Edit tour
Windows
Analysis Report
Wzphku.exe
Overview
General Information
| Sample Name: | Wzphku.exe |
| Analysis ID: | 1342225 |
| MD5: | efffb97aa9f53110ab5035c995e7d62b |
| SHA1: | 8594e94f8991efba6cad2b90d44ba0a8176ce941 |
| SHA256: | aa0668633c7c710b0a09adc99362b4a3547307f0b3f1338ae731c35d9b071d88 |
| Tags: | exe |
| Infos: |  |
 | |
Detection
| Score: | 76 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
.NET source code contains very large strings
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected Costura Assembly Loader
Machine Learning detection for sample
.NET source code contains potential unpacker
Uses 32bit PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
JA3 SSL client fingerprint seen in connection with other malware
HTTP GET or POST without a user agent
Creates a process in suspended mode (likely to inject code)
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Classification
- System is w10x64
Wzphku.exe (PID: 3680 cmdline: C:\Users\u ser\Deskto p\Wzphku.e xe MD5: EFFFB97AA9F53110AB5035C995E7D62B) - Wzphku.exe (PID: 4180 cmdline:
C:\Users\u ser\Deskto p\Wzphku.e xe MD5: EFFFB97AA9F53110AB5035C995E7D62B) - Wzphku.exe (PID: 5568 cmdline:
C:\Users\u ser\Deskto p\Wzphku.e xe MD5: EFFFB97AA9F53110AB5035C995E7D62B) - Wzphku.exe (PID: 6436 cmdline:
C:\Users\u ser\Deskto p\Wzphku.e xe MD5: EFFFB97AA9F53110AB5035C995E7D62B) - Wzphku.exe (PID: 1308 cmdline:
C:\Users\u ser\Deskto p\Wzphku.e xe MD5: EFFFB97AA9F53110AB5035C995E7D62B) - Wzphku.exe (PID: 2616 cmdline:
C:\Users\u ser\Deskto p\Wzphku.e xe MD5: EFFFB97AA9F53110AB5035C995E7D62B) - Wzphku.exe (PID: 2448 cmdline:
C:\Users\u ser\Deskto p\Wzphku.e xe MD5: EFFFB97AA9F53110AB5035C995E7D62B) - Wzphku.exe (PID: 2780 cmdline:
C:\Users\u ser\Deskto p\Wzphku.e xe MD5: EFFFB97AA9F53110AB5035C995E7D62B) - Wzphku.exe (PID: 5644 cmdline:
C:\Users\u ser\Deskto p\Wzphku.e xe MD5: EFFFB97AA9F53110AB5035C995E7D62B) - Wzphku.exe (PID: 3560 cmdline:
C:\Users\u ser\Deskto p\Wzphku.e xe MD5: EFFFB97AA9F53110AB5035C995E7D62B) - Wzphku.exe (PID: 6984 cmdline:
C:\Users\u ser\Deskto p\Wzphku.e xe MD5: EFFFB97AA9F53110AB5035C995E7D62B)
- cleanup
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | ||
| JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | ||
| JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | ||
| JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | ||
| JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security |
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | ReversingLabs: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | JA3 fingerprint: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
System Summary | |
|---|
| Source: | Long String: | ||
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 0_2_012819C0 | |
| Source: | Code function: | 0_2_0128435A | |
| Source: | Code function: | 0_2_01282290 | |
| Source: | Code function: | 0_2_0128227F | |
| Source: | Code function: | 0_2_05E40740 | |
| Source: | Code function: | 0_2_05E44328 | |
| Source: | Code function: | 0_2_05E41D58 | |
| Source: | Code function: | 0_2_05E40A77 | |
| Source: | Code function: | 0_2_05F657C6 | |
| Source: | Code function: | 0_2_05F60638 | |
| Source: | ReversingLabs: | ||
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static file information: | |||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Base64 encoded string: | ||
| Source: | Base64 encoded string: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Classification label: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | Code function: | 0_2_05E4A159 | |
| Source: | Code function: | 0_2_05F61EE5 | |
| Source: | Code function: | 0_2_05F64231 | |
| Source: | Static PE information: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | Binary or memory string: | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact | Resource Development | Reconnaissance |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | Windows Management Instrumentation | Path Interception | 11 Process Injection | 1 Masquerading | OS Credential Dumping | 11 Security Software Discovery | Remote Services | 11 Archive Collected Data | Exfiltration Over Other Network Medium | 11 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Abuse Accessibility Features | Acquire Infrastructure | Gather Victim Identity Information |
| Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Disable or Modify Tools | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 1 Ingress Tool Transfer | SIM Card Swap | Obtain Device Cloud Backups | Network Denial of Service | Domains | Credentials |
| Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 21 Virtualization/Sandbox Evasion | Security Account Manager | 21 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 2 Non-Application Layer Protocol | Data Encrypted for Impact | DNS Server | Email Addresses | ||
| Local Accounts | Cron | Login Hook | Login Hook | 11 Process Injection | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Traffic Duplication | 3 Application Layer Protocol | Data Destruction | Virtual Private Server | Employee Names | ||
| Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 12 System Information Discovery | SSH | Keylogging | Scheduled Transfer | Fallback Channels | Data Encrypted for Impact | Server | Gather Victim Network Information | ||
| Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 21 Obfuscated Files or Information | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Data Transfer Size Limits | Multiband Communication | Service Stop | Botnet | Domain Properties | ||
| External Remote Services | Systemd Timers | Startup Items | Startup Items | 11 Software Packing | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over C2 Channel | Commonly Used Port | Inhibit System Recovery | Web Services | DNS |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 34% | ReversingLabs | ByteCode-MSIL.Trojan.Generic | ||
| 100% | Avira | HEUR/AGEN.1323350 | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| the.earth.li | 93.93.131.124 | true | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 93.93.131.124 | the.earth.li | United Kingdom | 44684 | MYTHICMythicBeastsLtdGB | false |
| Joe Sandbox Version: | 38.0.0 Ammolite |
| Analysis ID: | 1342225 |
| Start date and time: | 2023-11-14 11:10:07 +01:00 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 5m 50s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 14 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample file name: | Wzphku.exe |
| Detection: | MAL |
| Classification: | mal76.evad.winEXE@21/1@1/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- VT rate limit hit for: Wzphku.exe
| Time | Type | Description |
|---|---|---|
| 11:11:25 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 93.93.131.124 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| the.earth.li | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | vkeylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AZORult | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| MYTHICMythicBeastsLtdGB | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Wannacry | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | vkeylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | AgentTesla | Browse |
| |
| Get hash | malicious | Glupteba, LummaC Stealer, SmokeLoader | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AveMaria, UACMe | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
|
⊘No context
| Process: | C:\Users\user\Desktop\Wzphku.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1153 |
| Entropy (8bit): | 5.361204690044335 |
| Encrypted: | false |
| SSDEEP: | 24:ML9E4KlKDE4KhKiKhRAE4KzeRE4KoE4Ty1KIE4oKNzKoM:MxHKlYHKh3oRAHKzeRHKoH8tHo60 |
| MD5: | 047933859FA1F440AA5934FB970A3E6A |
| SHA1: | 2DA4BE3C3AEA7272370955BD89B39E659F52D8EA |
| SHA-256: | F1BA475E3438897324A9B81BB64278EF1331247896C42D280096EFBC14D3B0C5 |
| SHA-512: | 08CC3BA225690029E61C029548E6A39F14812183B4439A55F1E1FCD827B02AC449B6F25D0A9A1376E9BA64FFA66AE3478BC276DD5895BF896A5A7D9207AC1100 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.0517663565587645 |
| TrID: |
|
| File name: | Wzphku.exe |
| File size: | 425'472 bytes |
| MD5: | efffb97aa9f53110ab5035c995e7d62b |
| SHA1: | 8594e94f8991efba6cad2b90d44ba0a8176ce941 |
| SHA256: | aa0668633c7c710b0a09adc99362b4a3547307f0b3f1338ae731c35d9b071d88 |
| SHA512: | 5641d91f36e34a90854e55f304730c32c19cc22f58f35e3eca1749be51d7b002c53926bf4e05b9690556133341675110d75afe521cc178bbe236c71923a6e1a2 |
| SSDEEP: | 12288:iUkdr8MYQ4RB2I3t8tfDkKeXXfmDTh6+:/7t85kFMt |
| TLSH: | 14946C26FB93959DE265533EC58F8808836792D0A273E70E7DEC33DA4AC33665E64341 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ke.................t..........^.... ........@.. ....................................`................................ |
 | |
| Icon Hash: | 00928e8e8686b000 |
| Entrypoint: | 0x46935e |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x654BD8C7 [Wed Nov 8 18:51:51 2023 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
