001) | ||
Sep 29, 2021 23:45:39.481199980 CEST | 8.8.8.8 | 192.168.2.3 | 0x16a | No error (0) | 162.251.80.22 | A (IP address) | IN (0x0001) | ||
Sep 29, 2021 23:45:41.963067055 CEST | 8.8.8.8 | 192.168.2.3 | 0xca2c | No error (0) | 162.222.225.250 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49724 | 199.79.63.251 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-09-29 21:45:38 UTC | 0 | OUT | |
2021-09-29 21:45:39 UTC | 0 | IN | |
2021-09-29 21:45:39 UTC | 0 | IN | |
2021-09-29 21:45:39 UTC | 8 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.3 | 49738 | 162.251.80.22 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-09-29 21:45:39 UTC | 8 | OUT | |
2021-09-29 21:45:40 UTC | 8 | IN | |
2021-09-29 21:45:40 UTC | 8 | IN | |
2021-09-29 21:45:40 UTC | 16 | IN | |
2021-09-29 21:45:40 UTC | 24 | IN | |
2021-09-29 21:45:40 UTC | 32 | IN | |
2021-09-29 21:45:40 UTC | 40 | IN | |
2021-09-29 21:45:40 UTC | 48 | IN | |
2021-09-29 21:45:40 UTC | 56 | IN | |
2021-09-29 21:45:40 UTC | 64 | IN | |
2021-09-29 21:45:40 UTC | 72 | IN | |
2021-09-29 21:45:40 UTC | 80 | IN | |
2021-09-29 21:45:40 UTC | 88 | IN | |
2021-09-29 21:45:41 UTC | 96 | IN | |
2021-09-29 21:45:41 UTC | 104 | IN | |
2021-09-29 21:45:41 UTC | 112 | IN | |
2021-09-29 21:45:41 UTC | 120 | IN | |
2021-09-29 21:45:41 UTC | 128 | IN | |
2021-09-29 21:45:41 UTC | 136 | IN | |
2021-09-29 21:45:41 UTC | 144 | IN | |
2021-09-29 21:45:41 UTC | 152 | IN | |
2021-09-29 21:45:41 UTC | 160 | IN | |
2021-09-29 21:45:41 UTC | 168 | IN | |
2021-09-29 21:45:41 UTC | 176 | IN | |
2021-09-29 21:45:41 UTC | 184 | IN | |
2021-09-29 21:45:41 UTC | 192 | IN | |
2021-09-29 21:45:41 UTC | 200 | IN | |
2021-09-29 21:45:41 UTC | 208 | IN | |
2021-09-29 21:45:41 UTC | 216 | IN | |
2021-09-29 21:45:41 UTC | 224 | IN | |
2021-09-29 21:45:41 UTC | 232 | IN | |
2021-09-29 21:45:41 UTC | 240 | IN | |
2021-09-29 21:45:41 UTC | 248 | IN | |
2021-09-29 21:45:41 UTC | 256 | IN | |
2021-09-29 21:45:41 UTC | 264 | IN | |
2021-09-29 21:45:41 UTC | 272 | IN | |
2021-09-29 21:45:41 UTC | 280 | IN | |
2021-09-29 21:45:41 UTC | 288 | IN | |
2021-09-29 21:45:41 UTC | 296 | IN | |
2021-09-29 21:45:41 UTC | 304 | IN | |
2021-09-29 21:45:41 UTC | 312 | IN | |
2021-09-29 21:45:41 UTC | 320 | IN | |
2021-09-29 21:45:41 UTC | 328 | IN | |
2021-09-29 21:45:41 UTC | 336 | IN | |
2021-09-29 21:45:41 UTC | 344 | IN | |
2021-09-29 21:45:41 UTC | 352 | IN | |
2021-09-29 21:45:41 UTC | 360 | IN | |
2021-09-29 21:45:41 UTC | 368 | IN | |
2021-09-29 21:45:41 UTC | 376 | IN | |
2021-09-29 21:45:41 UTC | 384 | IN | |
2021-09-29 21:45:41 UTC | 392 | IN | |
2021-09-29 21:45:41 UTC | 400 | IN | |
2021-09-29 21:45:41 UTC | 408 | IN | |
2021-09-29 21:45:41 UTC | 416 | IN | |
2021-09-29 21:45:41 UTC | 424 | IN | |
2021-09-29 21:45:41 UTC | 432 | IN | |
2021-09-29 21:45:41 UTC | 440 | IN | |
2021-09-29 21:45:41 UTC | 448 | IN | |
2021-09-29 21:45:41 UTC | 456 | IN | |
2021-09-29 21:45:41 UTC | 464 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.3 | 49752 | 162.222.225.250 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-09-29 21:45:42 UTC | 466 | OUT | |
2021-09-29 21:45:44 UTC | 467 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 23:45:34 |
Start date: | 29/09/2021 |
Path: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9b0000 |
File size: | 27110184 bytes |
MD5 hash: | 5D6638F2C8F8571C593999C58866007E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 23:45:44 |
Start date: | 29/09/2021 |
Path: | C:\Windows\SysWOW64\regsvr32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x210000 |
File size: | 20992 bytes |
MD5 hash: | 426E7499F6A7346F0410DEAD0805586B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 23:45:44 |
Start date: | 29/09/2021 |
Path: | C:\Windows\SysWOW64\regsvr32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x210000 |
File size: | 20992 bytes |
MD5 hash: | 426E7499F6A7346F0410DEAD0805586B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 23:45:45 |
Start date: | 29/09/2021 |
Path: | C:\Windows\SysWOW64\regsvr32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x210000 |
File size: | 20992 bytes |
MD5 hash: | 426E7499F6A7346F0410DEAD0805586B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 23:46:24 |
Start date: | 29/09/2021 |
Path: | C:\Windows\SysWOW64\explorer.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd20000 |
File size: | 3611360 bytes |
MD5 hash: | 166AB1B9462E5C1D6D18EC5EC0B6A5F7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 23:46:26 |
Start date: | 29/09/2021 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xce0000 |
File size: | 185856 bytes |
MD5 hash: | 15FF7D8324231381BAD48A052F85DF04 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 23:46:27 |
Start date: | 29/09/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f20f0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000C702, Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 200nativeregistrymemoryCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005F63, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 104threadCOMMON
C-Code - Quality: 82% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000DFEF, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1003FCF0, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 176memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000B7EA, Relevance: 7.6, APIs: 5, Instructions: 83stringCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000B9DA, Relevance: 4.6, APIs: 3, Instructions: 54COMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 47% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 47% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005E77, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100085D0, Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000BAA4, Relevance: 1.3, APIs: 1, Instructions: 82COMMON
C-Code - Quality: 47% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100085E5, Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
C-Code - Quality: 81% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 30% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000AEF6, Relevance: 3.1, APIs: 2, Instructions: 113fileCOMMON
C-Code - Quality: 78% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100097ED, Relevance: 3.0, APIs: 2, Instructions: 24timeCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000A55C, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10016EF0, Relevance: .4, Instructions: 359COMMONCrypto
C-Code - Quality: 99% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10015000, Relevance: .2, Instructions: 190COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10011790, Relevance: .2, Instructions: 169COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1006BAE5, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1001237E, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1006BDDA, Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000DB7E, Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 388memoryCOMMON
C-Code - Quality: 50% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100116F0, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 70libraryloaderCOMMON
C-Code - Quality: 28% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1001215A, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 98stringCOMMON
C-Code - Quality: 87% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000D78A, Relevance: 9.1, APIs: 6, Instructions: 87memoryCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10012237, Relevance: 7.6, APIs: 5, Instructions: 52stringCOMMON
C-Code - Quality: 79% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000CFC6, Relevance: 7.5, APIs: 5, Instructions: 43COMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000B988, Relevance: 7.5, APIs: 5, Instructions: 32threadCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000A9F9, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 177pipeCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000C510, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 117libraryCOMMON
C-Code - Quality: 89% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10012DB0, Relevance: 6.6, APIs: 5, Instructions: 341COMMON
C-Code - Quality: 99% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 52% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10001C51, Relevance: 6.1, APIs: 4, Instructions: 106COMMON
C-Code - Quality: 75% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10001B16, Relevance: 6.1, APIs: 4, Instructions: 97threadCOMMON
C-Code - Quality: 73% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10001A01, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108stringCOMMON
C-Code - Quality: 72% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 00AF31B5, Relevance: 1.6, APIs: 1, Instructions: 83COMMON
C-Code - Quality: 79% |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AF5A54, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AFB7EA, Relevance: 7.6, APIs: 5, Instructions: 83stringCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AFCFC6, Relevance: 7.5, APIs: 5, Instructions: 43COMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B024D3, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 151libraryCOMMON
C-Code - Quality: 50% |
|
APIs |
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AF2ECD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 99registryCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AF9B24, Relevance: 6.3, APIs: 4, Instructions: 254COMMON
C-Code - Quality: 86% |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AF3294, Relevance: 6.2, APIs: 4, Instructions: 189pipeCOMMON
C-Code - Quality: 54% |
|
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AF5624, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97sleepsynchronizationCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AFDFEF, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 66% |
|
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AFB9DA, Relevance: 4.6, APIs: 3, Instructions: 54COMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AFB054, Relevance: 3.8, APIs: 3, Instructions: 72stringCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AF6D81, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 106fileCOMMON
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AF2ADD, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 71stringCOMMON
C-Code - Quality: 89% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AF98CF, Relevance: 3.1, APIs: 2, Instructions: 133COMMON
C-Code - Quality: 94% |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AFA6EB, Relevance: 3.1, APIs: 2, Instructions: 90fileCOMMON
C-Code - Quality: 27% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 76% |
|
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 47% |
|
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AF2C82, Relevance: 1.6, APIs: 1, Instructions: 110COMMON
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AF5AF2, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AFE492, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AFA69E, Relevance: 1.5, APIs: 1, Instructions: 37fileCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AF85FB, Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AFA639, Relevance: 1.5, APIs: 1, Instructions: 32fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AFA7BF, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AF9887, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AFB379, Relevance: 1.5, APIs: 1, Instructions: 25COMMON
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AFA67D, Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AF4998, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AF85E5, Relevance: 1.5, APIs: 1, Instructions: 8memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AFB2AB, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AF85D0, Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 59% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AFFA01, Relevance: 1.4, APIs: 1, Instructions: 117sleepCOMMON
C-Code - Quality: 88% |
|
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 97% |
|
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AFE308, Relevance: 1.3, APIs: 1, Instructions: 92sleepCOMMON
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AFA3D8, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AF5D5E, Relevance: 1.3, APIs: 1, Instructions: 49stringCOMMON
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AF5CCD, Relevance: 1.3, APIs: 1, Instructions: 38COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AFDB7E, Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 388memoryCOMMON
C-Code - Quality: 50% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AFC702, Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 200registryCOMMON
C-Code - Quality: 59% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B016F0, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 70libraryloaderCOMMON
C-Code - Quality: 28% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0215A, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 98stringCOMMON
C-Code - Quality: 87% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AFD78A, Relevance: 9.1, APIs: 6, Instructions: 87memoryCOMMON
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 30% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B02237, Relevance: 7.6, APIs: 5, Instructions: 52stringCOMMON
C-Code - Quality: 79% |
|
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AFA9F9, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 177pipeCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AFC510, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 117libraryCOMMON
C-Code - Quality: 89% |
|
APIs |
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B02DB0, Relevance: 6.6, APIs: 5, Instructions: 341COMMON
C-Code - Quality: 99% |
|
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 52% |
|
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AF1C51, Relevance: 6.1, APIs: 4, Instructions: 106COMMON
C-Code - Quality: 75% |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AF1B16, Relevance: 6.1, APIs: 4, Instructions: 97threadCOMMON
C-Code - Quality: 73% |
|
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AF1A01, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108stringCOMMON
C-Code - Quality: 72% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |