Edit tour
Windows
Analysis Report
roger.exe
Overview
General Information
| Sample name: | roger.exe |
| Analysis ID: | 1466536 |
| MD5: | b5214f81bf6b76f46d37a434a9cdec39 |
| SHA1: | 52082d597ec339b9d1acfe2e77b7c00b6954b1ba |
| SHA256: | 7147ab7f630f08e61ecbb66ca84cccac28f0dd90d11d4036474f0948dc698113 |
| Tags: | exe |
| Infos: |   |
 | |
Detection
AgentTesla
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Check if machine is in data center or colocation facility
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to log keystrokes (.Net Source)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected Generic Downloader
Abnormal high CPU Usage
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match
Classification
- System is w10x64
roger.exe (PID: 7060 cmdline: "C:\Users\ user\Deskt op\roger.e xe" MD5: B5214F81BF6B76F46D37A434A9CDEC39) 
RegSvcs.exe (PID: 7108 cmdline: "C:\Users\ user\Deskt op\roger.e xe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| Agent Tesla, AgentTesla | A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel. |
{"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.myhydropowered.com", "Username": "versace@myhydropowered.com", "Password": "0TFiRgPxmCJcdSB"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
| JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
| INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID | Detects executables referencing Windows vault credential objects. Observed in infostealers | ditekSHen |
| |
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| Click to see the 8 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
| JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
| INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID | Detects executables referencing Windows vault credential objects. Observed in infostealers | ditekSHen |
| |
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| Click to see the 6 entries | ||||
System Summary |   |
|---|
| Source: | Author: frack113: | ||
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Avira URL Cloud: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 0_2_00444696 | |
| Source: | Code function: | 0_2_0044C93C | |
| Source: | Code function: | 0_2_0044C9C7 | |
| Source: | Code function: | 0_2_0044F200 | |
| Source: | Code function: | 0_2_0044F35D | |
| Source: | Code function: | 0_2_0044F65E | |
| Source: | Code function: | 0_2_00443A2B | |
| Source: | Code function: | 0_2_00443D4E | |
| Source: | Code function: | 0_2_0044BF27 | |
Networking | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | TCP traffic: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | ASN Name: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | HTTP traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | Code function: | 0_2_004525E2 | |
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
Key, Mouse, Clipboard, Microphone and Screen Capturing | |
|---|
| Source: | .Net Code: | ||
| Source: | Code function: | 0_2_0045425A | |
| Source: | Code function: | 0_2_00454458 | |
| Source: | Code function: | 0_2_0045425A | |
| Source: | Code function: | 0_2_00440219 | |
| Source: | Code function: | 0_2_0046CDAC | |
System Summary | |
|---|
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Code function: | 0_2_003E3B4C | |
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | memstr_33058d88-2 | |
| Source: | String found in binary or memory: | memstr_c3b2c044-9 | |
| Source: | String found in binary or memory: | memstr_821d2a03-7 | |
| Source: | String found in binary or memory: | memstr_28655b97-2 | |
| Source: | Process Stats: | ||
| Source: | Code function: | 0_2_00444021 | |
| Source: | Code function: | 0_2_00438858 | |
| Source: | Code function: | 0_2_0044545F | |
| Source: | Code function: | 0_2_003EE800 | |
| Source: | Code function: | 0_2_0040DBB5 | |
| Source: | Code function: | 0_2_0046804A | |
| Source: | Code function: | 0_2_003EE060 | |
| Source: | Code function: | 0_2_003F4140 | |
| Source: | Code function: | 0_2_00402405 | |
| Source: | Code function: | 0_2_00416522 | |
| Source: | Code function: | 0_2_00460665 | |
| Source: | Code function: | 0_2_0041267E | |
| Source: | Code function: | 0_2_0040283A | |
| Source: | Code function: | 0_2_003F6843 | |
| Source: | Code function: | 0_2_004189DF | |
| Source: | Code function: | 0_2_003F8A0E | |
| Source: | Code function: | 0_2_00460AE2 | |
| Source: | Code function: | 0_2_00416A94 | |
| Source: | Code function: | 0_2_0043EB07 | |
| Source: | Code function: | 0_2_00448B13 | |
| Source: | Code function: | 0_2_0040CD61 | |
| Source: | Code function: | 0_2_00417006 | |
| Source: | Code function: | 0_2_003F710E | |
| Source: | Code function: | 0_2_003F3190 | |
| Source: | Code function: | 0_2_003E1287 | |
| Source: | Code function: | 0_2_004033C7 | |
| Source: | Code function: | 0_2_0040F419 | |
| Source: | Code function: | 0_2_004016C4 | |
| Source: | Code function: | 0_2_003F5680 | |
| Source: | Code function: | 0_2_004078D3 | |
| Source: | Code function: | 0_2_003F58C0 | |
| Source: | Code function: | 0_2_00401BB8 | |
| Source: | Code function: | 0_2_00419D05 | |
| Source: | Code function: | 0_2_003EFE40 | |
| Source: | Code function: | 0_2_00401FD0 | |
| Source: | Code function: | 0_2_0040BFE6 | |
| Source: | Code function: | 0_2_02123610 | |
| Source: | Code function: | 1_2_00B241F0 | |
| Source: | Code function: | 1_2_00B2B31F | |
| Source: | Code function: | 1_2_00B24AC0 | |
| Source: | Code function: | 1_2_00B23EA8 | |
| Source: | Code function: | 1_2_00B2EF69 | |
| Source: | Code function: | 1_2_0601C220 | |
| Source: | Code function: | 1_2_06017A28 | |
| Source: | Code function: | 1_2_06015250 | |
| Source: | Code function: | 1_2_0601AED0 | |
| Source: | Code function: | 1_2_06013118 | |
| Source: | Code function: | 1_2_06017348 | |
| Source: | Code function: | 1_2_06012401 | |
| Source: | Code function: | 1_2_0601E430 | |
| Source: | Code function: | 1_2_06010040 | |
| Source: | Code function: | 1_2_06015993 | |
| Source: | Code function: | 1_2_06010007 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_0044A2D5 | |
| Source: | Code function: | 0_2_00438713 | |
| Source: | Code function: | 0_2_00438CC3 | |
| Source: | Code function: | 0_2_0044B59E | |
| Source: | Code function: | 0_2_0045F121 | |
| Source: | Code function: | 0_2_0044C602 | |
| Source: | Code function: | 0_2_003E4FE9 | |
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | Virustotal: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_0045C304 | |
| Source: | Code function: | 0_2_0044871B | |
| Source: | Code function: | 0_2_0040E951 | |
| Source: | Code function: | 0_2_0040EA6A | |
| Source: | Code function: | 0_2_00408B98 | |
| Source: | Code function: | 0_2_0040EC45 | |
| Source: | Code function: | 0_2_0040ED2E | |
| Source: | Code function: | 1_2_00B20C7A | |
| Source: | Code function: | 0_2_003E4A35 | |
| Source: | Code function: | 0_2_004655FD | |
| Source: | Code function: | 0_2_004033C7 | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | File source: | ||
| Source: | HTTP traffic detected: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | Binary or memory string: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Evasive API call chain: | graph_0-98407 | ||
| Source: | API coverage: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Code function: | 0_2_00444696 | |
| Source: | Code function: | 0_2_0044C93C | |
| Source: | Code function: | 0_2_0044C9C7 | |
| Source: | Code function: | 0_2_0044F200 | |
| Source: | Code function: | 0_2_0044F35D | |
| Source: | Code function: | 0_2_0044F65E | |
| Source: | Code function: | 0_2_00443A2B | |
| Source: | Code function: | 0_2_00443D4E | |
| Source: | Code function: | 0_2_0044BF27 | |
| Source: | Code function: | 0_2_003E4AFE | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-97267 | ||
Anti Debugging | |
|---|
| Source: | Code function: | 1_2_00B27ED0 | |
| Source: | Process queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_004541FD | |
| Source: | Code function: | 0_2_003E3B4C | |
| Source: | Code function: | 0_2_00415CCC | |
| Source: | Code function: | 0_2_0045C304 | |
| Source: | Code function: | 0_2_021234A0 | |
| Source: | Code function: | 0_2_02123500 | |
| Source: | Code function: | 0_2_02121E70 | |
| Source: | Code function: | 0_2_004381F7 | |
| Source: | Code function: | 0_2_0040A364 | |
| Source: | Code function: | 0_2_0040A395 | |
| Source: | Memory allocated: | Jump to behavior | ||
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Code function: | 0_2_00438C93 | |
| Source: | Code function: | 0_2_003E3B4C | |
| Source: | Code function: | 0_2_003E4A35 | |
| Source: | Code function: | 0_2_00444EC9 | |
| Source: | Process created: | Jump to behavior | ||
| Source: | Code function: | 0_2_004381F7 | |
| Source: | Code function: | 0_2_00444C03 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 0_2_0040886B | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_004150D7 | |
| Source: | Code function: | 0_2_00422230 | |
| Source: | Code function: | 0_2_0041418A | |
| Source: | Code function: | 0_2_003E4AFE | |
| Source: | Key value queried: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Code function: | 0_2_00456596 | |
| Source: | Code function: | 0_2_00456A5A | |
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | 2 Valid Accounts | 221 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Exploitation for Privilege Escalation | 11 Disable or Modify Tools | 2 OS Credential Dumping | 2 System Time Discovery | Remote Services | 11 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | 2 Native API | 2 Valid Accounts | 1 DLL Side-Loading | 11 Deobfuscate/Decode Files or Information | 121 Input Capture | 1 Account Discovery | Remote Desktop Protocol | 2 Data from Local System | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 2 Valid Accounts | 2 Obfuscated Files or Information | 1 Credentials in Registry | 2 File and Directory Discovery | SMB/Windows Admin Shares | 1 Email Collection | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 21 Access Token Manipulation | 1 DLL Side-Loading | NTDS | 138 System Information Discovery | Distributed Component Object Model | 121 Input Capture | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 212 Process Injection | 2 Valid Accounts | LSA Secrets | 651 Security Software Discovery | SSH | 3 Clipboard Data | 23 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 231 Virtualization/Sandbox Evasion | Cached Domain Credentials | 231 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 21 Access Token Manipulation | DCSync | 2 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 212 Process Injection | Proc Filesystem | 11 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
| Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | HTML Smuggling | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
| IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | Dynamic API Resolution | Network Sniffing | 1 System Network Configuration Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 34% | ReversingLabs | Win32.Trojan.Strab | ||
| 34% | Virustotal | Browse | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 6% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 6% | Virustotal | Browse | ||
| 0% | Virustotal | Browse |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| mail.myhydropowered.com | 131.226.2.60 | true | true |
| unknown |
| api.ipify.org | 172.67.74.152 | true | false |
| unknown |
| ip-api.com | 208.95.112.1 | true | true |
| unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false |
| unknown | |
| false |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| true |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 208.95.112.1 | ip-api.com | United States | 53334 | TUT-ASUS | true | |
| 172.67.74.152 | api.ipify.org | United States | 13335 | CLOUDFLARENETUS | false | |
| 131.226.2.60 | mail.myhydropowered.com | United States | 16797 | UNASSIGNED | true |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1466536 |
| Start date and time: | 2024-07-03 03:15:05 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 7m 44s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 7 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | roger.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/4@4/3 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
| Time | Type | Description |
|---|---|---|
| 21:15:53 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 208.95.112.1 | Get hash | malicious | AgentTesla, DarkTortilla | Browse |
| |
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | AsyncRAT, Neshta, XWorm | Browse |
| ||
| 172.67.74.152 | Get hash | malicious | Ficker Stealer, Rusty Stealer | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Stealit | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Stealit | Browse |
| ||
| Get hash | malicious | Stealit | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| ip-api.com | Get hash | malicious | AgentTesla, DarkTortilla | Browse |
| |
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | AsyncRAT, Neshta, XWorm | Browse |
| ||
| mail.myhydropowered.com | Get hash | malicious | AgentTesla | Browse |
| |
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| api.ipify.org | Get hash | malicious | HTMLPhisher | Browse |
| |
| Get hash | malicious | AgentTesla, DarkTortilla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
| ||
| Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| TUT-ASUS | Get hash | malicious | AgentTesla, DarkTortilla | Browse |
| |
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | AsyncRAT, Neshta, XWorm | Browse |
| ||
| UNASSIGNED | Get hash | malicious | AgentTesla | Browse |
| |
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC, Poverty Stealer, SmokeLoader | Browse |
| ||
| Get hash | malicious | LummaC, Poverty Stealer, SmokeLoader | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
|
⊘No context
| Process: | C:\Users\user\Desktop\roger.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 243200 |
| Entropy (8bit): | 6.508858311348976 |
| Encrypted: | false |
| SSDEEP: | 6144:xU23ceXhnIpNN7Ip0mdauXiAXAN+YU8R0GbfaJ6e7:yIc4nINO0md3XiAXAN+YU8R0OSJ64 |
| MD5: | 1F881A604A491F1F502A60126104240F |
| SHA1: | 574830B296FA31FEBBC42739FA19D44CA28CC98A |
| SHA-256: | 9DCAB73636838DBA3AEE703D51A6345F6E981AFAA19A6D00E9C35DFCB1445C50 |
| SHA-512: | 7CF111A57BD149A0125E7C52014DE233CDB577B60422BFAFFAE570E75FFA4C75C1458520259DA38E92606DE2E4C111013A49BD9CC6B7405EC7CBE60748E71294 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\roger.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 146004 |
| Entropy (8bit): | 7.927745796135455 |
| Encrypted: | false |
| SSDEEP: | 3072:OqNLhD699GTXKFuv1VsLQ6wWnblugSnj4upoif1Hpb7yzUJgLXPo:9De99GTXKKVsLQgnbEgSnj4uvjb+zUJl |
| MD5: | E414977518BC589D86035E95A8CD2463 |
| SHA1: | AA2F1440BFD197FAAB2AB0583EF90708B2C6BCDD |
| SHA-256: | 087C94DC9535B691F41A60BB635139BD73DFEBD0264E9915773E11070B3442EA |
| SHA-512: | 8E8BDAD2656EBE303FD0D410719D12A49972AAF6D00782B517009F9AC9A86E96792EF914BC9B0C31D6B214883EF10A4E3F076C5960CE04B37DD894E92F70B100 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\roger.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 9846 |
| Entropy (8bit): | 7.59858476859658 |
| Encrypted: | false |
| SSDEEP: | 192:65jwEiqxwzMZTG3c6Vg0X9O1JZUv3QfyYxvoc1HCu30xA9mfXkRzh2E1:I6qxwzMZy3QU9Obysvoc1HCuExAgfGzX |
| MD5: | E24A12B1F3CAC427B0E383977D52E9F0 |
| SHA1: | B276EF783FAB6F81FAA8AFA152DF27537BF939BA |
| SHA-256: | 50EBDFCFB172A842DE042E601B9E5D6E5CB80294E14E57B1C04D8A7CA35F2AA0 |
| SHA-512: | 0B7FA8D671C4F6ED7E760533982C279848DA2582359E7017CC40E569ED420A685377A739838D497EB94AD418064265528A32BEBF220C7534AB511F066499FE22 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\roger.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 28756 |
| Entropy (8bit): | 3.590739809741736 |
| Encrypted: | false |
| SSDEEP: | 768:miTZ+2QoioGRk6ZklputwjpjBkCiw2RuJ3nXKUrvzjsNbp+IC6bd4vfF3if6gyut:miTZ+2QoioGRk6ZklputwjpjBkCiw2Rp |
| MD5: | B5495777C049626EEF7FAEB654E8D7C3 |
| SHA1: | B586C75337918713B50F55FB66A675CBFC54009F |
| SHA-256: | A6B5A7E306F6D8D96B15A54C8292582FFF2B8703296B4384ADC02B579C9809A3 |
| SHA-512: | E92FEBD3F7500B72A5E7233D34A64648D7699EE56A794F7E186AAA521054842E6748CAC152942C397553939E375C2CB74473AB6383B9C5CECD5FB61EFF85938C |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.966551924462203 |
| TrID: |
|
| File name: | roger.exe |
| File size: | 1'056'768 bytes |
| MD5: | b5214f81bf6b76f46d37a434a9cdec39 |
| SHA1: | 52082d597ec339b9d1acfe2e77b7c00b6954b1ba |
| SHA256: | 7147ab7f630f08e61ecbb66ca84cccac28f0dd90d11d4036474f0948dc698113 |
| SHA512: | 69dff04663b4b4072c320cc5549d496a6f7f47ee74a4ba79826c1654c35b83f5e64ea6a1e093ccacdc45150314e7c6c06742e10254f2532aa2987544784e0481 |
| SSDEEP: | 24576:AAHnh+eWsN3skA4RV1Hom2KXMmHazPkkB91vR3rn5:3h+ZkldoPK8YazNlR3F |
| TLSH: | 0A25AD0273D1C036FFAB92739B2AF6455ABC79254133852F13981DB9BD701B2263E663 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P.....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r.............#.S..._@'.S...R.k.S.....".S...RichR.. |
 | |
| Icon Hash: | aaf3e3e3938382a0 |
| Entrypoint: | 0x42800a |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x668482DC [Tue Jul 2 22:44:44 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 1 |
| File Version Major: | 5 |
| File Version Minor: | 1 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 1 |
| Import Hash: | afcdf79be1557326c854b6e20cb900a7 |
| Instruction |
|---|
| call 00007F3720815B0Dh |
| jmp 00007F37208088C4h |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| push edi |
| push esi |
| mov esi, dword ptr [esp+10h] |
| mov ecx, dword ptr [esp+14h] |
| mov edi, dword ptr [esp+0Ch] |
| mov eax, ecx |
| mov edx, ecx |
| add eax, esi |
| cmp edi, esi |
| jbe 00007F3720808A4Ah |
| cmp edi, eax |
| jc 00007F3720808DAEh |
| bt dword ptr [004C41FCh], 01h |
| jnc 00007F3720808A49h |
| rep movsb |
| jmp 00007F3720808D5Ch |
| cmp ecx, 00000080h |
| jc 00007F3720808C14h |
| mov eax, edi |
| xor eax, esi |
| test eax, 0000000Fh |
| jne 00007F3720808A50h |
| bt dword ptr [004BF324h], 01h |
| jc 00007F3720808F20h |
| bt dword ptr [004C41FCh], 00000000h |
| jnc 00007F3720808BEDh |
| test edi, 00000003h |
| jne 00007F3720808BFEh |
| test esi, 00000003h |
| jne 00007F3720808BDDh |
| bt edi, 02h |
| jnc 00007F3720808A4Fh |
| mov eax, dword ptr [esi] |
| sub ecx, 04h |
| lea esi, dword ptr [esi+04h] |
| mov dword ptr [edi], eax |
| lea edi, dword ptr [edi+04h] |
| bt edi, 03h |
| jnc 00007F3720808A53h |
| movq xmm1, qword ptr [esi] |
| sub ecx, 08h |
| lea esi, dword ptr [esi+08h] |
| movq qword ptr [edi], xmm1 |
| lea edi, dword ptr [edi+08h] |
| test esi, 00000007h |
| je 00007F3720808AA5h |
| bt esi, 03h |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0xbc0cc | 0x17c | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xc8000 | 0x379e4 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x100000 | 0x7134 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x92bc0 | 0x1c | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xa4b50 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8f000 | 0x884 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x8dfdd | 0x8e000 | 310e36668512d53489c005622bb1b4a9 | False | 0.5735602580325704 | data | 6.675248351711057 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8f000 | 0x2fd8e | 0x2fe00 | 748cf1ab2605ce1fd72d53d912abb68f | False | 0.32828818537859006 | data | 5.763244005758284 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xbf000 | 0x8f74 | 0x5200 | aae9601d920f07080bdfadf43dfeff12 | False | 0.1017530487804878 | data | 1.1963819235530628 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0xc8000 | 0x379e4 | 0x37a00 | 5c9c2d59b0e07023deba523da246dc2e | False | 0.8822068117977528 | data | 7.780058716820653 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x100000 | 0x7134 | 0x7200 | f04128ad0f87f42830e4a6cdbc38c719 | False | 0.7617530153508771 | data | 6.783955557128661 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0xc85a8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.7466216216216216 |
| RT_ICON | 0xc86d0 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors | English | Great Britain | 0.3277027027027027 |
| RT_ICON | 0xc87f8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.3885135135135135 |
| RT_ICON | 0xc8920 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 0 | English | Great Britain | 0.3333333333333333 |
| RT_ICON | 0xc8c08 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 0 | English | Great Britain | 0.5 |
| RT_ICON | 0xc8d30 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | English | Great Britain | 0.2835820895522388 |
| RT_ICON | 0xc9bd8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | English | Great Britain | 0.37906137184115524 |
| RT_ICON | 0xca480 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | English | Great Britain | 0.23699421965317918 |
| RT_ICON | 0xca9e8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | Great Britain | 0.13858921161825727 |
| RT_ICON | 0xccf90 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | Great Britain | 0.25070356472795496 |
| RT_ICON | 0xce038 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | Great Britain | 0.3173758865248227 |
| RT_MENU | 0xce4a0 | 0x50 | data | English | Great Britain | 0.9 |
| RT_STRING | 0xce4f0 | 0x594 | data | English | Great Britain | 0.3333333333333333 |
| RT_STRING | 0xcea84 | 0x68a | data | English | Great Britain | 0.2747909199522103 |
| RT_STRING | 0xcf110 | 0x490 | data | English | Great Britain | 0.3715753424657534 |
| RT_STRING | 0xcf5a0 | 0x5fc | data | English | Great Britain | 0.3087467362924282 |
| RT_STRING | 0xcfb9c | 0x65c | data | English | Great Britain | 0.34336609336609336 |
| RT_STRING | 0xd01f8 | 0x466 | data | English | Great Britain | 0.3605683836589698 |
| RT_STRING | 0xd0660 | 0x158 | Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0 | English | Great Britain | 0.502906976744186 |
| RT_RCDATA | 0xd07b8 | 0x2ecaa | data | 1.0003443633973015 | ||
| RT_GROUP_ICON | 0xff464 | 0x76 | data | English | Great Britain | 0.6610169491525424 |
| RT_GROUP_ICON | 0xff4dc | 0x14 | data | English | Great Britain | 1.25 |
| RT_GROUP_ICON | 0xff4f0 | 0x14 | data | English | Great Britain | 1.15 |
| RT_GROUP_ICON | 0xff504 | 0x14 | data | English | Great Britain | 1.25 |
| RT_VERSION | 0xff518 | 0xdc | data | English | Great Britain | 0.6181818181818182 |
| RT_MANIFEST | 0xff5f4 | 0x3ef | ASCII text, with CRLF line terminators | English | Great Britain | 0.5074478649453823 |
| DLL | Import |
|---|---|
| WSOCK32.dll | WSACleanup, socket, inet_ntoa, setsockopt, ntohs, recvfrom, ioctlsocket, htons, WSAStartup, __WSAFDIsSet, select, accept, listen, bind, closesocket, WSAGetLastError, recv, sendto, send, inet_addr, gethostbyname, gethostname, connect |
| VERSION.dll | GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW |
| WINMM.dll | timeGetTime, waveOutSetVolume, mciSendStringW |
| COMCTL32.dll | ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create |
| MPR.dll | WNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W |
| WININET.dll | InternetQueryDataAvailable, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetConnectW |
| PSAPI.DLL | GetProcessMemoryInfo |
| IPHLPAPI.DLL | IcmpCreateFile, IcmpCloseHandle, IcmpSendEcho |
| USERENV.dll | DestroyEnvironmentBlock, UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW |
| UxTheme.dll | IsThemeActive |
| KERNEL32.dll | DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, SetCurrentDirectoryW, GetLongPathNameW, GetShortPathNameW, DeleteFileW, FindNextFileW, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, GetCurrentProcess, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, LoadLibraryW, VirtualAlloc, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, GetCurrentThread, CloseHandle, GetFullPathNameW, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, WriteConsoleW, FindClose, SetEnvironmentVariableA |
| USER32.dll | AdjustWindowRectEx, CopyImage, SetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, SetRect, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, MonitorFromRect, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, PeekMessageW, UnregisterHotKey, CheckMenuRadioItem, CharLowerBuffW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, LoadImageW, GetClassNameW |
| GDI32.dll | StrokePath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, GetDeviceCaps, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, DeleteDC, GetPixel, CreateDCW, GetStockObject, GetTextFaceW, CreateFontW, SetTextColor, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, StrokeAndFillPath |
| COMDLG32.dll | GetOpenFileNameW, GetSaveFileNameW |
| ADVAPI32.dll | GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, RegCreateKeyExW, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, AddAce, SetSecurityDescriptorDacl, GetUserNameW, InitiateSystemShutdownExW |
| SHELL32.dll | DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish |
| ole32.dll | CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoSetProxyBlanket, CoCreateInstanceEx, CoInitializeSecurity |
| OLEAUT32.dll | LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, RegisterTypeLib, CreateStdDispatch, DispCallFunc, VariantChangeType, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, VariantCopy, VariantClear, OleLoadPicture, QueryPathOfRegTypeLib, RegisterTypeLibForUser, UnRegisterTypeLibForUser, UnRegisterTypeLib, CreateDispTypeInfo, SysAllocString, VariantInit |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | Great Britain |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jul 3, 2024 03:15:53.633948088 CEST | 49730 | 443 | 192.168.2.4 | 172.67.74.152 |
| Jul 3, 2024 03:15:53.633980989 CEST | 443 | 49730 | 172.67.74.152 | 192.168.2.4 |
| Jul 3, 2024 03:15:53.634063005 CEST | 49730 | 443 | 192.168.2.4 | 172.67.74.152 |
| Jul 3, 2024 03:15:53.666882038 CEST | 49730 | 443 | 192.168.2.4 | 172.67.74.152 |
| Jul 3, 2024 03:15:53.666898966 CEST | 443 | 49730 | 172.67.74.152 | 192.168.2.4 |
| Jul 3, 2024 03:15:54.133096933 CEST | 443 | 49730 | 172.67.74.152 | 192.168.2.4 |
| Jul 3, 2024 03:15:54.133191109 CEST | 49730 | 443 | 192.168.2.4 | 172.67.74.152 |
| Jul 3, 2024 03:15:54.155240059 CEST | 49730 | 443 | 192.168.2.4 | 172.67.74.152 |
| Jul 3, 2024 03:15:54.155250072 CEST | 443 | 49730 | 172.67.74.152 | 192.168.2.4 |
| Jul 3, 2024 03:15:54.155507088 CEST | 443 | 49730 | 172.67.74.152 | 192.168.2.4 |
| Jul 3, 2024 03:15:54.209399939 CEST | 49730 | 443 | 192.168.2.4 | 172.67.74.152 |
| Jul 3, 2024 03:15:54.280885935 CEST | 49730 | 443 | 192.168.2.4 | 172.67.74.152 |
| Jul 3, 2024 03:15:54.324506044 CEST | 443 | 49730 | 172.67.74.152 | 192.168.2.4 |
| Jul 3, 2024 03:15:54.384877920 CEST | 443 | 49730 | 172.67.74.152 | 192.168.2.4 |
| Jul 3, 2024 03:15:54.384924889 CEST | 443 | 49730 | 172.67.74.152 | 192.168.2.4 |
| Jul 3, 2024 03:15:54.384973049 CEST | 49730 | 443 | 192.168.2.4 | 172.67.74.152 |
| Jul 3, 2024 03:15:54.399611950 CEST | 49730 | 443 | 192.168.2.4 | 172.67.74.152 |
| Jul 3, 2024 03:15:54.412105083 CEST | 49731 | 80 | 192.168.2.4 | 208.95.112.1 |
| Jul 3, 2024 03:15:54.417167902 CEST | 80 | 49731 | 208.95.112.1 | 192.168.2.4 |
| Jul 3, 2024 03:15:54.417244911 CEST | 49731 | 80 | 192.168.2.4 | 208.95.112.1 |
| Jul 3, 2024 03:15:54.417366982 CEST | 49731 | 80 | 192.168.2.4 | 208.95.112.1 |
| Jul 3, 2024 03:15:54.422584057 CEST | 80 | 49731 | 208.95.112.1 | 192.168.2.4 |
| Jul 3, 2024 03:15:54.936553001 CEST | 80 | 49731 | 208.95.112.1 | 192.168.2.4 |
| Jul 3, 2024 03:15:54.990612984 CEST | 49731 | 80 | 192.168.2.4 | 208.95.112.1 |
| Jul 3, 2024 03:15:55.444734097 CEST | 49731 | 80 | 192.168.2.4 | 208.95.112.1 |
| Jul 3, 2024 03:15:55.537820101 CEST | 80 | 49731 | 208.95.112.1 | 192.168.2.4 |
| Jul 3, 2024 03:15:55.537894011 CEST | 49731 | 80 | 192.168.2.4 | 208.95.112.1 |
| Jul 3, 2024 03:17:41.986040115 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:41.990933895 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:41.991015911 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:42.583142042 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:42.583350897 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:42.588290930 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:42.701948881 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:42.706800938 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:42.711688995 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:42.984982967 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:42.987457037 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:42.992525101 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.107738018 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.107863903 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.107875109 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.107940912 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.125792980 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.130805016 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.244612932 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.250792027 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.255796909 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.369371891 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.372031927 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.376940012 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.491151094 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.495034933 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.499914885 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.615279913 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.618977070 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.623899937 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.738069057 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.738308907 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.743120909 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.862623930 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.862901926 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.867803097 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.981570959 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.983515024 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.983614922 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.983661890 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.983740091 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.985016108 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.988328934 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.988384962 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.988428116 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.988575935 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.988626003 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.989847898 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.989895105 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.989953995 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.989953995 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.990048885 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.990106106 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.993124008 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.993185997 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.993191957 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.993277073 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.994810104 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.994863987 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.994882107 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.994893074 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.994935989 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.994987011 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.995016098 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.995078087 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.995115042 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.995124102 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.995191097 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.998008013 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.998064995 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.998096943 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.998152971 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.998178959 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.998251915 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.999742985 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.999815941 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:43.999841928 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.999886036 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:43.999896049 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.000021935 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.000030994 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.000091076 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.000103951 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.000164986 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.000231028 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.000241041 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.000248909 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.000258923 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.000309944 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.003207922 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.003217936 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.003245115 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.003330946 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.004477024 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.004518032 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.004543066 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.004553080 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.004646063 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.004659891 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.004668951 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.004679918 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.004688978 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.004697084 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.004714966 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.004724026 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.004733086 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.004797935 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.306901932 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:44.350074053 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:48.714831114 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:48.719759941 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:48.834729910 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:48.835946083 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:48.835988998 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:48.841068029 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:48.842160940 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:48.842163086 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:48.846992016 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:48.854799032 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:49.551963091 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:49.552153111 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:49.556950092 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:49.671164036 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:49.671614885 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:49.676882029 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:49.790863037 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:49.791464090 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:49.796336889 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:49.910916090 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:49.911731005 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:49.912169933 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:49.916532040 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:49.916955948 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.100265980 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.100450039 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:50.105298996 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.230973959 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.231223106 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:50.236076117 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.351717949 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.351947069 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:50.356766939 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.471332073 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.471599102 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:50.476444006 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.591912985 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.592158079 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:50.597172976 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.850078106 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.851125002 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:50.851125956 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:50.851171017 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:50.851171017 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:50.854823112 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:50.856020927 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.856029987 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.856036901 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.856113911 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.856142998 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:50.859673023 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.859703064 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:50.859728098 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.859735966 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.859740019 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.859782934 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.859823942 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:50.859859943 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.859869003 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.860704899 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.860713005 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.860742092 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:50.860953093 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.860984087 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:50.864569902 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.864605904 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:50.864645004 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.865009069 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.865040064 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:50.865649939 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.865885973 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.865957975 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:50.869864941 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.869916916 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:50.869921923 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.870582104 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.870613098 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:50.870835066 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.870938063 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.870990038 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.871045113 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.871092081 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.871114969 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:50.871145964 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.871145964 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:50.871145964 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:50.871182919 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.871228933 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.871313095 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.871320963 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.871330976 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.874775887 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.874789953 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.874797106 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.874876022 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.874917984 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.874984026 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.874991894 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.875031948 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.875040054 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.875089884 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.875097990 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.875144958 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.875154972 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.875197887 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.875566006 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.875576019 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.875669956 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.875679016 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.875689030 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.875703096 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.875935078 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.875942945 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:50.875950098 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:51.177402020 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:51.290802002 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:17:51.495207071 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:17:51.495276928 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:03.783725977 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:03.788635015 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:03.903247118 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:03.903376102 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:03.903384924 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:03.903429031 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:03.904004097 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:03.915227890 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:03.921750069 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:03.921844959 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:04.451486111 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:04.451678991 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:04.456497908 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:04.573666096 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:04.573820114 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:04.578618050 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:04.696913004 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:04.700453043 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:04.705265999 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:04.823132038 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:04.824192047 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:04.824192047 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:04.829011917 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:04.829098940 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:04.946698904 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:04.946943045 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:04.951797009 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.069045067 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.071072102 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:05.075911045 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.193970919 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.194185972 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:05.199107885 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.452809095 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.454673052 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:05.459537029 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.578213930 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.582969904 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:05.587829113 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.705372095 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.705766916 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:05.705822945 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:05.705822945 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:05.705945969 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:05.707148075 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:05.710680962 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.710690022 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.710692883 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.710918903 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:05.711044073 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.712045908 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.712053061 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.712063074 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.712069988 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.712178946 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:05.712178946 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:05.712258101 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.712265968 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.713587046 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.713983059 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:05.715434074 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.715554953 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:05.715766907 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.715873003 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:05.717542887 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.717648029 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.717660904 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:05.717824936 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:05.718880892 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.720177889 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.720230103 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.720356941 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:05.720707893 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.720799923 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:05.722233057 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.722325087 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:05.722470045 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.722568989 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:05.722584009 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.722676992 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.722712040 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:05.722754002 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.722825050 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.723705053 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.724822998 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.725249052 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.725256920 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.725567102 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.725574970 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.725583076 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.725589991 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.725596905 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.725600004 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.725606918 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.725614071 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.725629091 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.727077961 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.727116108 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.727123976 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.727161884 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.727257967 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.727428913 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.727556944 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.727622032 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.727628946 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.727654934 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.727663040 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.727665901 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.727674961 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:05.727683067 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:06.046797991 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:06.100114107 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:13.120930910 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:13.126060963 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:13.243695974 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:13.244256020 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:13.244992018 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:13.245569944 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:13.245626926 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:13.250526905 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:13.250617981 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:13.768038988 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:13.768165112 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:13.773277998 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:13.887080908 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:13.887222052 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:13.892235994 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:14.005939960 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:14.006782055 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:14.013688087 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:14.127577066 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:14.128566980 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:14.128961086 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:14.133377075 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:14.133747101 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:14.315753937 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:14.316011906 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:14.321027040 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:14.434339046 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:14.434632063 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:14.439441919 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:14.552906036 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:14.553131104 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:14.558223009 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:14.671668053 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:14.671859026 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:14.676634073 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:14.799123049 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:14.804847002 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:14.815395117 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.070517063 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.071005106 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:15.071006060 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:15.071063042 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:15.071178913 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:15.072699070 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:15.075949907 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.075958967 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.075963020 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.075965881 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.076095104 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:15.077548981 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.077569962 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.077579021 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.077716112 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.077728033 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.077737093 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.077761889 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:15.077884912 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:15.078787088 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.080780029 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.080789089 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.080914974 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:15.081093073 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.081198931 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:15.081418991 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.082590103 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.082711935 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:15.086883068 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.087121964 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:15.087583065 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.088975906 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:15.092071056 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.092144012 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.092251062 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.092259884 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.092272997 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.092313051 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.092319965 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.092340946 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.092372894 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:15.092447996 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.093892097 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.093910933 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.093919039 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.093977928 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.093995094 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.094002008 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.097280979 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.097296953 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.097383976 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.097424984 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.097450018 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.097459078 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.097466946 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.394517899 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:15.444848061 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:19.041538000 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:19.046530008 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:19.160943031 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:19.161257029 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:19.161345959 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:19.161345959 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:19.162152052 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:19.166991949 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:19.167100906 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:19.700923920 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:19.703433037 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:19.708271027 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:19.822134018 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:19.837735891 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:19.842573881 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:19.957905054 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:19.958225012 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:19.963042974 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:20.077212095 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:20.077924967 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:20.078432083 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:20.083267927 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:20.083277941 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:20.353674889 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:20.353913069 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:20.570664883 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:20.570710897 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:20.571238041 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:20.685388088 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:20.685648918 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:20.690485954 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:20.811969995 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:20.814992905 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:20.820652008 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:20.934665918 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:20.935005903 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:20.939848900 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.054924965 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.055080891 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:21.060044050 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.174253941 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.174632072 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:21.174632072 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:21.174787045 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:21.174787045 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:21.175968885 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:21.179635048 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.179645061 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.179652929 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.179723024 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.179754972 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:21.180831909 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.180882931 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.180891991 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.180917025 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:21.180999994 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:21.181138039 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.183131933 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:21.184752941 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.184789896 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.184827089 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:21.185127974 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:21.186340094 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.186408997 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.186418056 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.186508894 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:21.186562061 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:21.186592102 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.186711073 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:21.188085079 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.188148022 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.188153028 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:21.188241005 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:21.189737082 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.189801931 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.189935923 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.190016031 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:21.191222906 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.191343069 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.191564083 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.191647053 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:21.191668987 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.191731930 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.192985058 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.193022966 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.193152905 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.193228006 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.193281889 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.194581032 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.194725037 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.194734097 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.195003986 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.195055962 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.195065975 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.195116043 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.195125103 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.195133924 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.195142031 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.196027040 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.196034908 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.196125031 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.196180105 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.196424007 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.196497917 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.196516991 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.196624041 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.196631908 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.196635962 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.196645975 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.196722984 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.196731091 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.516108036 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:21.569372892 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:26.014761925 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:26.020145893 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:26.135061026 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:26.135461092 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:26.135746956 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:26.135791063 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:26.135826111 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:26.135871887 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:26.136485100 CEST | 49744 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:26.140284061 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:26.140321016 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:26.141323090 CEST | 587 | 49744 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:26.141381979 CEST | 49744 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:34.866244078 CEST | 49744 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:34.871145964 CEST | 587 | 49744 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:34.871325016 CEST | 49744 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:34.916862965 CEST | 49745 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:34.921623945 CEST | 587 | 49745 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:34.925121069 CEST | 49745 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:44.803436995 CEST | 49745 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:44.808815002 CEST | 587 | 49745 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:44.815448046 CEST | 587 | 49745 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:44.820871115 CEST | 49745 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:44.860982895 CEST | 49746 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:44.865803957 CEST | 587 | 49746 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:44.869134903 CEST | 49746 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:45.991039038 CEST | 49746 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:45.995910883 CEST | 587 | 49746 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:45.995958090 CEST | 49746 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:46.056376934 CEST | 49747 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:18:46.061157942 CEST | 587 | 49747 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:18:46.061238050 CEST | 49747 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:03.319068909 CEST | 49747 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:03.326540947 CEST | 587 | 49747 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:19:03.326616049 CEST | 49747 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:03.372992992 CEST | 49748 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:03.377849102 CEST | 587 | 49748 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:19:03.378011942 CEST | 49748 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:07.258912086 CEST | 49748 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:07.263876915 CEST | 587 | 49748 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:19:07.263984919 CEST | 49748 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:07.310806036 CEST | 49749 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:07.315836906 CEST | 587 | 49749 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:19:07.316003084 CEST | 49749 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:24.131589890 CEST | 49749 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:24.136845112 CEST | 587 | 49749 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:19:24.136905909 CEST | 49749 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:24.207015991 CEST | 49750 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:24.212837934 CEST | 587 | 49750 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:19:24.212905884 CEST | 49750 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:27.852933884 CEST | 49750 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:27.857892036 CEST | 587 | 49750 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:19:27.857965946 CEST | 49750 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:27.907181978 CEST | 49751 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:27.911977053 CEST | 587 | 49751 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:19:27.912043095 CEST | 49751 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:30.553442001 CEST | 49751 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:30.558444977 CEST | 587 | 49751 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:19:30.558499098 CEST | 49751 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:30.613245964 CEST | 49752 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:30.618006945 CEST | 587 | 49752 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:19:30.618182898 CEST | 49752 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:41.381830931 CEST | 49752 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:41.386779070 CEST | 587 | 49752 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:19:41.387061119 CEST | 49752 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:41.480988026 CEST | 49753 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:41.487238884 CEST | 587 | 49753 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:19:41.487371922 CEST | 49753 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:50.975445032 CEST | 49753 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:50.980551004 CEST | 587 | 49753 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:19:50.983041048 CEST | 49753 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:51.026958942 CEST | 49754 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:51.031896114 CEST | 587 | 49754 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:19:51.035063028 CEST | 49754 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:51.866949081 CEST | 49754 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:51.872438908 CEST | 587 | 49754 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:19:51.872546911 CEST | 49754 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:51.916271925 CEST | 49755 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:51.921063900 CEST | 587 | 49755 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:19:51.921209097 CEST | 49755 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:56.334696054 CEST | 49755 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:56.339658022 CEST | 587 | 49755 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:19:56.339843988 CEST | 49755 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:56.384816885 CEST | 49756 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:56.389673948 CEST | 587 | 49756 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:19:56.389800072 CEST | 49756 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:58.610620975 CEST | 49756 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:58.615505934 CEST | 587 | 49756 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:19:58.615603924 CEST | 49756 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:58.682368040 CEST | 49757 | 587 | 192.168.2.4 | 131.226.2.60 |
| Jul 3, 2024 03:19:58.687339067 CEST | 587 | 49757 | 131.226.2.60 | 192.168.2.4 |
| Jul 3, 2024 03:19:58.687424898 CEST | 49757 | 587 | 192.168.2.4 | 131.226.2.60 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jul 3, 2024 03:15:53.620507002 CEST | 49905 | 53 | 192.168.2.4 | 1.1.1.1 |
| Jul 3, 2024 03:15:53.627037048 CEST | 53 | 49905 | 1.1.1.1 | 192.168.2.4 |
| Jul 3, 2024 03:15:54.404597998 CEST | 50419 | 53 | 192.168.2.4 | 1.1.1.1 |
| Jul 3, 2024 03:15:54.411454916 CEST | 53 | 50419 | 1.1.1.1 | 192.168.2.4 |
| Jul 3, 2024 03:15:55.445602894 CEST | 56299 | 53 | 192.168.2.4 | 1.1.1.1 |
| Jul 3, 2024 03:15:55.567943096 CEST | 53 | 56299 | 1.1.1.1 | 192.168.2.4 |
| Jul 3, 2024 03:17:41.573115110 CEST | 63600 | 53 | 192.168.2.4 | 1.1.1.1 |
| Jul 3, 2024 03:17:41.985117912 CEST | 53 | 63600 | 1.1.1.1 | 192.168.2.4 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Jul 3, 2024 03:15:53.620507002 CEST | 192.168.2.4 | 1.1.1.1 | 0xba70 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jul 3, 2024 03:15:54.404597998 CEST | 192.168.2.4 | 1.1.1.1 | 0x5faa | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jul 3, 2024 03:15:55.445602894 CEST | 192.168.2.4 | 1.1.1.1 | 0x518f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jul 3, 2024 03:17:41.573115110 CEST | 192.168.2.4 | 1.1.1.1 | 0xf6b5 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Jul 3, 2024 03:15:53.627037048 CEST | 1.1.1.1 | 192.168.2.4 | 0xba70 | No error (0) | 172.67.74.152 | A (IP address) | IN (0x0001) | false | ||
| Jul 3, 2024 03:15:53.627037048 CEST | 1.1.1.1 | 192.168.2.4 | 0xba70 | No error (0) | 104.26.13.205 | A (IP address) | IN (0x0001) | false | ||
| Jul 3, 2024 03:15:53.627037048 CEST | 1.1.1.1 | 192.168.2.4 | 0xba70 | No error (0) | 104.26.12.205 | A (IP address) | IN (0x0001) | false | ||
| Jul 3, 2024 03:15:54.411454916 CEST | 1.1.1.1 | 192.168.2.4 | 0x5faa | No error (0) | 208.95.112.1 | A (IP address) | IN (0x0001) | false | ||
| Jul 3, 2024 03:15:55.567943096 CEST | 1.1.1.1 | 192.168.2.4 | 0x518f | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
| Jul 3, 2024 03:17:41.985117912 CEST | 1.1.1.1 | 192.168.2.4 | 0xf6b5 | No error (0) | 131.226.2.60 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49731 | 208.95.112.1 | 80 | 7108 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jul 3, 2024 03:15:54.417366982 CEST | 80 | OUT | |
| Jul 3, 2024 03:15:54.936553001 CEST | 175 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49730 | 172.67.74.152 | 443 | 7108 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-03 01:15:54 UTC | 155 | OUT | |
| 2024-07-03 01:15:54 UTC | 211 | IN | |
| 2024-07-03 01:15:54 UTC | 11 | IN |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP | Commands |
|---|---|---|---|---|---|
| Jul 3, 2024 03:17:42.583142042 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 | 220 ns1.myhydropowered.com ESMTP Postfix (Ubuntu) |
| Jul 3, 2024 03:17:42.583350897 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 | EHLO 210979 |
| Jul 3, 2024 03:17:42.701948881 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 | 250-ns1.myhydropowered.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250-SMTPUTF8 250 CHUNKING |
| Jul 3, 2024 03:17:42.706800938 CEST | 49739 | 587 | 192.168.2.4 | 131.226.2.60 | STARTTLS |
| Jul 3, 2024 03:17:42.984982967 CEST | 587 | 49739 | 131.226.2.60 | 192.168.2.4 | 220 2.0.0 Ready to start TLS |
| Jul 3, 2024 03:17:49.551963091 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 | 220 ns1.myhydropowered.com ESMTP Postfix (Ubuntu) |
| Jul 3, 2024 03:17:49.552153111 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 | EHLO 210979 |
| Jul 3, 2024 03:17:49.671164036 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 | 250-ns1.myhydropowered.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250-SMTPUTF8 250 CHUNKING |
| Jul 3, 2024 03:17:49.671614885 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 | STARTTLS |
| Jul 3, 2024 03:17:49.790863037 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 | 220 2.0.0 Ready to start TLS |
| Jul 3, 2024 03:18:04.451486111 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 | 220 ns1.myhydropowered.com ESMTP Postfix (Ubuntu) |
| Jul 3, 2024 03:18:04.451678991 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 | EHLO 210979 |
| Jul 3, 2024 03:18:04.573666096 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 | 250-ns1.myhydropowered.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250-SMTPUTF8 250 CHUNKING |
| Jul 3, 2024 03:18:04.573820114 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 | STARTTLS |
| Jul 3, 2024 03:18:04.696913004 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 | 220 2.0.0 Ready to start TLS |
| Jul 3, 2024 03:18:13.768038988 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 | 220 ns1.myhydropowered.com ESMTP Postfix (Ubuntu) |
| Jul 3, 2024 03:18:13.768165112 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 | EHLO 210979 |
| Jul 3, 2024 03:18:13.887080908 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 | 250-ns1.myhydropowered.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250-SMTPUTF8 250 CHUNKING |
| Jul 3, 2024 03:18:13.887222052 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 | STARTTLS |
| Jul 3, 2024 03:18:14.005939960 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 | 220 2.0.0 Ready to start TLS |
| Jul 3, 2024 03:18:19.700923920 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 | 220 ns1.myhydropowered.com ESMTP Postfix (Ubuntu) |
| Jul 3, 2024 03:18:19.703433037 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 | EHLO 210979 |
| Jul 3, 2024 03:18:19.822134018 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 | 250-ns1.myhydropowered.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250-SMTPUTF8 250 CHUNKING |
| Jul 3, 2024 03:18:19.837735891 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 | STARTTLS |
| Jul 3, 2024 03:18:19.957905054 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 | 220 2.0.0 Ready to start TLS |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 21:15:50 |
| Start date: | 02/07/2024 |
| Path: | C:\Users\user\Desktop\roger.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x3e0000 |
| File size: | 1'056'768 bytes |
| MD5 hash: | B5214F81BF6B76F46D37A434A9CDEC39 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 1 |
| Start time: | 21:15:51 |
| Start date: | 02/07/2024 |
| Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x150000 |
| File size: | 45'984 bytes |
| MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | high |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 4.1% |
| Dynamic/Decrypted Code Coverage: | 0.4% |
| Signature Coverage: | 6% |
| Total number of Nodes: | 2000 |
| Total number of Limit Nodes: | 174 |
Graph
Function 003E3B4C Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 153windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E4AFE Relevance: 10.7, APIs: 7, Instructions: 223COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003EE800 Relevance: 7.4, Strings: 5, Instructions: 1102COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00444696 Relevance: 4.5, APIs: 3, Instructions: 25fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003F0B30 Relevance: 64.3, APIs: 27, Strings: 9, Instructions: 1300windowsleeptimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004493DF Relevance: 19.8, APIs: 13, Instructions: 322fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E3015 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 75windowregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E3041 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 54windowregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E71EB Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E3633 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 151windowtimeregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E3A58 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 71windowregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003EF8CF Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 168comCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 021225F0 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 021223B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 147fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E410D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E35B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004497E5 Relevance: 6.2, APIs: 4, Instructions: 155COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040493A Relevance: 6.1, APIs: 4, Instructions: 136COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045CDF1 Relevance: 4.9, APIs: 3, Instructions: 392COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E43DB Relevance: 4.6, APIs: 3, Instructions: 77windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040594C Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00448F97 Relevance: 4.5, APIs: 3, Instructions: 22COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E492E Relevance: 3.1, APIs: 2, Instructions: 59COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E5DF9 Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003F2123 Relevance: 1.7, APIs: 1, Instructions: 171COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E5C4E Relevance: 1.6, APIs: 1, Instructions: 97COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004200D6 Relevance: 1.6, APIs: 1, Instructions: 88COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E80D7 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E4F3D Relevance: 1.6, APIs: 1, Instructions: 64libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004201AF Relevance: 1.6, APIs: 1, Instructions: 63COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E5D20 Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404A93 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E4FAA Relevance: 1.5, APIs: 1, Instructions: 28COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004009D5 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00449129 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E5DAE Relevance: 1.5, APIs: 1, Instructions: 16COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040548B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044D2E6 Relevance: 1.4, APIs: 1, Instructions: 198COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00400E48 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 021222A0 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046CDAC Relevance: 75.9, APIs: 40, Strings: 3, Instructions: 637windowkeyboardCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046804A Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 571windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E4A35 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 131keyboardthreadwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044C9C7 Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 280timefileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044F200 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 119fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00460AE2 Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044F35D Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 112fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003F6843 Relevance: 20.9, Strings: 16, Instructions: 883COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00454458 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00443A2B Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 167fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044F65E Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 120filesleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003F58C0 Relevance: 11.0, APIs: 7, Instructions: 532COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044545F Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59shutdownCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00456596 Relevance: 9.1, APIs: 6, Instructions: 84networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E1287 Relevance: 7.9, APIs: 5, Instructions: 379COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004655FD Relevance: 7.6, APIs: 5, Instructions: 69windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045C304 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043EB07 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 561stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044B59E Relevance: 4.6, APIs: 3, Instructions: 73COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00438CC3 Relevance: 4.6, APIs: 3, Instructions: 67COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00444021 Relevance: 4.6, APIs: 3, Instructions: 61fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00444C03 Relevance: 4.5, APIs: 3, Instructions: 43memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003EE060 Relevance: 3.5, APIs: 2, Instructions: 539COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044C93C Relevance: 3.1, APIs: 2, Instructions: 52fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044A2D5 Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00438713 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040F419 Relevance: 2.1, APIs: 1, Instructions: 645COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041267E Relevance: 1.8, APIs: 1, Instructions: 294COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00444EC9 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00438C93 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00422230 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A364 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003F8A0E Relevance: .6, Instructions: 608COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402405 Relevance: .3, Instructions: 345COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040283A Relevance: .3, Instructions: 341COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00457B1B Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 491filecommemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004637F3 Relevance: 51.1, APIs: 6, Strings: 23, Instructions: 365windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046A849 Relevance: 49.8, APIs: 33, Instructions: 274COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E2C18 Relevance: 49.5, APIs: 27, Strings: 1, Instructions: 486windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004577BE Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00468C44 Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 401windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00464B16 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E27D9 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 286windowtimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00464069 Relevance: 28.3, APIs: 3, Strings: 13, Instructions: 283windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004552F0 Relevance: 27.1, APIs: 18, Instructions: 124COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043AA64 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 273windowtimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046C8EE Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 181windowfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046A428 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 205windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00464619 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 251windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046BAB8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 197windowlibraryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044A45A Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 102fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046C49C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045762D Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00458BC0 Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 324fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004448F3 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 73networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00445217 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044D7F8 Relevance: 18.3, APIs: 12, Instructions: 283comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043C72A Relevance: 18.2, APIs: 12, Instructions: 174COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E201B Relevance: 18.2, APIs: 12, Instructions: 170timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E21A5 Relevance: 18.1, APIs: 12, Instructions: 132COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046C27C Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 149windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004673C1 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 103windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046772A Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407040 Relevance: 16.8, APIs: 11, Instructions: 258COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004586D0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00455A45 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00439471 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043955C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00439645 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 72windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E2E26 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 186windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00458F5B Relevance: 13.9, APIs: 9, Instructions: 438COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004688B4 Relevance: 13.7, APIs: 9, Instructions: 168COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00439B50 Relevance: 13.6, APIs: 9, Instructions: 66sleepkeyboardwindowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00466FEF Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00443226 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 82windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00444534 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E2A5B Relevance: 12.1, APIs: 8, Instructions: 129COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00447368 Relevance: 12.1, APIs: 8, Instructions: 101fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00466442 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043C072 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E1424 Relevance: 10.7, APIs: 7, Instructions: 219COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00456E8A Relevance: 10.7, APIs: 7, Instructions: 212COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044589F Relevance: 10.6, APIs: 7, Instructions: 138timeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043DA5D Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 121comlibraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004438AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00467500 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046653C Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043E0B5 Relevance: 10.6, APIs: 7, Instructions: 90memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046783C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004041C9 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040429E Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044675A Relevance: 9.2, APIs: 6, Instructions: 205COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00465A20 Relevance: 9.2, APIs: 6, Instructions: 160windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043F3DD Relevance: 9.2, APIs: 6, Instructions: 159COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004426F9 Relevance: 9.1, APIs: 6, Instructions: 138windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E1765 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046B958 Relevance: 9.1, APIs: 6, Instructions: 109windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004573B1 Relevance: 9.1, APIs: 6, Instructions: 97COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00438D5B Relevance: 9.1, APIs: 6, Instructions: 69memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00438AF9 Relevance: 9.1, APIs: 6, Instructions: 65processCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046C19A Relevance: 9.0, APIs: 6, Instructions: 49COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004474D2 Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00438E74 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00442F86 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00442C42 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00439372 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00466656 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044703E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044710C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043A52F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045EE69 Relevance: 7.7, APIs: 5, Instructions: 247COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044E7DC Relevance: 7.6, APIs: 5, Instructions: 135COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046A2C5 Relevance: 7.6, APIs: 5, Instructions: 130COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00436920 Relevance: 7.6, APIs: 5, Instructions: 97windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043B6AF Relevance: 7.6, APIs: 5, Instructions: 88windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046B405 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004397E9 Relevance: 7.6, APIs: 5, Instructions: 84windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E12F3 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043C161 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00444D35 Relevance: 7.6, APIs: 5, Instructions: 56synchronizationthreadwindowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043874A Relevance: 7.5, APIs: 5, Instructions: 49memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004454E6 Relevance: 7.5, APIs: 5, Instructions: 48sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00437652 Relevance: 7.5, APIs: 5, Instructions: 48stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004385F1 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00438652 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E13B0 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00467648 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00466F1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046797D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E4C95 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E4D61 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E4D94 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00461072 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004593F5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004376C5 Relevance: 6.3, APIs: 4, Instructions: 333COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045E33E Relevance: 6.3, APIs: 4, Instructions: 307memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004583A8 Relevance: 6.3, APIs: 4, Instructions: 267COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00436DF3 Relevance: 6.2, APIs: 4, Instructions: 202memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00469A63 Relevance: 6.1, APIs: 4, Instructions: 140COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045672D Relevance: 6.1, APIs: 4, Instructions: 116COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044BA5F Relevance: 6.1, APIs: 4, Instructions: 111fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00468AC0 Relevance: 6.1, APIs: 4, Instructions: 109COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046ADF1 Relevance: 6.1, APIs: 4, Instructions: 106windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00465175 Relevance: 6.1, APIs: 4, Instructions: 95COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046C788 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00400BD0 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00438B9E Relevance: 6.1, APIs: 4, Instructions: 79memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00451A5B Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043E1AF Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004440B1 Relevance: 6.1, APIs: 4, Instructions: 65fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045667C Relevance: 6.1, APIs: 4, Instructions: 61networkCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00439023 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E1290 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00441652 Relevance: 6.1, APIs: 4, Instructions: 51sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046B57F Relevance: 6.0, APIs: 4, Instructions: 47COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046B8EF Relevance: 6.0, APIs: 4, Instructions: 40processCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00446E7C Relevance: 6.0, APIs: 4, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046C00C Relevance: 6.0, APIs: 4, Instructions: 31COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E2218 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00438C5A Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00422187 Relevance: 6.0, APIs: 4, Instructions: 20COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042219B Relevance: 6.0, APIs: 4, Instructions: 19COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044B217 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201shareCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003F2AB7 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00452882 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00442D91 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00466943 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00466B8F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00442E9E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004524CA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004580A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004392E7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004391DF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00439264 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004381BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|