| Instruction |
|---|
| jmp dword ptr [00402000h] |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x69310 | 0x4b | .text |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x6a000 | 0x560 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x6c000 | 0xc | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|
| .text | 0x2000 | 0x67364 | 0x67400 | False | 0.6433773456416465 | data | 7.066203079852089 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rsrc | 0x6a000 | 0x560 | 0x600 | False | 0.4010416666666667 | data | 3.9358431649315366 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x6c000 | 0xc | 0x200 | False | 0.044921875 | data | 0.10191042566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_VERSION | 0x6a0a0 | 0x2d4 | data | 0.43646408839779005 | ||
| RT_MANIFEST | 0x6a374 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5489795918367347 |
| DLL | Import |
|---|---|
| mscoree.dll | _CorExeMain |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Nov 14, 2023 11:11:26.808620930 CET | 49710 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:26.808657885 CET | 443 | 49710 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:26.808751106 CET | 49710 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:26.825333118 CET | 49710 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:26.825351000 CET | 443 | 49710 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:27.436523914 CET | 443 | 49710 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:27.436862946 CET | 49710 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:28.283718109 CET | 49710 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:28.283749104 CET | 443 | 49710 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:28.284074068 CET | 443 | 49710 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:28.331048012 CET | 49710 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:28.417192936 CET | 49710 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:28.461251974 CET | 443 | 49710 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:28.704214096 CET | 443 | 49710 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:28.704431057 CET | 443 | 49710 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:28.704550028 CET | 49710 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:28.711572886 CET | 49710 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:28.713988066 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:28.714044094 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:28.714137077 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:28.714560986 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:28.714580059 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:29.310679913 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:29.312782049 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:29.312876940 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:29.885320902 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:29.885348082 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:29.885500908 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:29.885545015 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:29.940494061 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:30.176486969 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:30.176574945 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:30.176616907 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:30.176651955 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:30.176716089 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:30.176728964 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:30.176780939 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:30.176898003 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:30.176934004 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:30.176961899 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:30.176980972 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:30.264497995 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:30.264657021 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:30.462667942 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:30.462791920 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:30.463112116 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:30.463185072 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:30.463357925 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:30.463426113 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:30.463777065 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:30.463846922 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:30.464046001 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:30.464122057 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:30.513991117 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:30.514447927 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:30.552161932 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:30.552352905 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:30.749672890 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:30.749794960 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:30.750026941 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:30.750170946 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:30.750554085 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:30.750641108 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:30.750901937 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:30.751023054 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:30.751626015 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:30.751688957 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:30.751988888 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:30.752105951 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:30.793517113 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:30.793679953 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:30.800370932 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:30.800463915 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:30.800801992 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:30.800874949 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:30.839361906 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:30.839523077 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:30.839692116 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:30.839766026 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.035828114 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.035984039 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.036072016 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.036168098 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.036556959 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.036648035 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.037081003 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.037162066 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.037297964 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.037374973 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.037571907 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.037647009 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.038080931 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.038153887 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.038543940 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.038621902 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.038754940 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.038841963 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.039237022 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.039310932 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.039726019 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.039802074 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.040067911 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.040146112 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.040357113 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.040430069 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.040642023 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.040715933 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.078267097 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.078357935 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.080517054 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.080708027 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.086209059 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.086323023 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.086581945 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.086656094 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.086968899 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.087043047 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.087270021 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.087342024 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.087800026 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.087869883 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.088259935 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.088331938 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.125916958 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.126153946 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.126441956 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.126631975 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.126831055 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.126912117 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.127218008 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.127288103 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.323184967 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.323252916 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.323277950 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.323311090 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.323327065 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.323352098 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.328263044 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.328324080 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.328349113 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.328367949 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.328385115 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.328401089 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.328408003 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.328414917 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.328445911 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.328454018 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.328460932 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.328486919 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.328505039 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.328509092 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.328525066 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.328568935 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.328571081 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.328588963 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.328625917 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.328634024 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.328644991 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.328686953 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.328689098 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.328711033 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.328717947 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.328742027 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.328746080 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.328764915 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.328772068 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.328794956 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.328798056 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.328831911 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.328838110 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.328852892 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.328857899 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.328883886 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.328891039 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.328907013 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.328916073 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.328939915 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.328949928 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.328970909 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.329000950 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.329015017 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.329044104 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.329052925 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.329077959 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.329144001 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.329200983 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.329209089 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.329726934 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.329787016 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.329794884 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.330070972 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.330128908 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.330137014 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.330471039 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.330539942 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.330549002 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.331088066 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.331151009 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.331161976 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.331391096 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.331449986 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.331458092 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.331782103 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.331851959 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.331861973 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.332211018 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.332276106 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.332283020 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.332663059 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.332729101 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.332736015 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.333065987 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.333127975 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.333137035 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.333570004 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.333641052 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.333648920 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.333820105 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.333888054 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.333895922 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.365415096 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.365605116 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.365642071 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.367682934 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.367769003 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.367780924 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.367810011 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.367871046 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.367882013 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.372060061 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.372143984 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.372153044 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.372673988 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.372754097 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.372765064 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.373071909 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.373148918 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.373161077 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.373529911 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.373615980 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.373627901 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.373971939 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.374049902 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.374059916 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.374207020 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.374283075 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.374294043 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.374706984 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.374785900 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.374797106 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.375263929 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.375341892 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.375353098 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.375696898 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.375771046 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.375782013 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.375933886 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.376007080 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.376017094 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.376394987 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.376472950 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.376483917 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.376903057 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.376991987 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.377017021 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.412106037 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.412246943 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.412281036 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.412411928 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.412489891 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.412502050 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.413497925 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.413573980 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.413584948 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.413618088 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.413690090 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.413702011 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.413974047 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.414043903 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.414052963 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.414422035 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.414498091 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.414508104 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.414880037 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.414953947 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.414963007 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.415245056 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.415316105 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.415327072 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.456074953 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.608721972 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.608841896 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.608880997 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.608948946 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.608989954 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.609013081 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.609323025 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.609406948 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.610033035 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.610115051 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.610150099 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.610222101 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.611773014 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.611848116 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.612107992 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.612225056 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.612363100 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.612442017 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.612822056 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.612899065 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.613229990 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.613310099 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.613859892 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.613934994 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.614109039 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.614182949 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.614537001 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.614612103 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.614947081 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.615017891 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.615453959 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.615540028 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.615916967 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.615988016 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.616274118 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.616348982 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.616689920 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.616763115 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.617222071 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.617297888 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.617501974 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.617577076 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.617827892 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.617903948 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.618169069 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.618244886 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.618385077 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.618453979 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.618558884 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.618638992 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.618805885 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.618875980 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.619198084 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.619276047 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.619563103 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.619636059 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.619688034 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.619755030 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.620094061 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.620168924 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.620189905 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.620264053 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.620446920 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.620527029 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.620709896 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.620784998 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.620902061 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.620981932 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.621330023 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.621401072 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.621455908 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.621530056 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.621834993 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.621910095 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.621978045 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.622067928 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.622282982 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.622349024 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.622509003 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.622576952 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.622833014 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.622900963 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.622996092 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.623061895 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.623374939 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.623439074 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.623538971 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.623610020 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.623914003 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.623982906 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.624217033 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.624293089 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.624489069 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.624552011 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.624752045 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.624819040 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.625144005 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.625211954 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.625329971 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.625396967 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.625648975 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.625710011 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.625781059 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.625843048 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.626236916 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.626303911 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.626450062 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.626517057 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.626724958 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.626790047 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.626880884 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.626949072 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.627222061 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.627290010 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.627530098 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.627597094 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.651474953 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.651575089 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.651662111 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.651662111 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.651679039 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.651736021 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.652592897 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.652679920 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.652834892 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.652913094 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.653145075 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.653233051 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.653461933 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.653541088 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.658026934 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.658107996 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.658804893 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.658879995 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.658934116 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.659006119 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.659075022 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.659147024 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.659424067 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.659496069 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.659662962 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.659732103 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.659813881 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.659873009 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.660113096 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.660181046 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.660480022 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.660548925 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.660649061 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.660715103 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.661020994 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.661086082 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.661266088 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.661335945 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.661484003 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.661607027 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.661798954 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.661864042 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.662130117 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.662199020 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.662338972 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.662405968 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.662600040 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.662669897 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.662729979 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.662795067 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.662955999 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.663023949 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.663250923 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.663346052 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.663429022 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.663499117 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.663733959 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.663801908 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.698045969 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.698159933 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.698195934 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.698266983 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.698285103 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.698342085 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.698355913 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.698417902 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.698506117 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.698570013 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.698678017 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.698757887 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.699512959 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.699588060 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.699904919 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.699985981 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.700072050 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.700146914 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.700344086 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.700417995 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.700759888 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.700825930 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.700870991 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.700937986 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.701006889 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.701077938 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.701344013 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.701409101 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.701431036 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.701498032 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.701699018 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.701767921 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.701793909 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.701858997 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.894726992 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.894853115 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.894881964 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.894912958 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.894949913 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.894978046 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.895092010 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.895180941 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.895199060 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.895268917 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.895312071 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.895385027 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.895409107 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.895462036 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.895478964 CET | 443 | 49711 | 93.93.131.124 | 192.168.2.5 |
| Nov 14, 2023 11:11:31.895533085 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Nov 14, 2023 11:11:31.895733118 CET | 49711 | 443 | 192.168.2.5 | 93.93.131.124 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Nov 14, 2023 11:11:26.436288118 CET | 63426 | 53 | 192.168.2.5 | 1.1.1.1 |
| Nov 14, 2023 11:11:26.798233986 CET | 53 | 63426 | 1.1.1.1 | 192.168.2.5 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Nov 14, 2023 11:11:26.436288118 CET | 192.168.2.5 | 1.1.1.1 | 0x1452 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Nov 14, 2023 11:11:26.798233986 CET | 1.1.1.1 | 192.168.2.5 | 0x1452 | No error (0) | 93.93.131.124 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49710 | 93.93.131.124 | 443 | C:\Users\user\Desktop\Wzphku.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-11-14 10:11:28 UTC | 0 | OUT | |
| 2023-11-14 10:11:28 UTC | 0 | IN | |
| 2023-11-14 10:11:28 UTC | 0 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 1 | 192.168.2.5 | 49711 | 93.93.131.124 | 443 | C:\Users\user\Desktop\Wzphku.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-11-14 10:11:29 UTC | 0 | OUT | |
| 2023-11-14 10:11:29 UTC | 0 | IN | |
| 2023-11-14 10:11:29 UTC | 0 | IN | |
| 2023-11-14 10:11:30 UTC | 8 | IN | |
| 2023-11-14 10:11:30 UTC | 16 | IN | |
| 2023-11-14 10:11:30 UTC | 24 | IN | |
| 2023-11-14 10:11:30 UTC | 32 | IN | |
| 2023-11-14 10:11:30 UTC | 39 | IN | |
| 2023-11-14 10:11:30 UTC | 47 | IN | |
| 2023-11-14 10:11:30 UTC | 55 | IN | |
| 2023-11-14 10:11:30 UTC | 63 | IN | |
| 2023-11-14 10:11:30 UTC | 71 | IN | |
| 2023-11-14 10:11:30 UTC | 78 | IN | |
| 2023-11-14 10:11:30 UTC | 86 | IN | |
| 2023-11-14 10:11:30 UTC | 94 | IN | |
| 2023-11-14 10:11:30 UTC | 102 | IN | |
| 2023-11-14 10:11:30 UTC | 110 | IN | |
| 2023-11-14 10:11:30 UTC | 118 | IN | |
| 2023-11-14 10:11:30 UTC | 125 | IN | |
| 2023-11-14 10:11:30 UTC | 133 | IN | |
| 2023-11-14 10:11:30 UTC | 141 | IN | |
| 2023-11-14 10:11:30 UTC | 149 | IN | |
| 2023-11-14 10:11:30 UTC | 157 | IN | |
| 2023-11-14 10:11:30 UTC | 164 | IN | |
| 2023-11-14 10:11:30 UTC | 172 | IN | |
| 2023-11-14 10:11:31 UTC | 180 | IN | |
| 2023-11-14 10:11:31 UTC | 188 | IN | |
| 2023-11-14 10:11:31 UTC | 196 | IN | |
| 2023-11-14 10:11:31 UTC | 203 | IN | |
| 2023-11-14 10:11:31 UTC | 211 | IN | |
| 2023-11-14 10:11:31 UTC | 219 | IN | |
| 2023-11-14 10:11:31 UTC | 227 | IN | |
| 2023-11-14 10:11:31 UTC | 235 | IN | |
| 2023-11-14 10:11:31 UTC | 243 | IN | |
| 2023-11-14 10:11:31 UTC | 250 | IN | |
| 2023-11-14 10:11:31 UTC | 258 | IN | |
| 2023-11-14 10:11:31 UTC | 266 | IN | |
| 2023-11-14 10:11:31 UTC | 274 | IN | |
| 2023-11-14 10:11:31 UTC | 282 | IN | |
| 2023-11-14 10:11:31 UTC | 289 | IN | |
| 2023-11-14 10:11:31 UTC | 297 | IN | |
| 2023-11-14 10:11:31 UTC | 305 | IN | |
| 2023-11-14 10:11:31 UTC | 313 | IN | |
| 2023-11-14 10:11:31 UTC | 321 | IN | |
| 2023-11-14 10:11:31 UTC | 328 | IN | |
| 2023-11-14 10:11:31 UTC | 336 | IN | |
| 2023-11-14 10:11:31 UTC | 344 | IN | |
| 2023-11-14 10:11:31 UTC | 352 | IN | |
| 2023-11-14 10:11:31 UTC | 360 | IN | |
| 2023-11-14 10:11:31 UTC | 368 | IN | |
| 2023-11-14 10:11:31 UTC | 375 | IN | |
| 2023-11-14 10:11:31 UTC | 383 | IN | |
| 2023-11-14 10:11:31 UTC | 391 | IN | |
| 2023-11-14 10:11:31 UTC | 399 | IN | |
| 2023-11-14 10:11:31 UTC | 407 | IN | |
| 2023-11-14 10:11:31 UTC | 414 | IN | |
| 2023-11-14 10:11:31 UTC | 422 | IN | |
| 2023-11-14 10:11:31 UTC | 430 | IN | |
| 2023-11-14 10:11:31 UTC | 438 | IN | |
| 2023-11-14 10:11:31 UTC | 446 | IN | |
| 2023-11-14 10:11:31 UTC | 453 | IN | |
| 2023-11-14 10:11:31 UTC | 461 | IN | |
| 2023-11-14 10:11:31 UTC | 469 | IN | |
| 2023-11-14 10:11:31 UTC | 477 | IN | |
| 2023-11-14 10:11:31 UTC | 485 | IN | |
| 2023-11-14 10:11:31 UTC | 493 | IN | |
| 2023-11-14 10:11:31 UTC | 500 | IN | |
| 2023-11-14 10:11:31 UTC | 508 | IN | |
| 2023-11-14 10:11:31 UTC | 516 | IN | |
| 2023-11-14 10:11:31 UTC | 524 | IN | |
| 2023-11-14 10:11:31 UTC | 532 | IN | |
| 2023-11-14 10:11:31 UTC | 539 | IN | |
| 2023-11-14 10:11:31 UTC | 547 | IN | |
| 2023-11-14 10:11:31 UTC | 555 | IN | |
| 2023-11-14 10:11:31 UTC | 563 | IN | |
| 2023-11-14 10:11:31 UTC | 571 | IN | |
| 2023-11-14 10:11:31 UTC | 578 | IN | |
| 2023-11-14 10:11:31 UTC | 586 | IN | |
| 2023-11-14 10:11:31 UTC | 594 | IN | |
| 2023-11-14 10:11:31 UTC | 602 | IN | |
| 2023-11-14 10:11:31 UTC | 610 | IN | |
| 2023-11-14 10:11:31 UTC | 618 | IN | |
| 2023-11-14 10:11:31 UTC | 625 | IN | |
| 2023-11-14 10:11:31 UTC | 633 | IN | |
| 2023-11-14 10:11:31 UTC | 641 | IN | |
| 2023-11-14 10:11:31 UTC | 649 | IN | |
| 2023-11-14 10:11:31 UTC | 657 | IN | |
| 2023-11-14 10:11:31 UTC | 664 | IN | |
| 2023-11-14 10:11:31 UTC | 672 | IN | |
| 2023-11-14 10:11:31 UTC | 680 | IN | |
| 2023-11-14 10:11:31 UTC | 688 | IN | |
| 2023-11-14 10:11:31 UTC | 696 | IN | |
| 2023-11-14 10:11:31 UTC | 703 | IN | |
| 2023-11-14 10:11:31 UTC | 711 | IN | |
| 2023-11-14 10:11:31 UTC | 719 | IN | |
| 2023-11-14 10:11:31 UTC | 727 | IN | |
| 2023-11-14 10:11:31 UTC | 735 | IN | |
| 2023-11-14 10:11:31 UTC | 743 | IN | |
| 2023-11-14 10:11:31 UTC | 750 | IN | |
| 2023-11-14 10:11:31 UTC | 758 | IN | |
| 2023-11-14 10:11:31 UTC | 766 | IN | |
| 2023-11-14 10:11:31 UTC | 774 | IN | |
| 2023-11-14 10:11:31 UTC | 782 | IN | |
| 2023-11-14 10:11:31 UTC | 789 | IN | |
| 2023-11-14 10:11:31 UTC | 797 | IN | |
| 2023-11-14 10:11:31 UTC | 805 | IN | |
| 2023-11-14 10:11:31 UTC | 813 | IN | |
| 2023-11-14 10:11:31 UTC | 821 | IN | |
| 2023-11-14 10:11:31 UTC | 828 | IN | |
| 2023-11-14 10:11:31 UTC | 836 | IN | |
| 2023-11-14 10:11:31 UTC | 844 | IN | |
| 2023-11-14 10:11:31 UTC | 852 | IN | |
| 2023-11-14 10:11:31 UTC | 860 | IN | |
| 2023-11-14 10:11:31 UTC | 868 | IN | |
| 2023-11-14 10:11:31 UTC | 875 | IN | |
| 2023-11-14 10:11:31 UTC | 883 | IN | |
| 2023-11-14 10:11:31 UTC | 891 | IN | |
| 2023-11-14 10:11:31 UTC | 899 | IN | |
| 2023-11-14 10:11:31 UTC | 907 | IN | |
| 2023-11-14 10:11:31 UTC | 914 | IN | |
| 2023-11-14 10:11:31 UTC | 922 | IN | |
| 2023-11-14 10:11:31 UTC | 930 | IN | |
| 2023-11-14 10:11:31 UTC | 938 | IN | |
| 2023-11-14 10:11:31 UTC | 946 | IN | |
| 2023-11-14 10:11:31 UTC | 953 | IN | |
| 2023-11-14 10:11:31 UTC | 961 | IN | |
| 2023-11-14 10:11:31 UTC | 969 | IN | |
| 2023-11-14 10:11:31 UTC | 977 | IN | |
| 2023-11-14 10:11:31 UTC | 985 | IN | |
| 2023-11-14 10:11:31 UTC | 993 | IN | |
| 2023-11-14 10:11:31 UTC | 1000 | IN | |
| 2023-11-14 10:11:31 UTC | 1008 | IN | |
| 2023-11-14 10:11:31 UTC | 1016 | IN | |
| 2023-11-14 10:11:31 UTC | 1024 | IN | |
| 2023-11-14 10:11:31 UTC | 1032 | IN | |
| 2023-11-14 10:11:31 UTC | 1039 | IN | |
| 2023-11-14 10:11:31 UTC | 1047 | IN | |
| 2023-11-14 10:11:31 UTC | 1055 | IN | |
| 2023-11-14 10:11:31 UTC | 1063 | IN | |
| 2023-11-14 10:11:31 UTC | 1071 | IN | |
| 2023-11-14 10:11:31 UTC | 1078 | IN | |
| 2023-11-14 10:11:31 UTC | 1086 | IN | |
| 2023-11-14 10:11:31 UTC | 1094 | IN | |
| 2023-11-14 10:11:31 UTC | 1102 | IN | |
| 2023-11-14 10:11:31 UTC | 1110 | IN | |
| 2023-11-14 10:11:31 UTC | 1118 | IN | |
| 2023-11-14 10:11:31 UTC | 1125 | IN | |
| 2023-11-14 10:11:31 UTC | 1133 | IN | |
| 2023-11-14 10:11:31 UTC | 1141 | IN | |
| 2023-11-14 10:11:31 UTC | 1149 | IN | |
| 2023-11-14 10:11:31 UTC | 1157 | IN | |
| 2023-11-14 10:11:31 UTC | 1164 | IN | |
| 2023-11-14 10:11:31 UTC | 1172 | IN | |
| 2023-11-14 10:11:31 UTC | 1180 | IN | |
| 2023-11-14 10:11:31 UTC | 1188 | IN | |
| 2023-11-14 10:11:31 UTC | 1196 | IN | |
| 2023-11-14 10:11:31 UTC | 1203 | IN | |
| 2023-11-14 10:11:31 UTC | 1211 | IN | |
| 2023-11-14 10:11:31 UTC | 1219 | IN | |
| 2023-11-14 10:11:31 UTC | 1227 | IN | |
| 2023-11-14 10:11:31 UTC | 1235 | IN | |
| 2023-11-14 10:11:31 UTC | 1243 | IN | |
| 2023-11-14 10:11:31 UTC | 1250 | IN | |
| 2023-11-14 10:11:31 UTC | 1258 | IN | |
| 2023-11-14 10:11:31 UTC | 1266 | IN | |
| 2023-11-14 10:11:31 UTC | 1274 | IN | |
| 2023-11-14 10:11:31 UTC | 1282 | IN | |
| 2023-11-14 10:11:31 UTC | 1289 | IN | |
| 2023-11-14 10:11:31 UTC | 1297 | IN | |
| 2023-11-14 10:11:31 UTC | 1305 | IN | |
| 2023-11-14 10:11:31 UTC | 1313 | IN | |
| 2023-11-14 10:11:31 UTC | 1321 | IN | |
| 2023-11-14 10:11:31 UTC | 1328 | IN | |
| 2023-11-14 10:11:31 UTC | 1336 | IN | |
| 2023-11-14 10:11:31 UTC | 1344 | IN | |
| 2023-11-14 10:11:31 UTC | 1352 | IN | |
| 2023-11-14 10:11:31 UTC | 1360 | IN | |
| 2023-11-14 10:11:31 UTC | 1368 | IN | |
| 2023-11-14 10:11:31 UTC | 1375 | IN | |
| 2023-11-14 10:11:31 UTC | 1383 | IN | |
| 2023-11-14 10:11:31 UTC | 1391 | IN | |
| 2023-11-14 10:11:31 UTC | 1399 | IN | |
| 2023-11-14 10:11:31 UTC | 1407 | IN | |
| 2023-11-14 10:11:31 UTC | 1414 | IN | |
| 2023-11-14 10:11:31 UTC | 1422 | IN | |
| 2023-11-14 10:11:31 UTC | 1430 | IN | |
| 2023-11-14 10:11:31 UTC | 1438 | IN | |
| 2023-11-14 10:11:31 UTC | 1446 | IN | |
| 2023-11-14 10:11:31 UTC | 1453 | IN | |
| 2023-11-14 10:11:31 UTC | 1461 | IN | |
| 2023-11-14 10:11:31 UTC | 1469 | IN | |
| 2023-11-14 10:11:31 UTC | 1477 | IN | |
| 2023-11-14 10:11:31 UTC | 1485 | IN | |
| 2023-11-14 10:11:31 UTC | 1493 | IN | |
| 2023-11-14 10:11:31 UTC | 1500 | IN | |
| 2023-11-14 10:11:31 UTC | 1508 | IN | |
| 2023-11-14 10:11:31 UTC | 1516 | IN | |
| 2023-11-14 10:11:31 UTC | 1524 | IN | |
| 2023-11-14 10:11:31 UTC | 1532 | IN | |
| 2023-11-14 10:11:31 UTC | 1539 | IN | |
| 2023-11-14 10:11:31 UTC | 1547 | IN | |
| 2023-11-14 10:11:31 UTC | 1555 | IN | |
| 2023-11-14 10:11:31 UTC | 1563 | IN | |
| 2023-11-14 10:11:31 UTC | 1571 | IN | |
| 2023-11-14 10:11:31 UTC | 1578 | IN | |
| 2023-11-14 10:11:31 UTC | 1586 | IN | |
| 2023-11-14 10:11:31 UTC | 1594 | IN | |
| 2023-11-14 10:11:31 UTC | 1602 | IN | |
| 2023-11-14 10:11:31 UTC | 1610 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 11:10:53 |
| Start date: | 14/11/2023 |
| Path: | C:\Users\user\Desktop\Wzphku.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xaf0000 |
| File size: | 425'472 bytes |
| MD5 hash: | EFFFB97AA9F53110AB5035C995E7D62B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 11:11:30 |
| Start date: | 14/11/2023 |
| Path: | C:\Users\user\Desktop\Wzphku.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x860000 |
| File size: | 425'472 bytes |
| MD5 hash: | EFFFB97AA9F53110AB5035C995E7D62B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 11:11:30 |
| Start date: | 14/11/2023 |
| Path: | C:\Users\user\Desktop\Wzphku.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x920000 |
| File size: | 425'472 bytes |
| MD5 hash: | EFFFB97AA9F53110AB5035C995E7D62B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 5 |
| Start time: | 11:11:30 |
| Start date: | 14/11/2023 |
| Path: | C:\Users\user\Desktop\Wzphku.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7b0000 |
| File size: | 425'472 bytes |
| MD5 hash: | EFFFB97AA9F53110AB5035C995E7D62B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 6 |
| Start time: | 11:11:30 |
| Start date: | 14/11/2023 |
| Path: | C:\Users\user\Desktop\Wzphku.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x630000 |
| File size: | 425'472 bytes |
| MD5 hash: | EFFFB97AA9F53110AB5035C995E7D62B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 7 |
| Start time: | 11:11:30 |
| Start date: | 14/11/2023 |
| Path: | C:\Users\user\Desktop\Wzphku.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0xde0000 |
| File size: | 425'472 bytes |
| MD5 hash: | EFFFB97AA9F53110AB5035C995E7D62B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 8 |
| Start time: | 11:11:30 |
| Start date: | 14/11/2023 |
| Path: | C:\Users\user\Desktop\Wzphku.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0xf90000 |
| File size: | 425'472 bytes |
| MD5 hash: | EFFFB97AA9F53110AB5035C995E7D62B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 9 |
| Start time: | 11:11:30 |
| Start date: | 14/11/2023 |
| Path: | C:\Users\user\Desktop\Wzphku.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x4a0000 |
| File size: | 425'472 bytes |
| MD5 hash: | EFFFB97AA9F53110AB5035C995E7D62B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 10 |
| Start time: | 11:11:30 |
| Start date: | 14/11/2023 |
| Path: | C:\Users\user\Desktop\Wzphku.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7d0000 |
| File size: | 425'472 bytes |
| MD5 hash: | EFFFB97AA9F53110AB5035C995E7D62B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 11 |
| Start time: | 11:11:30 |
| Start date: | 14/11/2023 |
| Path: | C:\Users\user\Desktop\Wzphku.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x720000 |
| File size: | 425'472 bytes |
| MD5 hash: | EFFFB97AA9F53110AB5035C995E7D62B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 12 |
| Start time: | 11:11:30 |
| Start date: | 14/11/2023 |
| Path: | C:\Users\user\Desktop\Wzphku.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0xe70000 |
| File size: | 425'472 bytes |
| MD5 hash: | EFFFB97AA9F53110AB5035C995E7D62B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 19.7% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 40.9% |
| Total number of Nodes: | 22 |
| Total number of Limit Nodes: | 0 |
Graph
Function 05E40740 Relevance: 16.1, Strings: 12, Instructions: 1148COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E40A77 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05F60638 Relevance: 3.3, Strings: 2, Instructions: 818COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E44328 Relevance: 3.1, Strings: 2, Instructions: 557COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0128435A Relevance: 1.6, Strings: 1, Instructions: 390COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05F657C6 Relevance: .5, Instructions: 474COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0128227F Relevance: .2, Instructions: 212COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01282290 Relevance: .2, Instructions: 204COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 012819C0 Relevance: .2, Instructions: 203COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0128ABD8 Relevance: 5.1, Strings: 4, Instructions: 138COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E467F8 Relevance: 4.2, Strings: 3, Instructions: 481COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E484A8 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4CA80 Relevance: 4.1, Strings: 3, Instructions: 356COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 012879B3 Relevance: 3.9, Strings: 3, Instructions: 179COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E50078 Relevance: 2.9, Strings: 2, Instructions: 365COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E45EA8 Relevance: 2.8, Strings: 2, Instructions: 347COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E40318 Relevance: 2.7, Strings: 2, Instructions: 209COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E42628 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E506F0 Relevance: 2.7, Strings: 2, Instructions: 173COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E50510 Relevance: 2.6, Strings: 2, Instructions: 147COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E49380 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E43BA0 Relevance: 1.8, Strings: 1, Instructions: 534COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4A1D2 Relevance: 1.7, Strings: 1, Instructions: 429COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05F64EA0 Relevance: 1.6, APIs: 1, Instructions: 68threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05F65621 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05F64EA8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05F65628 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E48498 Relevance: 1.5, Strings: 1, Instructions: 234COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0128F070 Relevance: 1.5, Strings: 1, Instructions: 224COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0128E0B0 Relevance: 1.4, Strings: 1, Instructions: 154COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4D198 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4C139 Relevance: 1.4, Strings: 1, Instructions: 136COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4DA20 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E40040 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01285B2A Relevance: 1.4, Strings: 1, Instructions: 114COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4BB40 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4BB50 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0128E960 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E47518 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E50000 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01287B62 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E40006 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E42EF8 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E42EE8 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01281CC2 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01282178 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01282188 Relevance: 1.3, Strings: 1, Instructions: 38COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01281CD0 Relevance: 1.3, Strings: 1, Instructions: 38COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01283D33 Relevance: 1.3, Strings: 1, Instructions: 13COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4C388 Relevance: .4, Instructions: 437COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0128F3E8 Relevance: .3, Instructions: 266COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4D330 Relevance: .2, Instructions: 218COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E45088 Relevance: .2, Instructions: 208COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01285668 Relevance: .2, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4D320 Relevance: .2, Instructions: 163COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01285008 Relevance: .2, Instructions: 160COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01284100 Relevance: .2, Instructions: 157COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E48078 Relevance: .1, Instructions: 143COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01287460 Relevance: .1, Instructions: 142COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4D621 Relevance: .1, Instructions: 128COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01288873 Relevance: .1, Instructions: 123COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0128A0AF Relevance: .1, Instructions: 123COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4B467 Relevance: .1, Instructions: 123COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E42418 Relevance: .1, Instructions: 112COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01283F78 Relevance: .1, Instructions: 109COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01288220 Relevance: .1, Instructions: 105COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4AC50 Relevance: .1, Instructions: 103COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01283F88 Relevance: .1, Instructions: 102COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01282BB1 Relevance: .1, Instructions: 101COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01287E8B Relevance: .1, Instructions: 95COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E44BF4 Relevance: .1, Instructions: 95COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0128A166 Relevance: .1, Instructions: 93COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01282BC0 Relevance: .1, Instructions: 93COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 012825C9 Relevance: .1, Instructions: 92COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E42618 Relevance: .1, Instructions: 92COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01282758 Relevance: .1, Instructions: 90COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01282C74 Relevance: .1, Instructions: 87COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E48E18 Relevance: .1, Instructions: 87COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01282749 Relevance: .1, Instructions: 86COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4502B Relevance: .1, Instructions: 86COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01286EA8 Relevance: .1, Instructions: 85COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01286E98 Relevance: .1, Instructions: 84COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E40228 Relevance: .1, Instructions: 83COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4E300 Relevance: .1, Instructions: 78COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01288486 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0128A64C Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E416B8 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4E2D1 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0121D770 Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0121D684 Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E42510 Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01284B50 Relevance: .1, Instructions: 74COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01282A20 Relevance: .1, Instructions: 73COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E462B0 Relevance: .1, Instructions: 73COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4AC40 Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0128D388 Relevance: .1, Instructions: 70COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E462C0 Relevance: .1, Instructions: 69COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01282A30 Relevance: .1, Instructions: 68COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01284EB1 Relevance: .1, Instructions: 68COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0128359F Relevance: .1, Instructions: 67COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4745F Relevance: .1, Instructions: 66COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 012880DF Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 012880F0 Relevance: .1, Instructions: 64COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01287288 Relevance: .1, Instructions: 64COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01284EC0 Relevance: .1, Instructions: 64COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4CF50 Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01281861 Relevance: .1, Instructions: 61COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E42861 Relevance: .1, Instructions: 58COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0121D76B Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0121D67F Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4DE1F Relevance: .1, Instructions: 55COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0128FEC0 Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01287C13 Relevance: .1, Instructions: 51COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0128EE68 Relevance: .1, Instructions: 51COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0128539E Relevance: .0, Instructions: 49COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01288078 Relevance: .0, Instructions: 48COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4D778 Relevance: .0, Instructions: 48COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0128D318 Relevance: .0, Instructions: 46COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01284C21 Relevance: .0, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0121D01D Relevance: .0, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4DA11 Relevance: .0, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01288068 Relevance: .0, Instructions: 44COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4D788 Relevance: .0, Instructions: 44COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01289986 Relevance: .0, Instructions: 42COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E40188 Relevance: .0, Instructions: 42COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01282200 Relevance: .0, Instructions: 41COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01281939 Relevance: .0, Instructions: 40COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01282B28 Relevance: .0, Instructions: 40COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4B680 Relevance: .0, Instructions: 40COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4B690 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01287D0B Relevance: .0, Instructions: 38COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4806F Relevance: .0, Instructions: 38COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01281D48 Relevance: .0, Instructions: 37COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01285BB8 Relevance: .0, Instructions: 37COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0128E298 Relevance: .0, Instructions: 37COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4B408 Relevance: .0, Instructions: 37COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4063F Relevance: .0, Instructions: 37COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0121D01C Relevance: .0, Instructions: 36COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 012881A9 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4DE68 Relevance: .0, Instructions: 34COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01281948 Relevance: .0, Instructions: 33COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 012895A2 Relevance: .0, Instructions: 33COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01285B6D Relevance: .0, Instructions: 33COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4B418 Relevance: .0, Instructions: 32COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4F3A0 Relevance: .0, Instructions: 32COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E474C7 Relevance: .0, Instructions: 31COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0128D150 Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01284F96 Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 012895A8 Relevance: .0, Instructions: 28COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01289622 Relevance: .0, Instructions: 28COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E40650 Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01283DD5 Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E474D8 Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E48F3B Relevance: .0, Instructions: 22COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01283538 Relevance: .0, Instructions: 20COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01287211 Relevance: .0, Instructions: 20COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E42820 Relevance: .0, Instructions: 20COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0128D980 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0128D938 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01285DD9 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01280879 Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01284F88 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E46E83 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01281212 Relevance: .0, Instructions: 14COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 012808B0 Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 012894E8 Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4B3E1 Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4D2F8 Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01283548 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01285DF0 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01288439 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01289738 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01287220 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01280888 Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 012808D0 Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01283250 Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 012897EA Relevance: .0, Instructions: 8COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4B3F0 Relevance: .0, Instructions: 8COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4F3C8 Relevance: .0, Instructions: 7COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 012808C0 Relevance: .0, Instructions: 5COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 012875F2 Relevance: .0, Instructions: 4COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01284772 Relevance: .0, Instructions: 4COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E48F2B Relevance: .0, Instructions: 3COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E41D58 Relevance: 2.8, Strings: 2, Instructions: 334COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E47AB0 Relevance: 7.9, Strings: 6, Instructions: 406COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05E4E3E9 Relevance: 5.2, Strings: 4, Instructions: 169COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |