Windows
Analysis Report
Orden de compra 0001-00255454.xlam.xlsx
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
- EXCEL.EXE (PID: 980 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\EXCEL. EXE" /auto mation -Em bedding MD5: D53B85E21886D2AF9815C377537BCAC3) - EQNEDT32.EXE (PID: 1924 cmdline:
"C:\Progra m Files\Co mmon Files \Microsoft Shared\EQ UATION\EQN EDT32.EXE" -Embeddin g MD5: A87236E214F6D42A65F5DEDAC816AEC8) - negrett.exe (PID: 1500 cmdline:
C:\Users\u ser\AppDat a\Roaming\ negrett.ex e MD5: FBCCDD35EE6DCCADAEAA69E37FBBD171) - name.exe (PID: 2504 cmdline:
C:\Users\u ser\AppDat a\Roaming\ negrett.ex e MD5: CF439A4CF698F8D15901A3CAA5F503FE) - RegSvcs.exe (PID: 1304 cmdline:
C:\Users\u ser\AppDat a\Roaming\ negrett.ex e MD5: 19855C0DC5BEC9FDF925307C57F9F5FC)
- wscript.exe (PID: 2644 cmdline:
"C:\Window s\System32 \WScript.e xe" "C:\Us ers\user\A ppData\Roa ming\Micro soft\Windo ws\Start M enu\Progra ms\Startup \name.vbs" MD5: 045451FA238A75305CC26AC982472367) - name.exe (PID: 2308 cmdline:
"C:\Users\ user\AppDa ta\Local\d irectory\n ame.exe" MD5: CF439A4CF698F8D15901A3CAA5F503FE) - RegSvcs.exe (PID: 2160 cmdline:
"C:\Users\ user\AppDa ta\Local\d irectory\n ame.exe" MD5: 19855C0DC5BEC9FDF925307C57F9F5FC)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
RedLine Stealer | RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer. | No Attribution |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
{"Exfil Mode": "SMTP", "FTP Server": "ftp://ftp.antoniomayol.com/", "FTP Username": "johnson@antoniomayol.com", "Password": "DAIpro123**", "Username": "contabilidad@daipro.com.mx", "Host": "mail.daipro.com.mx", "Port": "587"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
INDICATOR_XML_LegacyDrawing_AutoLoad_Document | detects AutoLoad documents using LegacyDrawing | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | ||
Click to see the 38 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | ||
Click to see the 121 entries |
Exploits |
---|
Source: | Author: Joe Security: |
Source: | Author: Joe Security: |
System Summary |
---|
Source: | Author: Max Altgelt (Nextron Systems): |
Source: | Author: Jason Lynch: |
Source: | Author: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: |
Source: | Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: |
Source: | Author: Brandon George (blog post), Thomas Patzke: |
Source: | Author: Michael Haag: |
Source: | Author: frack113: |
Data Obfuscation |
---|
Source: | Author: Joe Security: |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Exploits |
---|
Source: | Network connect: | Jump to behavior | ||
Source: | Network connect: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process created: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 5_2_00B7DBBE | |
Source: | Code function: | 5_2_00B4C2A2 | |
Source: | Code function: | 5_2_00B868EE | |
Source: | Code function: | 5_2_00B8698F | |
Source: | Code function: | 8_2_0105DBBE | |
Source: | Code function: | 8_2_0102C2A2 | |
Source: | Code function: | 8_2_0106698F | |
Source: | Code function: | 8_2_010668EE | |
Source: | Code function: | 8_2_0105D076 | |
Source: | Code function: | 8_2_0105D3A9 | |
Source: | Code function: | 8_2_0106979D | |
Source: | Code function: | 8_2_01069642 | |
Source: | Code function: | 8_2_01069B2B | |
Source: | Code function: | 8_2_01065C97 | |
Source: | Code function: | 11_2_0139DBBE | |
Source: | Code function: | 11_2_0136C2A2 | |
Source: | Code function: | 11_2_013A698F | |
Source: | Code function: | 11_2_013A68EE | |
Source: | Code function: | 11_2_0139D076 | |
Source: | Code function: | 11_2_0139D3A9 | |
Source: | Code function: | 11_2_013A979D | |
Source: | Code function: | 11_2_013A9642 | |
Source: | Code function: | 11_2_013A9B2B | |
Source: | Code function: | 11_2_013A5C97 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Software Vulnerabilities |
---|
Source: | Process created: |
Source: | Code function: | 2_2_035306F5 | |
Source: | Code function: | 2_2_03530715 | |
Source: | Code function: | 2_2_03530631 | |
Source: | Code function: | 2_2_035306AA | |
Source: | Code function: | 2_2_0353064B |
Source: | Code function: | 9_2_003DDC68 | |
Source: | Code function: | 9_2_00A86CF8 | |
Source: | Code function: | 9_2_00A86858 | |
Source: | Code function: | 9_2_00A84AB8 | |
Source: | Code function: | 9_2_00A84AB8 | |
Source: | Code function: | 9_2_00A856D8 | |
Source: | Code function: | 9_2_00A83FE0 | |
Source: | Code function: | 9_2_00A86CE8 | |
Source: | Code function: | 9_2_00A8703F | |
Source: | Code function: | 9_2_00A8F6D1 | |
Source: | Code function: | 9_2_00A8EE21 | |
Source: | Code function: | 9_2_00A8F279 | |
Source: | Code function: | 9_2_00A85FA4 | |
Source: | Code function: | 9_2_00A863F8 | |
Source: | Code function: | 9_2_00A8FB29 | |
Source: | Code function: | 9_2_00A85B47 | |
Source: | Code function: | 9_2_00D245C0 | |
Source: | Code function: | 9_2_00D208F0 | |
Source: | Code function: | 9_2_00D215F8 | |
Source: | Code function: | 9_2_00D29EE0 | |
Source: | Code function: | 9_2_00D2ABE8 | |
Source: | Code function: | 9_2_00D2A790 | |
Source: | Code function: | 9_2_00D20498 | |
Source: | Code function: | 9_2_00D2B498 | |
Source: | Code function: | 9_2_00D22BB0 | |
Source: | Code function: | 9_2_00D291B0 | |
Source: | Code function: | 9_2_00D238B8 | |
Source: | Code function: | 9_2_00D211A0 | |
Source: | Code function: | 9_2_00D21EA8 | |
Source: | Code function: | 9_2_00D284A8 | |
Source: | Code function: | 9_2_00D21A50 | |
Source: | Code function: | 9_2_00D22758 | |
Source: | Code function: | 9_2_00D26258 | |
Source: | Code function: | 9_2_00D28D58 | |
Source: | Code function: | 9_2_00D20040 | |
Source: | Code function: | 9_2_00D2B040 | |
Source: | Code function: | 9_2_00D2624A | |
Source: | Code function: | 9_2_00D20D48 | |
Source: | Code function: | 9_2_00D23460 | |
Source: | Code function: | 9_2_00D29A60 | |
Source: | Code function: | 9_2_00D24168 | |
Source: | Code function: | 9_2_00D23D10 | |
Source: | Code function: | 9_2_00D22300 | |
Source: | Code function: | 9_2_00D28900 | |
Source: | Code function: | 9_2_00D23008 | |
Source: | Code function: | 9_2_00D29608 | |
Source: | Code function: | 9_2_00D2A338 | |
Source: | Code function: | 9_2_00D28028 |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Networking |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 2_2_035306AA |
Source: | File created: | Jump to behavior |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Code function: | 5_2_00B8EAFF |
Source: | Code function: | 5_2_00B8ED6A | |
Source: | Code function: | 8_2_0106ED6A | |
Source: | Code function: | 11_2_013AED6A |
Source: | Code function: | 5_2_00B8EAFF |
Source: | Code function: | 5_2_00B7AA57 |
Source: | Code function: | 8_2_01089576 | |
Source: | Code function: | 11_2_013C9576 |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | String found in binary or memory: | memstr_dafd640f-6 | |
Source: | String found in binary or memory: | memstr_bd735227-d | |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | memstr_59ed402a-6 | |
Source: | String found in binary or memory: | memstr_e6e71942-0 | |
Source: | String found in binary or memory: | memstr_8a996c3d-f | |
Source: | String found in binary or memory: | memstr_2f1f07c6-2 | |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | memstr_ef89f19f-6 | |
Source: | String found in binary or memory: | memstr_c6b2ebc5-6 | |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | memstr_55d6bc35-1 | |
Source: | String found in binary or memory: | memstr_a04743ab-d | |
Source: | String found in binary or memory: | memstr_b5ac6e26-5 | |
Source: | String found in binary or memory: | memstr_bd6a790b-0 | |
Source: | String found in binary or memory: | memstr_af25db20-4 | |
Source: | String found in binary or memory: | memstr_bd7c0de8-2 |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | COM Object queried: | Jump to behavior |
Source: | Process Stats: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 8_2_0105D5EB |
Source: | Code function: | 8_2_01051201 |
Source: | Code function: | 5_2_00B7E8F6 | |
Source: | Code function: | 8_2_0105E8F6 | |
Source: | Code function: | 11_2_0139E8F6 |
Source: | Code function: | 5_3_029EA3AC | |
Source: | Code function: | 5_3_02A061D9 | |
Source: | Code function: | 5_3_029F0794 | |
Source: | Code function: | 5_3_029D85C0 | |
Source: | Code function: | 5_3_029F0B06 | |
Source: | Code function: | 5_3_029EAB31 | |
Source: | Code function: | 5_3_029F6E4A | |
Source: | Code function: | 5_3_029F6C1B | |
Source: | Code function: | 5_3_029F0DB0 | |
Source: | Code function: | 5_3_029D6D20 | |
Source: | Code function: | 5_3_029E8D7D | |
Source: | Code function: | 5_3_02A092EE | |
Source: | Code function: | 5_3_02A5B244 | |
Source: | Code function: | 5_3_029F1332 | |
Source: | Code function: | 5_3_029DB340 | |
Source: | Code function: | 5_3_029F70A7 | |
Source: | Code function: | 5_3_029F1077 | |
Source: | Code function: | 5_3_02A37698 | |
Source: | Code function: | 5_3_02A41446 | |
Source: | Code function: | 5_3_029D7460 | |
Source: | Code function: | 5_3_02A05B6B | |
Source: | Code function: | 5_3_02A0D8FF | |
Source: | Code function: | 5_3_029FBEA0 | |
Source: | Code function: | 5_3_029DBEF0 | |
Source: | Code function: | 5_3_02A63C73 | |
Source: | Code function: | 5_2_00B18060 | |
Source: | Code function: | 5_2_00B82046 | |
Source: | Code function: | 5_2_00B78298 | |
Source: | Code function: | 5_2_00B4E4FF | |
Source: | Code function: | 5_2_00B4676B | |
Source: | Code function: | 5_2_00BA4873 | |
Source: | Code function: | 5_2_00B3CAA0 | |
Source: | Code function: | 5_2_00B1CAF0 | |
Source: | Code function: | 5_2_00B2CC39 | |
Source: | Code function: | 5_2_00B46DD9 | |
Source: | Code function: | 8_2_00FF8060 | |
Source: | Code function: | 8_2_01062046 | |
Source: | Code function: | 8_2_01058298 | |
Source: | Code function: | 8_2_0102E4FF | |
Source: | Code function: | 8_2_0102676B | |
Source: | Code function: | 8_2_01084873 | |
Source: | Code function: | 8_2_00FFCAF0 | |
Source: | Code function: | 8_2_0101CAA0 | |
Source: | Code function: | 8_2_01026DD9 | |
Source: | Code function: | 8_2_0100CC39 | |
Source: | Code function: | 8_2_0100B119 | |
Source: | Code function: | 8_2_00FF91C0 | |
Source: | Code function: | 8_2_01011394 | |
Source: | Code function: | 8_2_01011706 | |
Source: | Code function: | 8_2_0100997D | |
Source: | Code function: | 8_2_010119B0 | |
Source: | Code function: | 8_2_0101781B | |
Source: | Code function: | 8_2_00FF7920 | |
Source: | Code function: | 8_2_01017A4A | |
Source: | Code function: | 8_2_01011C77 | |
Source: | Code function: | 8_2_01017CA7 | |
Source: | Code function: | 8_2_01011F32 | |
Source: | Code function: | 8_2_0107BE44 | |
Source: | Code function: | 8_2_01029EEE | |
Source: | Code function: | 8_2_001936F0 | |
Source: | Code function: | 9_2_00408C60 | |
Source: | Code function: | 9_2_0040DC11 | |
Source: | Code function: | 9_2_00407C3F | |
Source: | Code function: | 9_2_00418CCC | |
Source: | Code function: | 9_2_00406CA0 | |
Source: | Code function: | 9_2_004028B0 | |
Source: | Code function: | 9_2_0041A4BE | |
Source: | Code function: | 9_2_00418244 | |
Source: | Code function: | 9_2_00401650 | |
Source: | Code function: | 9_2_00402F20 | |
Source: | Code function: | 9_2_004193C4 | |
Source: | Code function: | 9_2_00418788 | |
Source: | Code function: | 9_2_00402F89 | |
Source: | Code function: | 9_2_00402B90 | |
Source: | Code function: | 9_2_004073A0 | |
Source: | Code function: | 9_2_003D1560 | |
Source: | Code function: | 9_2_003D1551 | |
Source: | Code function: | 9_2_003D12B0 | |
Source: | Code function: | 9_2_003D12C0 | |
Source: | Code function: | 9_2_00A828F0 | |
Source: | Code function: | 9_2_00A82020 | |
Source: | Code function: | 9_2_00A8741A | |
Source: | Code function: | 9_2_00A86858 | |
Source: | Code function: | 9_2_00A8BDE1 | |
Source: | Code function: | 9_2_00A81D30 | |
Source: | Code function: | 9_2_00A84AB8 | |
Source: | Code function: | 9_2_00A8828A | |
Source: | Code function: | 9_2_00A856D8 | |
Source: | Code function: | 9_2_00A82600 | |
Source: | Code function: | 9_2_00A81A40 | |
Source: | Code function: | 9_2_00A83FE0 | |
Source: | Code function: | 9_2_00A82BE0 | |
Source: | Code function: | 9_2_00A8B720 | |
Source: | Code function: | 9_2_00A82310 | |
Source: | Code function: | 9_2_00A80F48 | |
Source: | Code function: | 9_2_00A828E4 | |
Source: | Code function: | 9_2_00A82010 | |
Source: | Code function: | 9_2_00A825F1 | |
Source: | Code function: | 9_2_00A81D20 | |
Source: | Code function: | 9_2_00A8F6D1 | |
Source: | Code function: | 9_2_00A8EE21 | |
Source: | Code function: | 9_2_00A8F279 | |
Source: | Code function: | 9_2_00A85FA4 | |
Source: | Code function: | 9_2_00A8AF89 | |
Source: | Code function: | 9_2_00A8AF98 | |
Source: | Code function: | 9_2_00A863F8 | |
Source: | Code function: | 9_2_00A82BD0 | |
Source: | Code function: | 9_2_00A83FD4 | |
Source: | Code function: | 9_2_00A8FB29 | |
Source: | Code function: | 9_2_00A80F39 | |
Source: | Code function: | 9_2_00A82300 | |
Source: | Code function: | 9_2_00A8B71F | |
Source: | Code function: | 9_2_00A85B47 | |
Source: | Code function: | 9_2_00D2E6E0 | |
Source: | Code function: | 9_2_00D2C6E8 | |
Source: | Code function: | 9_2_00D2C080 | |
Source: | Code function: | 9_2_00D2D3A8 | |
Source: | Code function: | 9_2_00D2F3A8 | |
Source: | Code function: | 9_2_00D2CD48 | |
Source: | Code function: | 9_2_00D2ED48 | |
Source: | Code function: | 9_2_00D2E078 | |
Source: | Code function: | 9_2_00D2DA10 | |
Source: | Code function: | 9_2_00D24A18 | |
Source: | Code function: | 9_2_00D265D0 | |
Source: | Code function: | 9_2_00D2E6D0 | |
Source: | Code function: | 9_2_00D2ABD8 | |
Source: | Code function: | 9_2_00D2C6D8 | |
Source: | Code function: | 9_2_00D245C0 | |
Source: | Code function: | 9_2_00D272C8 | |
Source: | Code function: | 9_2_00D208F0 | |
Source: | Code function: | 9_2_00D288F0 | |
Source: | Code function: | 9_2_00D215F7 | |
Source: | Code function: | 9_2_00D215F8 | |
Source: | Code function: | 9_2_00D222FF | |
Source: | Code function: | 9_2_00D29EE0 | |
Source: | Code function: | 9_2_00D2ABE8 | |
Source: | Code function: | 9_2_00D2A790 | |
Source: | Code function: | 9_2_00D2B497 | |
Source: | Code function: | 9_2_00D2D39A | |
Source: | Code function: | 9_2_00D20498 | |
Source: | Code function: | 9_2_00D2B498 | |
Source: | Code function: | 9_2_00D2F398 | |
Source: | Code function: | 9_2_00D2119F | |
Source: | Code function: | 9_2_00D25888 | |
Source: | Code function: | 9_2_00D22BB0 | |
Source: | Code function: | 9_2_00D291B0 | |
Source: | Code function: | 9_2_00D238B7 | |
Source: | Code function: | 9_2_00D238B8 | |
Source: | Code function: | 9_2_00D245BF | |
Source: | Code function: | 9_2_00D211A0 | |
Source: | Code function: | 9_2_00D21EA7 | |
Source: | Code function: | 9_2_00D21EA8 | |
Source: | Code function: | 9_2_00D284A8 | |
Source: | Code function: | 9_2_00D22BAF | |
Source: | Code function: | 9_2_00D21A50 | |
Source: | Code function: | 9_2_00D22757 | |
Source: | Code function: | 9_2_00D22758 | |
Source: | Code function: | 9_2_00D26258 | |
Source: | Code function: | 9_2_00D28D58 | |
Source: | Code function: | 9_2_00D2345F | |
Source: | Code function: | 9_2_00D20040 | |
Source: | Code function: | 9_2_00D2B040 | |
Source: | Code function: | 9_2_00D2624A | |
Source: | Code function: | 9_2_00D20D48 | |
Source: | Code function: | 9_2_00D21A4F | |
Source: | Code function: | 9_2_00D2C076 | |
Source: | Code function: | 9_2_00D25878 | |
Source: | Code function: | 9_2_00D23460 | |
Source: | Code function: | 9_2_00D29A60 | |
Source: | Code function: | 9_2_00D24167 | |
Source: | Code function: | 9_2_00D24168 | |
Source: | Code function: | 9_2_00D2E068 | |
Source: | Code function: | 9_2_00D23D10 | |
Source: | Code function: | 9_2_00D22300 | |
Source: | Code function: | 9_2_00D28900 | |
Source: | Code function: | 9_2_00D2DA00 | |
Source: | Code function: | 9_2_00D23007 | |
Source: | Code function: | 9_2_00D23008 | |
Source: | Code function: | 9_2_00D29608 | |
Source: | Code function: | 9_2_00D23D0F | |
Source: | Code function: | 9_2_00D2B031 | |
Source: | Code function: | 9_2_00D2A338 | |
Source: | Code function: | 9_2_00D2CD38 | |
Source: | Code function: | 9_2_00D2ED38 | |
Source: | Code function: | 9_2_00D28028 | |
Source: | Code function: | 11_2_01338060 | |
Source: | Code function: | 11_2_013A2046 | |
Source: | Code function: | 11_2_01398298 | |
Source: | Code function: | 11_2_0136E4FF | |
Source: | Code function: | 11_2_0136676B | |
Source: | Code function: | 11_2_013C4873 | |
Source: | Code function: | 11_2_0135CAA0 | |
Source: | Code function: | 11_2_0133CAF0 | |
Source: | Code function: | 11_2_01366DD9 | |
Source: | Code function: | 11_2_0134CC39 | |
Source: | Code function: | 11_2_0134B119 | |
Source: | Code function: | 11_2_013391C0 | |
Source: | Code function: | 11_2_01351394 | |
Source: | Code function: | 11_2_0134120B | |
Source: | Code function: | 11_2_01351706 | |
Source: | Code function: | 11_2_01337920 | |
Source: | Code function: | 11_2_0134997D | |
Source: | Code function: | 11_2_013519B0 | |
Source: | Code function: | 11_2_0135781B | |
Source: | Code function: | 11_2_01357A4A | |
Source: | Code function: | 11_2_01351C77 | |
Source: | Code function: | 11_2_01357CA7 | |
Source: | Code function: | 11_2_01351F32 | |
Source: | Code function: | 11_2_013BBE44 | |
Source: | Code function: | 11_2_01369EEE | |
Source: | Code function: | 11_2_005536F0 |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | Code function: | 8_2_010637B5 |
Source: | Code function: | 8_2_010510BF | |
Source: | Code function: | 8_2_010516C3 | |
Source: | Code function: | 11_2_013910BF | |
Source: | Code function: | 11_2_013916C3 |
Source: | Code function: | 8_2_010651CD |
Source: | Code function: | 5_2_00B9A67C |
Source: | Code function: | 5_2_00B8648E |
Source: | Code function: | 5_2_00B142A2 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Process created: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Initial sample: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 5_2_00B142DE |
Source: | Code function: | 5_3_029EFE89 | |
Source: | Code function: | 5_2_00B30A89 | |
Source: | Code function: | 8_2_01010A89 | |
Source: | Code function: | 9_2_0041C4E2 | |
Source: | Code function: | 9_2_0041C4E2 | |
Source: | Code function: | 9_2_0040E230 | |
Source: | Code function: | 9_2_0041C6BF | |
Source: | Code function: | 11_2_01350A89 |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Persistence and Installation Behavior |
---|
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Code function: | 8_2_0100F98E | |
Source: | Code function: | 8_2_01081C41 | |
Source: | Code function: | 11_2_0134F98E | |
Source: | Code function: | 11_2_013C1C41 |
Source: | Key value created or modified: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Sandbox detection routine: | graph_5-46719 | ||
Source: | Sandbox detection routine: | graph_8-98652 |
Source: | Code function: | 9_2_004019F0 |
Source: | Code function: | 8_2_01001199 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Evasive API call chain: |
Source: | API coverage: | ||
Source: | API coverage: | ||
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Code function: | 5_2_00B7DBBE | |
Source: | Code function: | 5_2_00B4C2A2 | |
Source: | Code function: | 5_2_00B868EE | |
Source: | Code function: | 5_2_00B8698F | |
Source: | Code function: | 8_2_0105DBBE | |
Source: | Code function: | 8_2_0102C2A2 | |
Source: | Code function: | 8_2_0106698F | |
Source: | Code function: | 8_2_010668EE | |
Source: | Code function: | 8_2_0105D076 | |
Source: | Code function: | 8_2_0105D3A9 | |
Source: | Code function: | 8_2_0106979D | |
Source: | Code function: | 8_2_01069642 | |
Source: | Code function: | 8_2_01069B2B | |
Source: | Code function: | 8_2_01065C97 | |
Source: | Code function: | 11_2_0139DBBE | |
Source: | Code function: | 11_2_0136C2A2 | |
Source: | Code function: | 11_2_013A698F | |
Source: | Code function: | 11_2_013A68EE | |
Source: | Code function: | 11_2_0139D076 | |
Source: | Code function: | 11_2_0139D3A9 | |
Source: | Code function: | 11_2_013A979D | |
Source: | Code function: | 11_2_013A9642 | |
Source: | Code function: | 11_2_013A9B2B | |
Source: | Code function: | 11_2_013A5C97 |
Source: | Code function: | 5_2_00B142DE |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | API call chain: |
Source: | Code function: | 9_2_00410C4B |
Source: | Code function: | 5_2_00B8EAA2 |
Source: | Code function: | 5_2_00B42622 |
Source: | Code function: | 9_2_004019F0 |
Source: | Code function: | 5_2_00B142DE |
Source: | Code function: | 2_2_03530715 | |
Source: | Code function: | 5_3_029F40E8 | |
Source: | Code function: | 5_2_00B34CE8 | |
Source: | Code function: | 8_2_01014CE8 | |
Source: | Code function: | 8_2_00193580 | |
Source: | Code function: | 8_2_001935E0 | |
Source: | Code function: | 8_2_00191ED0 | |
Source: | Code function: | 11_2_01354CE8 | |
Source: | Code function: | 11_2_005535E0 | |
Source: | Code function: | 11_2_00553580 | |
Source: | Code function: | 11_2_00551ED0 |
Source: | Code function: | 5_2_00B70B62 |
Source: | Code function: | 5_2_00B309D5 | |
Source: | Code function: | 5_2_00B42622 | |
Source: | Code function: | 5_2_00B3083F | |
Source: | Code function: | 5_2_00B30C21 | |
Source: | Code function: | 8_2_010109D5 | |
Source: | Code function: | 8_2_01022622 | |
Source: | Code function: | 8_2_0101083F | |
Source: | Code function: | 8_2_01010C21 | |
Source: | Code function: | 9_2_0040CE09 | |
Source: | Code function: | 9_2_0040E61C | |
Source: | Code function: | 9_2_00416F6A | |
Source: | Code function: | 9_2_004123F1 | |
Source: | Code function: | 11_2_013509D5 | |
Source: | Code function: | 11_2_01362622 | |
Source: | Code function: | 11_2_0135083F | |
Source: | Code function: | 11_2_01350C21 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Code function: | 8_2_01051201 |
Source: | Code function: | 5_2_00B52BA5 |
Source: | Code function: | 8_2_0105B226 |
Source: | Code function: | 5_2_00B922DA |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 5_2_00B70B62 |
Source: | Code function: | 8_2_01051663 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 5_3_029EFA98 |
Source: | Code function: | 9_2_00417A20 |
Source: | Code function: | 5_2_00B4333F |
Source: | Code function: | 8_2_0104D27A |
Source: | Code function: | 8_2_0102B952 |
Source: | Code function: | 5_2_00B142DE |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 8_2_01071204 | |
Source: | Code function: | 8_2_01071806 | |
Source: | Code function: | 11_2_013B1204 | |
Source: | Code function: | 11_2_013B1806 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 211 Scripting | 2 Valid Accounts | 2 Native API | 211 Scripting | 1 Exploitation for Privilege Escalation | 11 Disable or Modify Tools | 1 OS Credential Dumping | 2 System Time Discovery | Remote Services | 11 Archive Collected Data | 3 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | 33 Exploitation for Client Execution | 1 DLL Side-Loading | 1 DLL Side-Loading | 11 Deobfuscate/Decode Files or Information | 21 Input Capture | 1 Account Discovery | Remote Desktop Protocol | 1 Data from Local System | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | 2 Valid Accounts | 2 Valid Accounts | 3 Obfuscated Files or Information | Security Account Manager | 3 File and Directory Discovery | SMB/Windows Admin Shares | 1 Email Collection | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | 2 Registry Run Keys / Startup Folder | 21 Access Token Manipulation | 1 Install Root Certificate | NTDS | 27 System Information Discovery | Distributed Component Object Model | 21 Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 212 Process Injection | 1 Software Packing | LSA Secrets | 13 Security Software Discovery | SSH | 3 Clipboard Data | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | 2 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | Cached Domain Credentials | 131 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Masquerading | DCSync | 2 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 2 Valid Accounts | Proc Filesystem | 11 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 1 Modify Registry | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | 131 Virtualization/Sandbox Evasion | Network Sniffing | 1 Remote System Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
Network Security Appliances | Domains | Compromise Software Dependencies and Development Tools | AppleScript | Launchd | Launchd | 21 Access Token Manipulation | Input Capture | 1 System Network Configuration Discovery | Software Deployment Tools | Remote Data Staging | Mail Protocols | Exfiltration Over Unencrypted Non-C2 Protocol | Firmware Corruption |
Gather Victim Org Information | DNS Server | Compromise Software Supply Chain | Windows Command Shell | Scheduled Task | Scheduled Task | 212 Process Injection | Keylogging | Process Discovery | Taint Shared Content | Screen Capture | DNS | Exfiltration Over Physical Medium | Resource Hijacking |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
56% | Virustotal | Browse | ||
68% | ReversingLabs | Document-Office.Exploit.CVE-2017-11882 | ||
100% | Avira | EXP/CVE-2017-11882.Gen |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
4% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
18% | Virustotal | Browse | ||
16% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
4% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
baitalasma.com | 38.242.255.115 | true | true |
| unknown |
reallyfreegeoip.org | 172.67.177.134 | true | false |
| unknown |
checkip.dyndns.com | 158.101.44.242 | true | false |
| unknown |
checkip.dyndns.org | unknown | unknown | false |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
false |
| unknown | |
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
38.242.255.115 | baitalasma.com | United States | 36336 | NATIXISUS | true | |
104.21.67.152 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
158.101.44.242 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false | |
172.67.177.134 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1436299 |
Start date and time: | 2024-05-04 10:07:50 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 12m 55s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Orden de compra 0001-00255454.xlam.xlsx |
Detection: | MAL |
Classification: | mal100.troj.spyw.expl.evad.winXLSX@13/16@20/4 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Report creation exceeded maximum time and may have missing disassembly code information.
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
01:12:03 | Autostart | |
10:09:26 | API Interceptor | |
10:12:00 | API Interceptor | |
10:12:12 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
38.242.255.115 | Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| |
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
104.21.67.152 | Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse | ||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
158.101.44.242 | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Agent Tesla, AgentTesla | Browse |
| ||
Get hash | malicious | Agent Tesla, AgentTesla, RisePro Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
baitalasma.com | Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| |
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
checkip.dyndns.com | Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| |
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
reallyfreegeoip.org | Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| |
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | AgentTesla, PureLog Stealer, RedLine | Browse |
| |
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
NATIXISUS | Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
ORACLE-BMC-31898US | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | AgentTesla, PureLog Stealer, RedLine | Browse |
| |
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
05af1f5ca1b87cc9cc9b25185115607d | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
7dcce5b76c8b17472d024758970a406b | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | FormBook | Browse |
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\T76434567000[1].htm
Download File
Process: | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 4.43530643106624 |
Encrypted: | false |
SSDEEP: | 3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGu:q43tISl6kXiMIWSU6XlI5LP8IpfGu |
MD5: | 4F8E702CC244EC5D4DE32740C0ECBD97 |
SHA1: | 3ADB1F02D5B6054DE0046E367C1D687B6CDF7AFF |
SHA-256: | 9E17CB15DD75BBBD5DBB984EDA674863C3B10AB72613CF8A39A00C3E11A8492A |
SHA-512: | 21047FEA5269FEE75A2A187AA09316519E35068CB2F2F76CFAF371E5224445E9D5C98497BD76FB9608D2B73E9DAC1A3F5BFADFDC4623C479D53ECF93D81D3C9F |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\T76434567000[1].exe
Download File
Process: | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1357312 |
Entropy (8bit): | 6.788018216695586 |
Encrypted: | false |
SSDEEP: | 24576:uqDEvCTbMWu7rQYlBQcBiT6rprG8aj5OV969dMSEOQOTxK:uTvC/MTQYxsWR7aj5ODudMSEO |
MD5: | FBCCDD35EE6DCCADAEAA69E37FBBD171 |
SHA1: | D076D0BE3A846AFCE258DEF238BF7EF5FE5CACD5 |
SHA-256: | A0EAE98F6ADB6DD377456733EEDC98A453211B456E7F934818B584CCC74B1DE3 |
SHA-512: | A106A75FFC8042ECE8AC3E32F1BF2534C56C917F1540288C9685FDB9B832BE8CE8DAD4CDE914165C477A3ED0153FEFC92E3ED1119B8EED340E85D0A3538BF791 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Roaming\negrett.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29744 |
Entropy (8bit): | 3.561321965091604 |
Encrypted: | false |
SSDEEP: | 768:wiTZ+2QoioGRk6ZklputwjpjBkCiw2RuJ3nXKUrvzjsNbQE+IrCim4vfF3if6gyO:wiTZ+2QoioGRk6ZklputwjpjBkCiw2Ru |
MD5: | 518C70484039975D7C4CDF9C2801944B |
SHA1: | 7F0E0A4CE1EECC2C0ADC2475D1DB65048D2789DB |
SHA-256: | 3F43AC964B27B4A9E2EE511E5309EBEA2D3EFEE90AF5C95BD4136DE09A37D741 |
SHA-512: | F9B4A980E10B4FAA4052C1118DB3BF16C394D6BCF7963CECF91105F682C808898EEFF5FF717D735B3D56A76822C9552AD09A749BDD303AA1865349B65261599D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Roaming\negrett.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 228236 |
Entropy (8bit): | 7.978584093261845 |
Encrypted: | false |
SSDEEP: | 6144:j0PAE/6C+dNnxdEK2+CpQv8tvmUuh8ACqCi7cxFALh:wPAE/bmnDb2D9mReFALh |
MD5: | F1180A55F1DAC9F9BB49C5DDB5713F1B |
SHA1: | 1F23E1CA54E4C92482B9E22C86E7A856F8D91C31 |
SHA-256: | 9AB94DB31D4F78D1343D0FA8E82CA9092308F511D487290F7B5FF4A1E29A88BD |
SHA-512: | B08013D12A5033F9EB3D991859D491B008FCDD6CD91A81B7240AFA69638424A787D94D0372F92F020E8B3D887BC905F5585E521F6399CCF5573D1DC4A3BF6E0F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Roaming\negrett.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9998 |
Entropy (8bit): | 7.5935274912491515 |
Encrypted: | false |
SSDEEP: | 192:m+cKgzEeSCO8vvL3c04qyed8ipotr9EVgNcvWiN/81gokDWxkg10Gg:97gQeSCOO3nyed8My9EVgNcvR2yg10Gg |
MD5: | D4675AE4BCED0DBEEDB90230CF2B6179 |
SHA1: | 85785B7167135E7683795A6C56282693D7C15992 |
SHA-256: | 94955C3E9542147426F2538F79304E8BCAAF7D7FA0FA4EB6BEA54D790D73C9B6 |
SHA-512: | 005AC8D4FE05C07418D47F1130ED0CAC6776649FAD2CF0554BF6A608E7900E876083D0F3287D1F98615A6DDE0031BDD7A59F07F4CE7529B58B5A7431DA1CEA32 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\directory\name.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 228236 |
Entropy (8bit): | 7.978584093261845 |
Encrypted: | false |
SSDEEP: | 6144:j0PAE/6C+dNnxdEK2+CpQv8tvmUuh8ACqCi7cxFALh:wPAE/bmnDb2D9mReFALh |
MD5: | F1180A55F1DAC9F9BB49C5DDB5713F1B |
SHA1: | 1F23E1CA54E4C92482B9E22C86E7A856F8D91C31 |
SHA-256: | 9AB94DB31D4F78D1343D0FA8E82CA9092308F511D487290F7B5FF4A1E29A88BD |
SHA-512: | B08013D12A5033F9EB3D991859D491B008FCDD6CD91A81B7240AFA69638424A787D94D0372F92F020E8B3D887BC905F5585E521F6399CCF5573D1DC4A3BF6E0F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\directory\name.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9998 |
Entropy (8bit): | 7.5935274912491515 |
Encrypted: | false |
SSDEEP: | 192:m+cKgzEeSCO8vvL3c04qyed8ipotr9EVgNcvWiN/81gokDWxkg10Gg:97gQeSCOO3nyed8My9EVgNcvR2yg10Gg |
MD5: | D4675AE4BCED0DBEEDB90230CF2B6179 |
SHA1: | 85785B7167135E7683795A6C56282693D7C15992 |
SHA-256: | 94955C3E9542147426F2538F79304E8BCAAF7D7FA0FA4EB6BEA54D790D73C9B6 |
SHA-512: | 005AC8D4FE05C07418D47F1130ED0CAC6776649FAD2CF0554BF6A608E7900E876083D0F3287D1F98615A6DDE0031BDD7A59F07F4CE7529B58B5A7431DA1CEA32 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Local\directory\name.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 228236 |
Entropy (8bit): | 7.978584093261845 |
Encrypted: | false |
SSDEEP: | 6144:j0PAE/6C+dNnxdEK2+CpQv8tvmUuh8ACqCi7cxFALh:wPAE/bmnDb2D9mReFALh |
MD5: | F1180A55F1DAC9F9BB49C5DDB5713F1B |
SHA1: | 1F23E1CA54E4C92482B9E22C86E7A856F8D91C31 |
SHA-256: | 9AB94DB31D4F78D1343D0FA8E82CA9092308F511D487290F7B5FF4A1E29A88BD |
SHA-512: | B08013D12A5033F9EB3D991859D491B008FCDD6CD91A81B7240AFA69638424A787D94D0372F92F020E8B3D887BC905F5585E521F6399CCF5573D1DC4A3BF6E0F |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Local\directory\name.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9998 |
Entropy (8bit): | 7.5935274912491515 |
Encrypted: | false |
SSDEEP: | 192:m+cKgzEeSCO8vvL3c04qyed8ipotr9EVgNcvWiN/81gokDWxkg10Gg:97gQeSCOO3nyed8My9EVgNcvR2yg10Gg |
MD5: | D4675AE4BCED0DBEEDB90230CF2B6179 |
SHA1: | 85785B7167135E7683795A6C56282693D7C15992 |
SHA-256: | 94955C3E9542147426F2538F79304E8BCAAF7D7FA0FA4EB6BEA54D790D73C9B6 |
SHA-512: | 005AC8D4FE05C07418D47F1130ED0CAC6776649FAD2CF0554BF6A608E7900E876083D0F3287D1F98615A6DDE0031BDD7A59F07F4CE7529B58B5A7431DA1CEA32 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Roaming\negrett.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 229888 |
Entropy (8bit): | 7.853527489682686 |
Encrypted: | false |
SSDEEP: | 6144:odtxFqcDNpdmmp0IrlESm1KN0uMJQ3NJnEI/X0SEL:aFjJpdoQWSQKcJQ9NZEL |
MD5: | CD95747202E22552AF28CF9D1B68988C |
SHA1: | 76DB6EDB8D98BD729ECC3A5B4A8C9419B40CDC8E |
SHA-256: | CF71A48EA30F65F3C0F9F72774960C557D33C9C26A66CE31ACE95826C68F5149 |
SHA-512: | E0892060E7734CBF6D2DA1DA6E4B7CF743138D73A7A54985ADE51937ADCFF551FD300792E1FD4A5178A87AF4B75A8FC2AC4039952718406C62B76C8214228B3B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 1.4377382811115937 |
Encrypted: | false |
SSDEEP: | 3:vZ/FFDJw2fV:vBFFGS |
MD5: | 797869BB881CFBCDAC2064F92B26E46F |
SHA1: | 61C1B8FBF505956A77E9A79CE74EF5E281B01F4B |
SHA-256: | D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185 |
SHA-512: | 1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Roaming\negrett.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 109360640 |
Entropy (8bit): | 7.999114117008018 |
Encrypted: | true |
SSDEEP: | 98304:mjTQYxsWRy8DIMSEOC9hd2pqP5MuerTQRXtb6JCJm:m3dxfiMzF2pqhZrK |
MD5: | CF439A4CF698F8D15901A3CAA5F503FE |
SHA1: | B31BEE62A6893370C78F8A7D92319180E1201FF8 |
SHA-256: | 08934CC50B19DB7894D18CE045CFF85D884BA099801055D5062A667D4131C9B7 |
SHA-512: | 2A1EBE1C4673AC2F626F1E9CA8E436D8B25EE7903EDB040B5A654114B7869626304238ED8C75EF00C52A25BE8D83632A78DE087BE7BA68B76D6D9CDFFACCF379 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\directory\name.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 268 |
Entropy (8bit): | 3.432515153875934 |
Encrypted: | false |
SSDEEP: | 6:DMM8lfm3OOQdUfcltr1UEZ+lX1Al1AE6nriIM8lfQVn:DsO+vNlZ1Q1A1z4mA2n |
MD5: | 56B963F73C0E43390FF3FF4D7A017676 |
SHA1: | 3B13AC1CF25CDDF48309FC03DAE0C21E501BE72D |
SHA-256: | 894FD00EC8DF7058794232AEEB64467BC91FE4009F18FA1407E09E92444A9EE0 |
SHA-512: | 38D55BAD2C2EB6C764D036238AC2E220B9444C98F41857799C2316B25AC8BB6C4500E43D362DFFFDF7583858D7C553CF2F11D38962F0BBEC7618B6FA6C71F9F8 |
Malicious: | true |
Preview: |
Process: | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1357312 |
Entropy (8bit): | 6.788018216695586 |
Encrypted: | false |
SSDEEP: | 24576:uqDEvCTbMWu7rQYlBQcBiT6rprG8aj5OV969dMSEOQOTxK:uTvC/MTQYxsWR7aj5ODudMSEO |
MD5: | FBCCDD35EE6DCCADAEAA69E37FBBD171 |
SHA1: | D076D0BE3A846AFCE258DEF238BF7EF5FE5CACD5 |
SHA-256: | A0EAE98F6ADB6DD377456733EEDC98A453211B456E7F934818B584CCC74B1DE3 |
SHA-512: | A106A75FFC8042ECE8AC3E32F1BF2534C56C917F1540288C9685FDB9B832BE8CE8DAD4CDE914165C477A3ED0153FEFC92E3ED1119B8EED340E85D0A3538BF791 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 1.4377382811115937 |
Encrypted: | false |
SSDEEP: | 3:vZ/FFDJw2fV:vBFFGS |
MD5: | 797869BB881CFBCDAC2064F92B26E46F |
SHA1: | 61C1B8FBF505956A77E9A79CE74EF5E281B01F4B |
SHA-256: | D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185 |
SHA-512: | 1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 1.4377382811115937 |
Encrypted: | false |
SSDEEP: | 3:vZ/FFDJw2fV:vBFFGS |
MD5: | 797869BB881CFBCDAC2064F92B26E46F |
SHA1: | 61C1B8FBF505956A77E9A79CE74EF5E281B01F4B |
SHA-256: | D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185 |
SHA-512: | 1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.99835331125079 |
TrID: |
|
File name: | Orden de compra 0001-00255454.xlam.xlsx |
File size: | 718'272 bytes |
MD5: | a2e67a3d40ebd7f8872ebb1dda01aba9 |
SHA1: | 27feddfa7d771ff519757beaac8c974330e14e1d |
SHA256: | 5242cb2077f21596ec657daf5b6c45087259b85708f959f22b2490d1a381dd36 |
SHA512: | fcfba9a8f909a1aeeb04c342840c6a2f61372d499841394b4d4d266e5589647fe6c1197d004b73a3b988c12f0bc3620c22715fcd094a5f678d1a882ac963ded0 |
SSDEEP: | 12288:CrGgQXUKPBgmjlmVHfJprHevIGF3ZIM7NWSgCRIf0jKH2t8EgfWEicCokPyw58qs:uhKPB1U5eg6ZL7NWSV3gfkJokPywLB6/ |
TLSH: | 5EE433874EB21459EF898511C296AC3AA27F333FDA4013F729FFCB25452A489C1ED746 |
File Content Preview: | PK...........XOZ]n....E.......[Content_Types].xmlUT...d.5fd.5fd.5f...n.0..........t.b(......@...%&V#K......v.`...Ar.a..~..wz..|..L..Z]V.U`0..........*.!X.1`.6H.......&!.R..V-s...L..P.....c...3/t.........610....P7.{....b...['........ZAJ..`..U..@.8.;.6..NJ* |
Icon Hash: | 2562ab89a7b7bfbf |
Document Type: | OpenXML |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | |
Encrypted Document: | False |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | False |
Author: | |
Last Saved By: | |
Total Edit Time: | 0 |
Create Time: | 2022-08-10T18:51:50Z |
Last Saved Time: | 2023-08-08T20:02:56Z |
Creating Application: | |
Security: | 0 |
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 16.0300 |
General | |
Stream Path: | \x1OLE10NaTIVE |
CLSID: | |
File Type: | data |
Stream Size: | 1019488 |
Entropy: | 5.890458556459559 |
Base64 Encoded: | False |
Data ASCII: | . y . . . . . | 1 S . . + . . s b B > U . . 4 . A ] 3 2 . D . A 9 h . . . R I t . 9 . i X I ? . x . M ] B . . 4 | . . . V / q Y * . c [ 2 ^ 0 ! P g & ! L U . H . _ b s y . ' . . b J 5 & [ . . Z # . K . , . R | . N @ p e y s { # ^ ; f _ x W ; ! % - . ~ u . R ! . ] H S . . _ ? . . . . ~ ) . . . | M t U H + . { ^ b . W G % M . = . 7 . . . . N Z 4 H c " . . e . . / % \\ F . D . s . z ~ - . K B ' # . a X 8 . . Y < H . k . 3 . % . Q - R . . \\ u I $ 2 . 6 . u 6 4 s 5 T . . _ T i k . X . . ' J . . e u L e P . |
Data Raw: | 0e 79 d6 03 02 94 a2 18 86 c7 01 08 9d 8f be 7c 31 f2 fd 81 c6 c0 8b 53 02 8b 1e 8b 2b be c8 04 04 73 81 c6 e8 62 42 8d 8b 3e 55 ff d7 05 de a3 cc 34 05 41 5d 33 cb ff e0 32 1d ca 44 00 ae 41 e8 82 e5 c6 39 68 1f 9e da 0d b4 a8 01 95 52 49 74 e9 1a 39 ed b0 88 dd d4 2e 88 da 69 58 49 94 3f 04 be c8 c9 f1 fe 91 78 0e 4d cc 5d 42 0a f5 01 a0 cc 34 93 ca 7c c9 11 cf 11 a5 98 7f 56 2f |
General | |
Stream Path: | kIGXMKpAnNtXCm1GrVwWIsB0Ud5 |
CLSID: | |
File Type: | empty |
Stream Size: | 0 |
Entropy: | 0.0 |
Base64 Encoded: | False |
Data ASCII: | |
Data Raw: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 4, 2024 10:09:29.019311905 CEST | 49163 | 80 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:29.331157923 CEST | 80 | 49163 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:29.331232071 CEST | 49163 | 80 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:29.331490993 CEST | 49163 | 80 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:29.643115044 CEST | 80 | 49163 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:29.643255949 CEST | 80 | 49163 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:29.643333912 CEST | 49163 | 80 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:29.651585102 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:29.651639938 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:29.651705980 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:29.665791988 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:29.665811062 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:30.312975883 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:30.313184023 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:30.322016001 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:30.322036028 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:30.322438955 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:30.322495937 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:30.393388033 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:30.436130047 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.268598080 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.268663883 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.268703938 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.268714905 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.268781900 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.268794060 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.268860102 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.268915892 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.268970966 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.268989086 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.268994093 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.269018888 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.269031048 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.274445057 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.586555004 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.586604118 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.586673975 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.586684942 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.586697102 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.586715937 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.586740017 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.586746931 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.586757898 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.586764097 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.586807013 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.586901903 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.586941957 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.586971998 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.586977005 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.587014914 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.587049007 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.587965012 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.904247046 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.904299021 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.904592037 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.904624939 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.904658079 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.904694080 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.905461073 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.905509949 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.905514956 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.905524015 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.905554056 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.905599117 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.905639887 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.905647993 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.905652046 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.905684948 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.905849934 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.907037973 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.907080889 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.907104969 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.907113075 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.907129049 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.907150030 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.908077955 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.908154964 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.908195972 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.908202887 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.908206940 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:31.908240080 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:31.909545898 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.221962929 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.221976042 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.222016096 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.222136021 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.222158909 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.222176075 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.222220898 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.222266912 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.222537994 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.222580910 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.222584963 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.222590923 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.222618103 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.222634077 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.222721100 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.222759962 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.222764015 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.222769022 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.222810984 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.222887039 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.222925901 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.222927094 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.222937107 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.222966909 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.222976923 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.223607063 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.223645926 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.223691940 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.223691940 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.223702908 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.223732948 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.223747015 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.223788023 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.223826885 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.223829985 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.223834991 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.223865986 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.224492073 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.224531889 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.224541903 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.224549055 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.224571943 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.224586964 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.224721909 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.224767923 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.224772930 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.224781990 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.224819899 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.224934101 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.224973917 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.224980116 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.224984884 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.225028038 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.226056099 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.226099014 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.226108074 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.226114035 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.226135969 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.226154089 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.226241112 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.227173090 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.227227926 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.227236032 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.227245092 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.227284908 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.232387066 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.267081976 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.267144918 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.267334938 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.267334938 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.267366886 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.267385006 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.267415047 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.540961981 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.540977001 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.541019917 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.541208029 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.541208029 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.541208982 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.541224957 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.541239977 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.541286945 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.541309118 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.541313887 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.541378975 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.541939974 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.541980028 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.541994095 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.541999102 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.542023897 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.542037964 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.542423010 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.542469025 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.542469978 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.542478085 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.542515993 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.542541027 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.542751074 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.542792082 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.542800903 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.542805910 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.542839050 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.543132067 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.543178082 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.543184042 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.543188095 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.543220043 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.543232918 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.543495893 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.543536901 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.543549061 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.543553114 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.543577909 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.543592930 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.543776035 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.543814898 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.543826103 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.543829918 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.543860912 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.543983936 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.544023991 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.544034958 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.544039011 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.544068098 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.544090033 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.544281006 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.544318914 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.544332981 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.544337988 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.544362068 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.544374943 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.544578075 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.544606924 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.544626951 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.544631004 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.544648886 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.544665098 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.544751883 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.544790030 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.544797897 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.544802904 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.544833899 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.544987917 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.545026064 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.545037031 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.545042038 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.545068026 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.545078039 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.545216084 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.545254946 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.545262098 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.545265913 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.545303106 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.545461893 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.545551062 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.545594931 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.545604944 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.545614004 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.545635939 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.545650005 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.545824051 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.545870066 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.545872927 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.545880079 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.545907021 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.545975924 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.546016932 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.546021938 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.546030045 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.546057940 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.546066999 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.546098948 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.546142101 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.546149015 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.546153069 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.546190023 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.546266079 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.546303988 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.546315908 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.546319962 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.546351910 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.546542883 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.546583891 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.546596050 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.546601057 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.546627045 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.546646118 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.546662092 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.546705961 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.546714067 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.546717882 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.546751976 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.555099010 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.586437941 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.586486101 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.586606026 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.586616039 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.586642027 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.586671114 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.586688995 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.586760044 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.586802959 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.586841106 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.586847067 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.586888075 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.587804079 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.861577988 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.861633062 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.861825943 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.861845016 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.861870050 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.861908913 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.861913919 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.861933947 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.861948967 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.861962080 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.861972094 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.862005949 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.862005949 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.862015963 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.862056971 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.862061977 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.862071037 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.862111092 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.862155914 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.862195015 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.862210035 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.862214088 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.862243891 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.862251997 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.862272978 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.862309933 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.862319946 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.862323999 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.862381935 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.862415075 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.862456083 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.862458944 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.862458944 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.862466097 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.862509966 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.862509966 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.862550020 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.862588882 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.862596035 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.862601042 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.862632036 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.862721920 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.862760067 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.862760067 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.862762928 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.862773895 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.862822056 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.862822056 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.862857103 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.862898111 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.862905025 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.862910986 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.862942934 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.862967968 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.863176107 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.863218069 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.863223076 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.863228083 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.863260984 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.863269091 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.863410950 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.863589048 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.863631010 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.863632917 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.863640070 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.863675117 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.864052057 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.864093065 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.864108086 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.864114046 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.864141941 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.864152908 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.864481926 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.864533901 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.864535093 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.864542961 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.864578009 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.864938021 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.864989996 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.864991903 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.864999056 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.865035057 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.865245104 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.865293026 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.865304947 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.865310907 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.865339041 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.865349054 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.865592003 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.865632057 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.865643024 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.865648031 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.865675926 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.865690947 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.866134882 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.866174936 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.866189957 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.866194963 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.866221905 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.866236925 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.866676092 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.866727114 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.866730928 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.866736889 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.866777897 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.867141962 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.867189884 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.867196083 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.867202997 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.867237091 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.867300034 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.867357016 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.867366076 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.867418051 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.867688894 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.867719889 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.867738962 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.867743969 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.867753983 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.867774010 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.867911100 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.867952108 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.867963076 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.867966890 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.867995024 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.868005991 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.868432999 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.868479013 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.868489981 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.868494987 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.868525028 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.868532896 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.868547916 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.868587971 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.868594885 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.868599892 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.868633032 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.868685007 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.868725061 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.868737936 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.868741989 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.868774891 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.868781090 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.868840933 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.868881941 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.868887901 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.868892908 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.868928909 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.868969917 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.869009018 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.869018078 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.869023085 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.869052887 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.869064093 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.869190931 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.869229078 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.869234085 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.869240999 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.869272947 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.869286060 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.869329929 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.869369984 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.869379044 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.869384050 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.869404078 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.869419098 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.869611025 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.869657993 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.869668961 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.869673967 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.869702101 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.869718075 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.869968891 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.870007992 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.870021105 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.870027065 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.870048046 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.870068073 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.870277882 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.870321989 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.870327950 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.870332956 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.870363951 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.870379925 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.870496988 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.870537996 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.870548010 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.870553017 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.870579958 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.870594978 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.870829105 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.870857954 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.870882988 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.870887995 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.870898962 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.870927095 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.871148109 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.871186972 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.871196985 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.871201038 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.871233940 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.871335030 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.871386051 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.871391058 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.871400118 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.871437073 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.871656895 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.871690989 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.871706963 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.871717930 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.871726990 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.871737003 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.871756077 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.871790886 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:09:32.871833086 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.875415087 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.902288914 CEST | 49164 | 443 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:09:32.902321100 CEST | 443 | 49164 | 38.242.255.115 | 192.168.2.22 |
May 4, 2024 10:10:03.897012949 CEST | 49163 | 80 | 192.168.2.22 | 38.242.255.115 |
May 4, 2024 10:12:04.044719934 CEST | 49165 | 80 | 192.168.2.22 | 158.101.44.242 |
May 4, 2024 10:12:04.214817047 CEST | 80 | 49165 | 158.101.44.242 | 192.168.2.22 |
May 4, 2024 10:12:04.214906931 CEST | 49165 | 80 | 192.168.2.22 | 158.101.44.242 |
May 4, 2024 10:12:04.278867960 CEST | 49165 | 80 | 192.168.2.22 | 158.101.44.242 |
May 4, 2024 10:12:04.451245070 CEST | 80 | 49165 | 158.101.44.242 | 192.168.2.22 |
May 4, 2024 10:12:04.461009026 CEST | 80 | 49165 | 158.101.44.242 | 192.168.2.22 |
May 4, 2024 10:12:04.735033035 CEST | 49165 | 80 | 192.168.2.22 | 158.101.44.242 |
May 4, 2024 10:12:06.057971001 CEST | 49165 | 80 | 192.168.2.22 | 158.101.44.242 |
May 4, 2024 10:12:06.230024099 CEST | 80 | 49165 | 158.101.44.242 | 192.168.2.22 |
May 4, 2024 10:12:06.433186054 CEST | 49166 | 443 | 192.168.2.22 | 172.67.177.134 |
May 4, 2024 10:12:06.433223009 CEST | 443 | 49166 | 172.67.177.134 | 192.168.2.22 |
May 4, 2024 10:12:06.433304071 CEST | 49166 | 443 | 192.168.2.22 | 172.67.177.134 |
May 4, 2024 10:12:06.435339928 CEST | 49165 | 80 | 192.168.2.22 | 158.101.44.242 |
May 4, 2024 10:12:06.438465118 CEST | 49166 | 443 | 192.168.2.22 | 172.67.177.134 |
May 4, 2024 10:12:06.438489914 CEST | 443 | 49166 | 172.67.177.134 | 192.168.2.22 |
May 4, 2024 10:12:06.778544903 CEST | 443 | 49166 | 172.67.177.134 | 192.168.2.22 |
May 4, 2024 10:12:06.778786898 CEST | 49166 | 443 | 192.168.2.22 | 172.67.177.134 |
May 4, 2024 10:12:06.828803062 CEST | 49166 | 443 | 192.168.2.22 | 172.67.177.134 |
May 4, 2024 10:12:06.828824997 CEST | 443 | 49166 | 172.67.177.134 | 192.168.2.22 |
May 4, 2024 10:12:06.829227924 CEST | 443 | 49166 | 172.67.177.134 | 192.168.2.22 |
May 4, 2024 10:12:06.894844055 CEST | 49166 | 443 | 192.168.2.22 | 172.67.177.134 |
May 4, 2024 10:12:06.940125942 CEST | 443 | 49166 | 172.67.177.134 | 192.168.2.22 |
May 4, 2024 10:12:07.398540974 CEST | 443 | 49166 | 172.67.177.134 | 192.168.2.22 |
May 4, 2024 10:12:07.398642063 CEST | 443 | 49166 | 172.67.177.134 | 192.168.2.22 |
May 4, 2024 10:12:07.398720980 CEST | 49166 | 443 | 192.168.2.22 | 172.67.177.134 |
May 4, 2024 10:12:07.403965950 CEST | 49166 | 443 | 192.168.2.22 | 172.67.177.134 |
May 4, 2024 10:12:07.417736053 CEST | 49165 | 80 | 192.168.2.22 | 158.101.44.242 |
May 4, 2024 10:12:07.590217113 CEST | 80 | 49165 | 158.101.44.242 | 192.168.2.22 |
May 4, 2024 10:12:07.592386007 CEST | 49167 | 443 | 192.168.2.22 | 172.67.177.134 |
May 4, 2024 10:12:07.592425108 CEST | 443 | 49167 | 172.67.177.134 | 192.168.2.22 |
May 4, 2024 10:12:07.592495918 CEST | 49167 | 443 | 192.168.2.22 | 172.67.177.134 |
May 4, 2024 10:12:07.592788935 CEST | 49167 | 443 | 192.168.2.22 | 172.67.177.134 |
May 4, 2024 10:12:07.592808008 CEST | 443 | 49167 | 172.67.177.134 | 192.168.2.22 |
May 4, 2024 10:12:07.792648077 CEST | 49165 | 80 | 192.168.2.22 | 158.101.44.242 |
May 4, 2024 10:12:07.922662973 CEST | 443 | 49167 | 172.67.177.134 | 192.168.2.22 |
May 4, 2024 10:12:07.986479044 CEST | 49167 | 443 | 192.168.2.22 | 172.67.177.134 |
May 4, 2024 10:12:07.986515999 CEST | 443 | 49167 | 172.67.177.134 | 192.168.2.22 |
May 4, 2024 10:12:08.295521975 CEST | 443 | 49167 | 172.67.177.134 | 192.168.2.22 |
May 4, 2024 10:12:08.295635939 CEST | 443 | 49167 | 172.67.177.134 | 192.168.2.22 |
May 4, 2024 10:12:08.295829058 CEST | 49167 | 443 | 192.168.2.22 | 172.67.177.134 |
May 4, 2024 10:12:08.334769011 CEST | 49167 | 443 | 192.168.2.22 | 172.67.177.134 |
May 4, 2024 10:12:08.387398958 CEST | 49165 | 80 | 192.168.2.22 | 158.101.44.242 |
May 4, 2024 10:12:08.557574034 CEST | 80 | 49165 | 158.101.44.242 | 192.168.2.22 |
May 4, 2024 10:12:08.557665110 CEST | 49165 | 80 | 192.168.2.22 | 158.101.44.242 |
May 4, 2024 10:12:19.737972021 CEST | 49168 | 80 | 192.168.2.22 | 158.101.44.242 |
May 4, 2024 10:12:19.909044027 CEST | 80 | 49168 | 158.101.44.242 | 192.168.2.22 |
May 4, 2024 10:12:19.909167051 CEST | 49168 | 80 | 192.168.2.22 | 158.101.44.242 |
May 4, 2024 10:12:19.909475088 CEST | 49168 | 80 | 192.168.2.22 | 158.101.44.242 |
May 4, 2024 10:12:20.081522942 CEST | 80 | 49168 | 158.101.44.242 | 192.168.2.22 |
May 4, 2024 10:12:20.083189011 CEST | 80 | 49168 | 158.101.44.242 | 192.168.2.22 |
May 4, 2024 10:12:20.097779989 CEST | 49168 | 80 | 192.168.2.22 | 158.101.44.242 |
May 4, 2024 10:12:20.308232069 CEST | 80 | 49168 | 158.101.44.242 | 192.168.2.22 |
May 4, 2024 10:12:20.395169973 CEST | 80 | 49168 | 158.101.44.242 | 192.168.2.22 |
May 4, 2024 10:12:20.572244883 CEST | 49169 | 443 | 192.168.2.22 | 104.21.67.152 |
May 4, 2024 10:12:20.572292089 CEST | 443 | 49169 | 104.21.67.152 | 192.168.2.22 |
May 4, 2024 10:12:20.572356939 CEST | 49169 | 443 | 192.168.2.22 | 104.21.67.152 |
May 4, 2024 10:12:20.574661016 CEST | 49169 | 443 | 192.168.2.22 | 104.21.67.152 |
May 4, 2024 10:12:20.574677944 CEST | 443 | 49169 | 104.21.67.152 | 192.168.2.22 |
May 4, 2024 10:12:20.600162029 CEST | 49168 | 80 | 192.168.2.22 | 158.101.44.242 |
May 4, 2024 10:12:20.902178049 CEST | 443 | 49169 | 104.21.67.152 | 192.168.2.22 |
May 4, 2024 10:12:20.902307987 CEST | 49169 | 443 | 192.168.2.22 | 104.21.67.152 |
May 4, 2024 10:12:20.906040907 CEST | 49169 | 443 | 192.168.2.22 | 104.21.67.152 |
May 4, 2024 10:12:20.906049967 CEST | 443 | 49169 | 104.21.67.152 | 192.168.2.22 |
May 4, 2024 10:12:20.906331062 CEST | 443 | 49169 | 104.21.67.152 | 192.168.2.22 |
May 4, 2024 10:12:21.002635002 CEST | 49169 | 443 | 192.168.2.22 | 104.21.67.152 |
May 4, 2024 10:12:21.044122934 CEST | 443 | 49169 | 104.21.67.152 | 192.168.2.22 |
May 4, 2024 10:12:21.274130106 CEST | 443 | 49169 | 104.21.67.152 | 192.168.2.22 |
May 4, 2024 10:12:21.274251938 CEST | 443 | 49169 | 104.21.67.152 | 192.168.2.22 |
May 4, 2024 10:12:21.274321079 CEST | 49169 | 443 | 192.168.2.22 | 104.21.67.152 |
May 4, 2024 10:12:21.294751883 CEST | 49169 | 443 | 192.168.2.22 | 104.21.67.152 |
May 4, 2024 10:12:23.640651941 CEST | 49168 | 80 | 192.168.2.22 | 158.101.44.242 |
May 4, 2024 10:12:23.810739040 CEST | 80 | 49168 | 158.101.44.242 | 192.168.2.22 |
May 4, 2024 10:12:23.832438946 CEST | 80 | 49168 | 158.101.44.242 | 192.168.2.22 |
May 4, 2024 10:12:23.864722967 CEST | 49170 | 443 | 192.168.2.22 | 104.21.67.152 |
May 4, 2024 10:12:23.864774942 CEST | 443 | 49170 | 104.21.67.152 | 192.168.2.22 |
May 4, 2024 10:12:23.864844084 CEST | 49170 | 443 | 192.168.2.22 | 104.21.67.152 |
May 4, 2024 10:12:23.867995024 CEST | 49170 | 443 | 192.168.2.22 | 104.21.67.152 |
May 4, 2024 10:12:23.868007898 CEST | 443 | 49170 | 104.21.67.152 | 192.168.2.22 |
May 4, 2024 10:12:24.094615936 CEST | 49168 | 80 | 192.168.2.22 | 158.101.44.242 |
May 4, 2024 10:12:24.193567038 CEST | 443 | 49170 | 104.21.67.152 | 192.168.2.22 |
May 4, 2024 10:12:24.246501923 CEST | 49170 | 443 | 192.168.2.22 | 104.21.67.152 |
May 4, 2024 10:12:24.246536016 CEST | 443 | 49170 | 104.21.67.152 | 192.168.2.22 |
May 4, 2024 10:12:24.563359976 CEST | 443 | 49170 | 104.21.67.152 | 192.168.2.22 |
May 4, 2024 10:12:24.563478947 CEST | 443 | 49170 | 104.21.67.152 | 192.168.2.22 |
May 4, 2024 10:12:24.563534975 CEST | 49170 | 443 | 192.168.2.22 | 104.21.67.152 |
May 4, 2024 10:12:24.564125061 CEST | 49170 | 443 | 192.168.2.22 | 104.21.67.152 |
May 4, 2024 10:12:24.579102039 CEST | 49168 | 80 | 192.168.2.22 | 158.101.44.242 |
May 4, 2024 10:12:24.755489111 CEST | 80 | 49168 | 158.101.44.242 | 192.168.2.22 |
May 4, 2024 10:12:24.755609035 CEST | 49168 | 80 | 192.168.2.22 | 158.101.44.242 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 4, 2024 10:09:28.691240072 CEST | 54562 | 53 | 192.168.2.22 | 8.8.8.8 |
May 4, 2024 10:09:29.006750107 CEST | 53 | 54562 | 8.8.8.8 | 192.168.2.22 |
May 4, 2024 10:12:01.741612911 CEST | 52917 | 53 | 192.168.2.22 | 8.8.8.8 |
May 4, 2024 10:12:01.901099920 CEST | 53 | 52917 | 8.8.8.8 | 192.168.2.22 |
May 4, 2024 10:12:01.901402950 CEST | 52917 | 53 | 192.168.2.22 | 8.8.8.8 |
May 4, 2024 10:12:02.060646057 CEST | 53 | 52917 | 8.8.8.8 | 192.168.2.22 |
May 4, 2024 10:12:02.385366917 CEST | 62751 | 53 | 192.168.2.22 | 8.8.8.8 |
May 4, 2024 10:12:02.544819117 CEST | 53 | 62751 | 8.8.8.8 | 192.168.2.22 |
May 4, 2024 10:12:03.422985077 CEST | 62751 | 53 | 192.168.2.22 | 8.8.8.8 |
May 4, 2024 10:12:03.584394932 CEST | 53 | 62751 | 8.8.8.8 | 192.168.2.22 |
May 4, 2024 10:12:06.246519089 CEST | 57893 | 53 | 192.168.2.22 | 8.8.8.8 |
May 4, 2024 10:12:06.409584045 CEST | 53 | 57893 | 8.8.8.8 | 192.168.2.22 |
May 4, 2024 10:12:08.414736032 CEST | 54821 | 53 | 192.168.2.22 | 8.8.8.8 |
May 4, 2024 10:12:08.574315071 CEST | 53 | 54821 | 8.8.8.8 | 192.168.2.22 |
May 4, 2024 10:12:08.574852943 CEST | 54821 | 53 | 192.168.2.22 | 8.8.8.8 |
May 4, 2024 10:12:08.734234095 CEST | 53 | 54821 | 8.8.8.8 | 192.168.2.22 |
May 4, 2024 10:12:08.734452009 CEST | 54821 | 53 | 192.168.2.22 | 8.8.8.8 |
May 4, 2024 10:12:08.893876076 CEST | 53 | 54821 | 8.8.8.8 | 192.168.2.22 |
May 4, 2024 10:12:08.894104004 CEST | 54821 | 53 | 192.168.2.22 | 8.8.8.8 |
May 4, 2024 10:12:09.053811073 CEST | 53 | 54821 | 8.8.8.8 | 192.168.2.22 |
May 4, 2024 10:12:09.054089069 CEST | 54821 | 53 | 192.168.2.22 | 8.8.8.8 |
May 4, 2024 10:12:09.213597059 CEST | 53 | 54821 | 8.8.8.8 | 192.168.2.22 |
May 4, 2024 10:12:19.245646000 CEST | 54719 | 53 | 192.168.2.22 | 8.8.8.8 |
May 4, 2024 10:12:19.405261993 CEST | 53 | 54719 | 8.8.8.8 | 192.168.2.22 |
May 4, 2024 10:12:19.405617952 CEST | 54719 | 53 | 192.168.2.22 | 8.8.8.8 |
May 4, 2024 10:12:19.565104961 CEST | 53 | 54719 | 8.8.8.8 | 192.168.2.22 |
May 4, 2024 10:12:19.574176073 CEST | 49881 | 53 | 192.168.2.22 | 8.8.8.8 |
May 4, 2024 10:12:19.733669043 CEST | 53 | 49881 | 8.8.8.8 | 192.168.2.22 |
May 4, 2024 10:12:20.409099102 CEST | 54998 | 53 | 192.168.2.22 | 8.8.8.8 |
May 4, 2024 10:12:20.571605921 CEST | 53 | 54998 | 8.8.8.8 | 192.168.2.22 |
May 4, 2024 10:12:24.584345102 CEST | 52781 | 53 | 192.168.2.22 | 8.8.8.8 |
May 4, 2024 10:12:24.745874882 CEST | 53 | 52781 | 8.8.8.8 | 192.168.2.22 |
May 4, 2024 10:12:24.746490955 CEST | 52781 | 53 | 192.168.2.22 | 8.8.8.8 |
May 4, 2024 10:12:24.905953884 CEST | 53 | 52781 | 8.8.8.8 | 192.168.2.22 |
May 4, 2024 10:12:24.906183004 CEST | 52781 | 53 | 192.168.2.22 | 8.8.8.8 |
May 4, 2024 10:12:25.065807104 CEST | 53 | 52781 | 8.8.8.8 | 192.168.2.22 |
May 4, 2024 10:12:25.066088915 CEST | 52781 | 53 | 192.168.2.22 | 8.8.8.8 |
May 4, 2024 10:12:25.225657940 CEST | 53 | 52781 | 8.8.8.8 | 192.168.2.22 |
May 4, 2024 10:12:25.226152897 CEST | 52781 | 53 | 192.168.2.22 | 8.8.8.8 |
May 4, 2024 10:12:25.385550976 CEST | 53 | 52781 | 8.8.8.8 | 192.168.2.22 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 4, 2024 10:09:28.691240072 CEST | 192.168.2.22 | 8.8.8.8 | 0xc6af | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 10:12:01.741612911 CEST | 192.168.2.22 | 8.8.8.8 | 0x337b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 10:12:01.901402950 CEST | 192.168.2.22 | 8.8.8.8 | 0x337b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 10:12:02.385366917 CEST | 192.168.2.22 | 8.8.8.8 | 0x27e0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 10:12:03.422985077 CEST | 192.168.2.22 | 8.8.8.8 | 0x27e0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 10:12:06.246519089 CEST | 192.168.2.22 | 8.8.8.8 | 0x51a2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 10:12:08.414736032 CEST | 192.168.2.22 | 8.8.8.8 | 0xfeb2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 10:12:08.574852943 CEST | 192.168.2.22 | 8.8.8.8 | 0xfeb2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 10:12:08.734452009 CEST | 192.168.2.22 | 8.8.8.8 | 0xfeb2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 10:12:08.894104004 CEST | 192.168.2.22 | 8.8.8.8 | 0xfeb2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 10:12:09.054089069 CEST | 192.168.2.22 | 8.8.8.8 | 0xfeb2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 10:12:19.245646000 CEST | 192.168.2.22 | 8.8.8.8 | 0xf37b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 10:12:19.405617952 CEST | 192.168.2.22 | 8.8.8.8 | 0xf37b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 10:12:19.574176073 CEST | 192.168.2.22 | 8.8.8.8 | 0x65c4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 10:12:20.409099102 CEST | 192.168.2.22 | 8.8.8.8 | 0x52cc | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 10:12:24.584345102 CEST | 192.168.2.22 | 8.8.8.8 | 0xf5ca | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 10:12:24.746490955 CEST | 192.168.2.22 | 8.8.8.8 | 0xf5ca | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 10:12:24.906183004 CEST | 192.168.2.22 | 8.8.8.8 | 0xf5ca | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 10:12:25.066088915 CEST | 192.168.2.22 | 8.8.8.8 | 0xf5ca | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 10:12:25.226152897 CEST | 192.168.2.22 | 8.8.8.8 | 0xf5ca | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 4, 2024 10:09:29.006750107 CEST | 8.8.8.8 | 192.168.2.22 | 0xc6af | No error (0) | 38.242.255.115 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:01.901099920 CEST | 8.8.8.8 | 192.168.2.22 | 0x337b | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
May 4, 2024 10:12:01.901099920 CEST | 8.8.8.8 | 192.168.2.22 | 0x337b | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:01.901099920 CEST | 8.8.8.8 | 192.168.2.22 | 0x337b | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:01.901099920 CEST | 8.8.8.8 | 192.168.2.22 | 0x337b | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:01.901099920 CEST | 8.8.8.8 | 192.168.2.22 | 0x337b | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:01.901099920 CEST | 8.8.8.8 | 192.168.2.22 | 0x337b | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:02.060646057 CEST | 8.8.8.8 | 192.168.2.22 | 0x337b | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
May 4, 2024 10:12:02.060646057 CEST | 8.8.8.8 | 192.168.2.22 | 0x337b | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:02.060646057 CEST | 8.8.8.8 | 192.168.2.22 | 0x337b | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:02.060646057 CEST | 8.8.8.8 | 192.168.2.22 | 0x337b | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:02.060646057 CEST | 8.8.8.8 | 192.168.2.22 | 0x337b | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:02.060646057 CEST | 8.8.8.8 | 192.168.2.22 | 0x337b | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:02.544819117 CEST | 8.8.8.8 | 192.168.2.22 | 0x27e0 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
May 4, 2024 10:12:02.544819117 CEST | 8.8.8.8 | 192.168.2.22 | 0x27e0 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:02.544819117 CEST | 8.8.8.8 | 192.168.2.22 | 0x27e0 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:02.544819117 CEST | 8.8.8.8 | 192.168.2.22 | 0x27e0 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:02.544819117 CEST | 8.8.8.8 | 192.168.2.22 | 0x27e0 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:02.544819117 CEST | 8.8.8.8 | 192.168.2.22 | 0x27e0 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:03.584394932 CEST | 8.8.8.8 | 192.168.2.22 | 0x27e0 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
May 4, 2024 10:12:03.584394932 CEST | 8.8.8.8 | 192.168.2.22 | 0x27e0 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:03.584394932 CEST | 8.8.8.8 | 192.168.2.22 | 0x27e0 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:03.584394932 CEST | 8.8.8.8 | 192.168.2.22 | 0x27e0 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:03.584394932 CEST | 8.8.8.8 | 192.168.2.22 | 0x27e0 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:03.584394932 CEST | 8.8.8.8 | 192.168.2.22 | 0x27e0 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:06.409584045 CEST | 8.8.8.8 | 192.168.2.22 | 0x51a2 | No error (0) | 172.67.177.134 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:06.409584045 CEST | 8.8.8.8 | 192.168.2.22 | 0x51a2 | No error (0) | 104.21.67.152 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:08.574315071 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
May 4, 2024 10:12:08.574315071 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:08.574315071 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:08.574315071 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:08.574315071 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:08.574315071 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:08.734234095 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
May 4, 2024 10:12:08.734234095 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:08.734234095 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:08.734234095 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:08.734234095 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:08.734234095 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:08.893876076 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
May 4, 2024 10:12:08.893876076 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:08.893876076 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:08.893876076 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:08.893876076 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:08.893876076 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:09.053811073 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
May 4, 2024 10:12:09.053811073 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:09.053811073 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:09.053811073 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:09.053811073 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:09.053811073 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:09.213597059 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
May 4, 2024 10:12:09.213597059 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:09.213597059 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:09.213597059 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:09.213597059 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:09.213597059 CEST | 8.8.8.8 | 192.168.2.22 | 0xfeb2 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:19.405261993 CEST | 8.8.8.8 | 192.168.2.22 | 0xf37b | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
May 4, 2024 10:12:19.405261993 CEST | 8.8.8.8 | 192.168.2.22 | 0xf37b | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:19.405261993 CEST | 8.8.8.8 | 192.168.2.22 | 0xf37b | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:19.405261993 CEST | 8.8.8.8 | 192.168.2.22 | 0xf37b | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:19.405261993 CEST | 8.8.8.8 | 192.168.2.22 | 0xf37b | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:19.405261993 CEST | 8.8.8.8 | 192.168.2.22 | 0xf37b | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:19.565104961 CEST | 8.8.8.8 | 192.168.2.22 | 0xf37b | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
May 4, 2024 10:12:19.565104961 CEST | 8.8.8.8 | 192.168.2.22 | 0xf37b | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:19.565104961 CEST | 8.8.8.8 | 192.168.2.22 | 0xf37b | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:19.565104961 CEST | 8.8.8.8 | 192.168.2.22 | 0xf37b | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:19.565104961 CEST | 8.8.8.8 | 192.168.2.22 | 0xf37b | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:19.565104961 CEST | 8.8.8.8 | 192.168.2.22 | 0xf37b | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:19.733669043 CEST | 8.8.8.8 | 192.168.2.22 | 0x65c4 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
May 4, 2024 10:12:19.733669043 CEST | 8.8.8.8 | 192.168.2.22 | 0x65c4 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:19.733669043 CEST | 8.8.8.8 | 192.168.2.22 | 0x65c4 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:19.733669043 CEST | 8.8.8.8 | 192.168.2.22 | 0x65c4 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:19.733669043 CEST | 8.8.8.8 | 192.168.2.22 | 0x65c4 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:19.733669043 CEST | 8.8.8.8 | 192.168.2.22 | 0x65c4 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:20.571605921 CEST | 8.8.8.8 | 192.168.2.22 | 0x52cc | No error (0) | 104.21.67.152 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:20.571605921 CEST | 8.8.8.8 | 192.168.2.22 | 0x52cc | No error (0) | 172.67.177.134 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:24.745874882 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
May 4, 2024 10:12:24.745874882 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:24.745874882 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:24.745874882 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:24.745874882 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:24.745874882 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:24.905953884 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
May 4, 2024 10:12:24.905953884 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:24.905953884 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:24.905953884 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:24.905953884 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:24.905953884 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:25.065807104 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
May 4, 2024 10:12:25.065807104 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:25.065807104 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:25.065807104 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:25.065807104 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:25.065807104 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:25.225657940 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
May 4, 2024 10:12:25.225657940 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:25.225657940 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:25.225657940 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:25.225657940 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:25.225657940 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:25.385550976 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
May 4, 2024 10:12:25.385550976 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:25.385550976 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:25.385550976 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:25.385550976 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 10:12:25.385550976 CEST | 8.8.8.8 | 192.168.2.22 | 0xf5ca | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.22 | 49163 | 38.242.255.115 | 80 | 1924 | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
May 4, 2024 10:09:29.331490993 CEST | 317 | OUT | |
May 4, 2024 10:09:29.643255949 CEST | 369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.22 | 49165 | 158.101.44.242 | 80 | 1304 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
May 4, 2024 10:12:04.278867960 CEST | 151 | OUT | |
May 4, 2024 10:12:04.461009026 CEST | 274 | IN | |
May 4, 2024 10:12:06.057971001 CEST | 127 | OUT | |
May 4, 2024 10:12:06.230024099 CEST | 274 | IN | |
May 4, 2024 10:12:07.417736053 CEST | 127 | OUT | |
May 4, 2024 10:12:07.590217113 CEST | 274 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.22 | 49168 | 158.101.44.242 | 80 | 2160 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
May 4, 2024 10:12:19.909475088 CEST | 151 | OUT | |
May 4, 2024 10:12:20.083189011 CEST | 274 | IN | |
May 4, 2024 10:12:20.097779989 CEST | 127 | OUT | |
May 4, 2024 10:12:20.395169973 CEST | 274 | IN | |
May 4, 2024 10:12:23.640651941 CEST | 127 | OUT | |
May 4, 2024 10:12:23.832438946 CEST | 274 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.22 | 49164 | 38.242.255.115 | 443 | 1924 | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 08:09:30 UTC | 317 | OUT | |
2024-05-04 08:09:31 UTC | 339 | IN | |
2024-05-04 08:09:31 UTC | 16045 | IN | |
2024-05-04 08:09:31 UTC | 16384 | IN | |
2024-05-04 08:09:31 UTC | 16384 | IN | |
2024-05-04 08:09:31 UTC | 16384 | IN | |
2024-05-04 08:09:31 UTC | 16384 | IN | |
2024-05-04 08:09:31 UTC | 16384 | IN | |
2024-05-04 08:09:31 UTC | 16384 | IN | |
2024-05-04 08:09:31 UTC | 16384 | IN | |
2024-05-04 08:09:31 UTC | 16384 | IN | |
2024-05-04 08:09:31 UTC | 16384 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.22 | 49166 | 172.67.177.134 | 443 | 1304 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 08:12:06 UTC | 86 | OUT | |
2024-05-04 08:12:07 UTC | 699 | IN | |
2024-05-04 08:12:07 UTC | 337 | IN | |
2024-05-04 08:12:07 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.22 | 49167 | 172.67.177.134 | 443 | 1304 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 08:12:07 UTC | 62 | OUT | |
2024-05-04 08:12:08 UTC | 702 | IN | |
2024-05-04 08:12:08 UTC | 337 | IN | |
2024-05-04 08:12:08 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.22 | 49169 | 104.21.67.152 | 443 | 2160 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 08:12:20 UTC | 86 | OUT | |
2024-05-04 08:12:21 UTC | 701 | IN | |
2024-05-04 08:12:21 UTC | 337 | IN | |
2024-05-04 08:12:21 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.22 | 49170 | 104.21.67.152 | 443 | 2160 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 08:12:24 UTC | 62 | OUT | |
2024-05-04 08:12:24 UTC | 707 | IN | |
2024-05-04 08:12:24 UTC | 337 | IN | |
2024-05-04 08:12:24 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 10:08:38 |
Start date: | 04/05/2024 |
Path: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13faa0000 |
File size: | 28'253'536 bytes |
MD5 hash: | D53B85E21886D2AF9815C377537BCAC3 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 2 |
Start time: | 10:09:26 |
Start date: | 04/05/2024 |
Path: | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 543'304 bytes |
MD5 hash: | A87236E214F6D42A65F5DEDAC816AEC8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 10:09:32 |
Start date: | 04/05/2024 |
Path: | C:\Users\user\AppData\Roaming\negrett.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb10000 |
File size: | 1'357'312 bytes |
MD5 hash: | FBCCDD35EE6DCCADAEAA69E37FBBD171 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 8 |
Start time: | 10:11:58 |
Start date: | 04/05/2024 |
Path: | C:\Users\user\AppData\Local\directory\name.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xff0000 |
File size: | 109'360'640 bytes |
MD5 hash: | CF439A4CF698F8D15901A3CAA5F503FE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 9 |
Start time: | 10:11:59 |
Start date: | 04/05/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe30000 |
File size: | 45'248 bytes |
MD5 hash: | 19855C0DC5BEC9FDF925307C57F9F5FC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
Has exited: | false |
Target ID: | 10 |
Start time: | 10:12:12 |
Start date: | 04/05/2024 |
Path: | C:\Windows\System32\wscript.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xfff20000 |
File size: | 168'960 bytes |
MD5 hash: | 045451FA238A75305CC26AC982472367 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 11 |
Start time: | 10:12:13 |
Start date: | 04/05/2024 |
Path: | C:\Users\user\AppData\Local\directory\name.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1330000 |
File size: | 109'360'640 bytes |
MD5 hash: | CF439A4CF698F8D15901A3CAA5F503FE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 12 |
Start time: | 10:12:14 |
Start date: | 04/05/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe30000 |
File size: | 45'248 bytes |
MD5 hash: | 19855C0DC5BEC9FDF925307C57F9F5FC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
Has exited: | false |
Execution Graph
Execution Coverage: | 31.4% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 71.4% |
Total number of Nodes: | 21 |
Total number of Limit Nodes: | 1 |
Graph
Callgraph
Function 035306F5 Relevance: 3.0, APIs: 2, Instructions: 46processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0353064B Relevance: 1.6, APIs: 1, Instructions: 65COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03530631 Relevance: 1.5, APIs: 1, Instructions: 18libraryCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03530715 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 4.8% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 4.1% |
Total number of Nodes: | 1161 |
Total number of Limit Nodes: | 56 |
Graph
Function 00B142DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B309D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1D730 Relevance: 21.6, APIs: 14, Instructions: 631windowsleeptimeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B12CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B5065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B12B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B13170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B461FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B82947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B13B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B43073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B97F59 Relevance: 4.9, APIs: 3, Instructions: 430COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B110F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B154C6 Relevance: 4.6, APIs: 3, Instructions: 103COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B43162 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B4CB7C Relevance: 3.2, APIs: 2, Instructions: 168COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B4C9BB Relevance: 3.1, APIs: 2, Instructions: 91COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B15745 Relevance: 3.1, APIs: 2, Instructions: 56fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B33414 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1B710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B14ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B48402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B19A40 Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B45000 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B3E469 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B3E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B44C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B43820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B14F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B12DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B12B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B82693 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B11CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B8744A Relevance: 1.5, APIs: 1, Instructions: 220COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B2FC70 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BA4873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B8698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029EAB31 Relevance: 16.6, Strings: 9, Instructions: 5385COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B8ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B7E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B922DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029D7460 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B18060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B78298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A37698 Relevance: 4.3, Strings: 3, Instructions: 568COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A63C73 Relevance: 3.6, APIs: 2, Instructions: 566COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029FBEA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B3CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B868EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A0D8FF Relevance: 2.9, APIs: 1, Instructions: 1381COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029DB340 Relevance: 2.4, Strings: 1, Instructions: 1168COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029DBEF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029F6C1B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A41446 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029EA3AC Relevance: .9, Instructions: 881COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A061D9 Relevance: .6, Instructions: 637COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B46DD9 Relevance: .6, Instructions: 637COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B2CC39 Relevance: .6, Instructions: 635COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029D6D20 Relevance: .6, Instructions: 563COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029D85C0 Relevance: .5, Instructions: 475COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A5B244 Relevance: .5, Instructions: 456COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029E8D7D Relevance: .4, Instructions: 375COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A092EE Relevance: .3, Instructions: 294COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A05B6B Relevance: .3, Instructions: 269COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029F1077 Relevance: .3, Instructions: 254COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029F1332 Relevance: .2, Instructions: 244COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029F0DB0 Relevance: .2, Instructions: 240COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029F6E4A Relevance: .2, Instructions: 237COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029F70A7 Relevance: .2, Instructions: 237COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029F0B06 Relevance: .2, Instructions: 232COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B82046 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B92ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B28D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B92711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BA0241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B28891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B9C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BA091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BA833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BA6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B8C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B9255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A0CE5D Relevance: 19.6, APIs: 13, Instructions: 114COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BA8D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B9CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B7E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B28BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B706DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B9055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B88195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A02080 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B42C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BA8B02 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B8C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B7209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B725A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B7C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A0C290 Relevance: 12.2, APIs: 8, Instructions: 209COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B7ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BA2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A34A22 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A3E119 Relevance: 10.6, APIs: 7, Instructions: 137COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BA2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B804D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B805A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BA40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A0CBDF Relevance: 10.6, APIs: 7, Instructions: 65COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B8096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029FF5B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B401B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B807EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BA81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B74C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BA8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B7C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B34D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A5A3F9 Relevance: 7.9, APIs: 5, Instructions: 418COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B9A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B78BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B88AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BA6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A01451 Relevance: 7.6, APIs: 5, Instructions: 129COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B42051 Relevance: 7.6, APIs: 5, Instructions: 129COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B90930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B4CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A34B11 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B7000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B7E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B8030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A0CB3A Relevance: 7.5, APIs: 5, Instructions: 40COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A016A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B422A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B72716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B7C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BA4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BA41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A0AD52 Relevance: 6.4, APIs: 4, Instructions: 370COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B7007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A03280 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A08145 Relevance: 6.3, APIs: 4, Instructions: 300COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B70436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A6773C Relevance: 6.2, APIs: 4, Instructions: 196COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BA6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A0A81F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029EF4C6 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BA2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029F2782 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B7E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029F2F3C Relevance: 6.1, APIs: 4, Instructions: 53COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BA8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B84D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BA4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B8CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B70B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BA2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BA2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 3.6% |
Dynamic/Decrypted Code Coverage: | 0.4% |
Signature Coverage: | 0% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 67 |
Graph
Function 010109D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0103065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001926D0 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00190B40 Relevance: 9.3, APIs: 6, Instructions: 311COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010261FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00192410 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 176fileCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01062947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF10F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01023162 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102CB7C Relevance: 3.2, APIs: 2, Instructions: 168COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102C9BB Relevance: 3.1, APIs: 2, Instructions: 91COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01022FD7 Relevance: 3.1, APIs: 2, Instructions: 65libraryloaderCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001910D0 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01028402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0101E469 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0101E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01024C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01062693 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001908E0 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001908B0 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00192300 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001929BB Relevance: 1.3, APIs: 1, Instructions: 12COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |