Edit tour
Windows
Analysis Report
file.exe
Overview
General Information
| Sample name: | file.exe |
| Analysis ID: | 1511441 |
| MD5: | 16c1b3c872a490d259d8ccca7cedad11 |
| SHA1: | 3d5ab5e1ad2270dfa7dba9328be6a0b8c867e908 |
| SHA256: | 58dbc61b141b1ba5c957c2a4bf1036a8ff92135ecc88085925e7c2bace660860 |
| Tags: | exe |
| Infos: |  |
 | |
Detection
Socks5Systemz
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Socks5Systemz
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to infect the boot sector
Machine Learning detection for dropped file
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
file.exe (PID: 6796 cmdline: "C:\Users\ user\Deskt op\file.ex e" MD5: 16C1B3C872A490D259D8CCCA7CEDAD11) - file.tmp (PID: 3720 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\is-0DK CV.tmp\fil e.tmp" /SL 5="$20428, 3195553,56 832,C:\Use rs\user\De sktop\file .exe" MD5: FAC4C28483FA3BE6BBCBB9544E768C0B) 
freeprogramingtv32.exe (PID: 1800 cmdline: "C:\Users\ user\AppDa ta\Local\F ree Progra ming TV\fr eeprogrami ngtv32.exe " -i MD5: EF7530E4B883531FD823363CAE0463A0)
- cleanup
{"C2 list": ["beeyiuc.comC"]}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Socks5Systemz | Yara detected Socks5Systemz | Joe Security | ||
| JoeSecurity_Socks5Systemz | Yara detected Socks5Systemz | Joe Security | ||
| JoeSecurity_Socks5Systemz | Yara detected Socks5Systemz | Joe Security |
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-09-15T13:55:54.665683+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49736 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:55:57.580967+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49736 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:55:57.932793+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49736 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:55:58.740593+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49740 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:55:59.548731+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49741 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:00.366296+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49742 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:01.201427+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49743 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:01.556782+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49743 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:02.370326+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49744 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:03.236756+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49745 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:03.581051+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49745 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:03.928369+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49745 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:04.742235+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49746 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:05.597968+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49747 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:06.424544+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49748 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:06.771344+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49748 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:07.590774+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49749 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:08.402041+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49750 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:09.212851+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49751 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:10.025953+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49752 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:10.840863+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49753 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:11.653919+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49754 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:12.479146+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49755 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:13.296919+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49756 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:13.652098+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49756 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:14.465756+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49757 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:15.303053+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49758 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:16.120176+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49759 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:16.928031+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49760 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:17.772303+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49761 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:18.615510+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49762 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:19.433862+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49763 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:20.247297+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49764 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:21.052795+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49765 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:21.876208+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49766 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:22.234210+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49766 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:22.583463+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49766 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:23.422809+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49767 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:23.785208+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49767 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:24.608723+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49768 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:24.958189+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49768 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:25.774256+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49769 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:26.595278+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49770 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:26.941466+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49770 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:27.290490+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49770 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:28.091523+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49771 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:28.906668+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49772 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:29.258690+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49772 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:30.081968+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49773 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:30.923177+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49774 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:31.279978+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49774 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:31.629543+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49774 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:32.451725+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49775 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:33.366497+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49776 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:34.200081+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49777 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:35.007645+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49778 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:35.896889+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49779 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:36.718667+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49780 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:37.068584+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49780 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:37.892510+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49781 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:38.735983+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49782 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:39.087427+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49782 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:39.932334+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49783 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:40.779893+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49784 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:41.595992+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49785 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:41.950046+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49785 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:42.793731+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49786 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:43.632048+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49787 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:44.464711+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49788 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:45.302301+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49789 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:46.126399+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49790 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:46.482038+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49790 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:47.293011+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49791 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:48.112792+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49792 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:48.933845+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49793 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:49.760762+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49794 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:50.578871+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49795 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:51.407828+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49796 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:51.759255+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49796 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:52.727965+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49797 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:53.592994+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49798 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:54.409471+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49799 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:55.229367+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49800 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:56.046244+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49801 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:57.144604+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49802 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:57.978961+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49803 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:58.821593+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49804 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:59.665656+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49805 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:57:00.485041+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49806 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:57:01.308009+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49807 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:57:02.154495+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49808 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:57:03.099744+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49809 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:57:03.934141+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49810 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:57:04.745497+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49811 | 185.196.8.214 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-09-15T13:55:54.665683+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49736 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:55:57.580967+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49736 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:55:57.932793+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49736 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:55:58.740593+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49740 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:55:59.548731+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49741 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:00.366296+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49742 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:01.201427+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49743 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:01.556782+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49743 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:02.370326+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49744 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:03.236756+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49745 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:03.581051+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49745 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:03.928369+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49745 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:04.742235+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49746 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:05.597968+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49747 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:06.424544+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49748 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:06.771344+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49748 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:07.590774+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49749 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:08.402041+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49750 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:09.212851+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49751 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:10.025953+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49752 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:10.840863+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49753 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:11.653919+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49754 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:12.479146+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49755 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:13.296919+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49756 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:13.652098+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49756 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:14.465756+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49757 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:15.303053+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49758 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:16.120176+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49759 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:16.928031+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49760 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:17.772303+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49761 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:18.615510+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49762 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:19.433862+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49763 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:20.247297+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49764 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:21.052795+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49765 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:21.876208+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49766 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:22.234210+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49766 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:22.583463+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49766 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:23.422809+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49767 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:23.785208+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49767 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:24.608723+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49768 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:24.958189+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49768 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:25.774256+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49769 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:26.595278+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49770 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:26.941466+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49770 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:27.290490+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49770 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:28.091523+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49771 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:28.906668+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49772 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:29.258690+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49772 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:30.081968+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49773 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:30.923177+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49774 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:31.279978+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49774 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:31.629543+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49774 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:32.451725+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49775 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:33.366497+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49776 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:34.200081+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49777 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:35.007645+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49778 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:35.896889+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49779 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:36.718667+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49780 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:37.068584+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49780 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:37.892510+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49781 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:38.735983+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49782 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:39.087427+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49782 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:39.932334+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49783 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:40.779893+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49784 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:41.595992+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49785 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:41.950046+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49785 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:42.793731+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49786 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:43.632048+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49787 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:44.464711+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49788 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:45.302301+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49789 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:46.126399+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49790 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:46.482038+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49790 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:47.293011+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49791 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:48.112792+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49792 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:48.933845+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49793 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:49.760762+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49794 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:50.578871+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49795 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:51.407828+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49796 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:51.759255+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49796 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:52.727965+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49797 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:53.592994+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49798 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:54.409471+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49799 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:55.229367+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49800 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:56.046244+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49801 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:57.144604+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49802 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:57.978961+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49803 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:58.821593+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49804 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:59.665656+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49805 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:57:00.485041+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49806 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:57:01.308009+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49807 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:57:02.154495+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49808 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:57:03.099744+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49809 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:57:03.934141+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49810 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:57:04.745497+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49811 | 185.196.8.214 | 80 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Code function: | 1_2_0045D188 | |
| Source: | Code function: | 1_2_0045D254 | |
| Source: | Code function: | 1_2_0045D23C | |
| Source: | Code function: | 1_2_10001000 | |
| Source: | Code function: | 1_2_10001130 | |
Compliance | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Static PE information: | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 1_2_00452A60 | |
| Source: | Code function: | 1_2_004750DC | |
| Source: | Code function: | 1_2_00464158 | |
| Source: | Code function: | 1_2_004981F8 | |
| Source: | Code function: | 1_2_00462750 | |
| Source: | Code function: | 1_2_00463CDC | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | URLs: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | Code function: | 2_2_02B972A7 | |
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Code function: | 1_2_0042F520 | |
| Source: | Code function: | 1_2_00423B84 | |
| Source: | Code function: | 1_2_004125D8 | |
| Source: | Code function: | 1_2_00478C14 | |
| Source: | Code function: | 1_2_00457594 | |
| Source: | Code function: | 1_2_0042E934 | |
| Source: | Code function: | 0_2_00409448 | |
| Source: | Code function: | 1_2_004555E4 | |
| Source: | Code function: | 0_2_0040840C | |
| Source: | Code function: | 1_2_004707F8 | |
| Source: | Code function: | 1_2_00480B4B | |
| Source: | Code function: | 1_2_004352C8 | |
| Source: | Code function: | 1_2_004673A4 | |
| Source: | Code function: | 1_2_0048E0A8 | |
| Source: | Code function: | 1_2_0043035C | |
| Source: | Code function: | 1_2_004444C8 | |
| Source: | Code function: | 1_2_004345C4 | |
| Source: | Code function: | 1_2_00444A70 | |
| Source: | Code function: | 1_2_00486D24 | |
| Source: | Code function: | 1_2_00430EE8 | |
| Source: | Code function: | 1_2_0045F0C4 | |
| Source: | Code function: | 1_2_00445168 | |
| Source: | Code function: | 1_2_0045B174 | |
| Source: | Code function: | 1_2_00469420 | |
| Source: | Code function: | 1_2_00445574 | |
| Source: | Code function: | 1_2_004519BC | |
| Source: | Code function: | 1_2_00487C84 | |
| Source: | Code function: | 1_2_0043DD50 | |
| Source: | Code function: | 1_2_02401260 | |
| Source: | Code function: | 1_2_02401D20 | |
| Source: | Code function: | 2_2_00401051 | |
| Source: | Code function: | 2_2_00401C26 | |
| Source: | Code function: | 2_2_02BCBCEB | |
| Source: | Code function: | 2_2_02BCBD58 | |
| Source: | Code function: | 2_2_02BAE18D | |
| Source: | Code function: | 2_2_02BA9E84 | |
| Source: | Code function: | 2_2_02BB4E29 | |
| Source: | Code function: | 2_2_02B9EFAD | |
| Source: | Code function: | 2_2_02BADC99 | |
| Source: | Code function: | 2_2_02BAAC3A | |
| Source: | Code function: | 2_2_02BA8442 | |
| Source: | Code function: | 2_2_02BB2DB4 | |
| Source: | Code function: | 2_2_02BAE5A5 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 2_2_02BA08B8 | |
| Source: | Code function: | 0_2_00409448 | |
| Source: | Code function: | 1_2_004555E4 | |
| Source: | Code function: | 1_2_00455E0C | |
| Source: | Code function: | 2_2_0040265E | |
| Source: | Code function: | 1_2_0046E13C | |
| Source: | Code function: | 0_2_00409C34 | |
| Source: | Code function: | 2_2_004021E9 | |
| Source: | Code function: | 2_2_004021E9 | |
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key value created or modified: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Key value created or modified: | Jump to behavior | ||
| Source: | Window found: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Data Obfuscation | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Unpacked PE file: | ||
| Source: | Code function: | 1_2_004502C0 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_004065FD | |
| Source: | Code function: | 0_2_004040F1 | |
| Source: | Code function: | 0_2_00408109 | |
| Source: | Code function: | 0_2_00404389 | |
| Source: | Code function: | 0_2_00404389 | |
| Source: | Code function: | 0_2_0040C219 | |
| Source: | Code function: | 0_2_00404389 | |
| Source: | Code function: | 0_2_00404389 | |
| Source: | Code function: | 0_2_00408F63 | |
| Source: | Code function: | 1_2_004841E2 | |
| Source: | Code function: | 1_2_00409981 | |
| Source: | Code function: | 1_2_004062B5 | |
| Source: | Code function: | 1_2_004104E5 | |
| Source: | Code function: | 1_2_00412983 | |
| Source: | Code function: | 1_2_00494E05 | |
| Source: | Code function: | 1_2_0040CE3A | |
| Source: | Code function: | 1_2_0045930C | |
| Source: | Code function: | 1_2_0040F39A | |
| Source: | Code function: | 1_2_00443444 | |
| Source: | Code function: | 1_2_004054A9 | |
| Source: | Code function: | 1_2_00405741 | |
| Source: | Code function: | 1_2_00405741 | |
| Source: | Code function: | 1_2_00405741 | |
| Source: | Code function: | 1_2_00405741 | |
| Source: | Code function: | 1_2_004857D1 | |
| Source: | Code function: | 1_2_00451823 | |
| Source: | Code function: | 1_2_004519C1 | |
| Source: | Code function: | 1_2_00477C5D | |
| Source: | Code function: | 1_2_00419C2D | |
| Source: | Code function: | 1_2_0045FD20 | |
| Source: | Code function: | 1_2_00499D3F | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
Persistence and Installation Behavior | |
|---|
| Source: | Code function: | 2_2_00401A4F | |
| Source: | Code function: | 2_2_02B9F7D6 | |
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
Boot Survival | |
|---|
| Source: | Code function: | 2_2_00401A4F | |
| Source: | Code function: | 2_2_02B9F7D6 | |
| Source: | Code function: | 2_2_004021E9 | |
| Source: | Code function: | 1_2_00423C0C | |
| Source: | Code function: | 1_2_00423C0C | |
| Source: | Code function: | 1_2_004241DC | |
| Source: | Code function: | 1_2_00424194 | |
| Source: | Code function: | 1_2_00418384 | |
| Source: | Code function: | 1_2_0042285C | |
| Source: | Code function: | 1_2_00417598 | |
| Source: | Code function: | 1_2_00483A90 | |
| Source: | Code function: | 1_2_00417CCE | |
| Source: | Code function: | 1_2_00417CD0 | |
| Source: | Code function: | 1_2_0041F118 | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Code function: | 2_2_00401B4B | |
| Source: | Code function: | 2_2_02B9F8DA | |
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Evasive API call chain: | graph_0-5972 | ||
| Source: | Evasive API call chain: | graph_2-20149 | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Code function: | 1_2_00452A60 | |
| Source: | Code function: | 1_2_004750DC | |
| Source: | Code function: | 1_2_00464158 | |
| Source: | Code function: | 1_2_004981F8 | |
| Source: | Code function: | 1_2_00462750 | |
| Source: | Code function: | 1_2_00463CDC | |
| Source: | Code function: | 0_2_00409B78 | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-6769 | ||
| Source: | API call chain: | graph_2-20444 | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 2_2_02BB00FE | |
| Source: | Code function: | 2_2_02BB00FE | |
| Source: | Code function: | 1_2_004502C0 | |
| Source: | Code function: | 2_2_02B96487 | |
| Source: | Code function: | 2_2_02BA9468 | |
| Source: | Code function: | 1_2_00478658 | |
| Source: | Code function: | 1_2_0042E09C | |
| Source: | Code function: | 2_2_02BA7FAD | |
| Source: | Code function: | 0_2_0040520C | |
| Source: | Code function: | 0_2_00405258 | |
| Source: | Code function: | 1_2_00408568 | |
| Source: | Code function: | 1_2_004085B4 | |
| Source: | Code function: | 1_2_004585C8 | |
| Source: | Code function: | 0_2_004026C4 | |
| Source: | Code function: | 1_2_0045559C | |
| Source: | Code function: | 0_2_00405CF4 | |
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Native API | 1 DLL Side-Loading | 1 Exploitation for Privilege Escalation | 1 Deobfuscate/Decode Files or Information | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | 5 Windows Service | 1 DLL Side-Loading | 3 Obfuscated Files or Information | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | 2 Service Execution | 1 Bootkit | 1 Access Token Manipulation | 22 Software Packing | Security Account Manager | 2 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 5 Windows Service | 1 DLL Side-Loading | NTDS | 35 System Information Discovery | Distributed Component Object Model | Input Capture | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 2 Process Injection | 1 Masquerading | LSA Secrets | 141 Security Software Discovery | SSH | Keylogging | 112 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 21 Virtualization/Sandbox Evasion | Cached Domain Credentials | 1 Process Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Access Token Manipulation | DCSync | 21 Virtualization/Sandbox Evasion | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 2 Process Injection | Proc Filesystem | 11 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
| Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 1 Bootkit | /etc/passwd and /etc/shadow | 3 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
| IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | Dynamic API Resolution | Network Sniffing | 1 Remote System Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
| Network Security Appliances | Domains | Compromise Software Dependencies and Development Tools | AppleScript | Launchd | Launchd | Stripped Payloads | Input Capture | 1 System Network Configuration Discovery | Software Deployment Tools | Remote Data Staging | Mail Protocols | Exfiltration Over Unencrypted Non-C2 Protocol | Firmware Corruption |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 26% | Virustotal | Browse | ||
| 16% | ReversingLabs | Win32.Trojan.Munp |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 34% | Virustotal | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse | ||
| 34% | Virustotal | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 1% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 11% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| beeyiuc.com | 185.196.8.214 | true | true | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown | |
| true |
| unknown | |
| true |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 195.154.173.35 | unknown | France | 12876 | OnlineSASFR | false | |
| 185.196.8.214 | beeyiuc.com | Switzerland | 34888 | SIMPLECARRER2IT | true |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1511441 |
| Start date and time: | 2024-09-15 13:54:07 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 55s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 7 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | file.exe |
| Detection: | MAL |
| Classification: | mal100.troj.evad.winEXE@5/27@1/2 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtDeviceIoControlFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
| Time | Type | Description |
|---|---|---|
| 07:55:34 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 185.196.8.214 | Get hash | malicious | Socks5Systemz | Browse | ||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | LummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer, PureLog Stealer, RedLine, Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| SIMPLECARRER2IT | Get hash | malicious | Socks5Systemz | Browse |
| |
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | LummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer, PureLog Stealer, RedLine, Socks5Systemz | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| OnlineSASFR | Get hash | malicious | Mirai | Browse |
| |
| Get hash | malicious | Xmrig | Browse |
| ||
| Get hash | malicious | Sodinokibi, Chaos, Netwalker, Revil, TrojanRansom | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai, Moobot | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Free Programing TV\Qt5OpenGL.dll (copy) | Get hash | malicious | Socks5Systemz | Browse | ||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | LummaC, PureLog Stealer, RedLine, Stealc, Vidar, XWorm, zgRAT | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | LummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer, PureLog Stealer, RedLine, Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse |
| Process: | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2674102 |
| Entropy (8bit): | 6.4789996164233346 |
| Encrypted: | false |
| SSDEEP: | 49152:9wGEraSvuJ0xGkpOQs1S5DQTXji45Nkdl:SdubJ0xGkEHo5DQTXjnPk/ |
| MD5: | EF7530E4B883531FD823363CAE0463A0 |
| SHA1: | D1DEC026B12299681F17DEDE7C3EF33C4C3C063A |
| SHA-256: | 93FB8A694EB01DD6F54203C1423647909DC8B6D0EEFD72DE97B0496135108AAF |
| SHA-512: | 6992D7DB16E10D525276802649C1881D320A32B8BA3FA9508B257E10380D9F90258FC1114D17C038422556FD86F57B4F99932DFB94A0E178C76A6836A664E494 |
| Malicious: | true |
| Antivirus: |
|
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8 |
| Entropy (8bit): | 2.0 |
| Encrypted: | false |
| SSDEEP: | 3:/n:/ |
| MD5: | 476FBD91C2CB67C5FD6CDE5D2813E7E7 |
| SHA1: | F76C1BDA267B83FB496CF0FCBC906CD52A35EE15 |
| SHA-256: | 87904147F8EB9CE24500CDC8B81500BA09974AFF4A369488421A5BD55761199F |
| SHA-512: | 62FE0DE8FF65A89F3D50099D3839B1166E5BA0D24DF82A43BCEFC53FD4692878D0F62EE3296460547AEFDA432358C9617493A08AACF57F14D5B5653FD485C465 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:hln:z |
| MD5: | 4FC68C0E28230B671D55876476544B99 |
| SHA1: | D2DB17938548183540C0BB0EFF593ED7F90ADB7C |
| SHA-256: | B7FC02907B1FE26A09F41A20CBCB2899ECD2B028A973D1997530873BCD349966 |
| SHA-512: | 7244B64031446790942901F46F65B6E8B9610F4A88D8DCDEE1FC6C9B7EE9407A0F15ADCABD0B060702407B23B90663E9FC8889591D13C9AA421B6B20D8DBBF24 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 128 |
| Entropy (8bit): | 2.9545817380615236 |
| Encrypted: | false |
| SSDEEP: | 3:SmwW3Fde9UUDrjStGs/:Smze7DPStGM |
| MD5: | 98DDA7FC0B3E548B68DE836D333D1539 |
| SHA1: | D0CB784FA2BBD3BDE2BA4400211C3B613638F1C6 |
| SHA-256: | 870555CDCBA1F066D893554731AE99A21AE776D41BCB680CBD6510CB9F420E3D |
| SHA-512: | E79BD8C2E0426DBEBA8AC2350DA66DC0413F79860611A05210905506FEF8B80A60BB7E76546B0CE9C6E6BC9DDD4BC66FF4C438548F26187EAAF6278F769B3AC1 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 128 |
| Entropy (8bit): | 1.2701231977328944 |
| Encrypted: | false |
| SSDEEP: | 3:WAmJuXDz8/:HHzc |
| MD5: | 0D6174E4525CFDED5DD1C9440B9DC1E7 |
| SHA1: | 173EF30A035CE666278904625EADCFAE09233A47 |
| SHA-256: | 458677CDF0E1A4E87D32AB67D6A5EEA9E67CB3545D79A21A0624E6BB5E1087E7 |
| SHA-512: | 86DA96385985A1BA3D67A8676A041CA563838F474DF33D82B6ECD90C101703B30747121A6B7281E025A3C11CE28ACCEDFC94DB4E8D38E391199458056C2CD27A |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-0DKCV.tmp\file.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 334848 |
| Entropy (8bit): | 6.5257884005400015 |
| Encrypted: | false |
| SSDEEP: | 6144:JmuFcP82IqE5RSbvQpYVgMW2i32blpDW2pmoZ1:JmuFc02IqE7SbLVgR1O |
| MD5: | C1D465E061D7D02895DAEB19BDB28AC9 |
| SHA1: | 5E729EE51DF080545C7031D771B85094A2B2D4E9 |
| SHA-256: | 777917D30F277A9E88D8FC04E69B955A2B0BD3F2BCF2E36F7F9CFFEF2583EE60 |
| SHA-512: | 438ADAA0AC3AD47621D288E3FF56493CC7DE4E2A89FC5420E246A6045DB79E7CB84A28D3F3420841340AB33BD632F12FDC3A4E9D8EF99601CA9F975B7F8309E1 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-0DKCV.tmp\file.tmp |
| File Type: | |
| Category: | modified |
| Size (bytes): | 2674102 |
| Entropy (8bit): | 6.4789996164233346 |
| Encrypted: | false |
| SSDEEP: | 49152:9wGEraSvuJ0xGkpOQs1S5DQTXji45Nkdl:SdubJ0xGkEHo5DQTXjnPk/ |
| MD5: | EF7530E4B883531FD823363CAE0463A0 |
| SHA1: | D1DEC026B12299681F17DEDE7C3EF33C4C3C063A |
| SHA-256: | 93FB8A694EB01DD6F54203C1423647909DC8B6D0EEFD72DE97B0496135108AAF |
| SHA-512: | 6992D7DB16E10D525276802649C1881D320A32B8BA3FA9508B257E10380D9F90258FC1114D17C038422556FD86F57B4F99932DFB94A0E178C76A6836A664E494 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-0DKCV.tmp\file.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 718497 |
| Entropy (8bit): | 6.514969970877754 |
| Encrypted: | false |
| SSDEEP: | 12288:TTPcYn5c/rPx37/zHBA6a5UeYpChr1CERdSrNdyR623o1a+mxyF2:HPcYn5c/rPx37/zHBA6pFpCZ1CEu23oU |
| MD5: | 15A34E695704C037C2F6F57EC771662F |
| SHA1: | E2422E9572A061B5B5192272EF1D97D3F5019A33 |
| SHA-256: | 21C2374F81205E26AC8383DCF04E9499248B38166ADF8CE1B85F2CD8814B157A |
| SHA-512: | 1D20B0AFB21CBFF8680732A52BCEA1B6A2A05182394AB33DF42D451AE501720C246D3AA6C25E8E2E79A4834CBD959E338C4A00FB05446AFA635935B34342B34C |
| Malicious: | true |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-0DKCV.tmp\file.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 334848 |
| Entropy (8bit): | 6.5257884005400015 |
| Encrypted: | false |
| SSDEEP: | 6144:JmuFcP82IqE5RSbvQpYVgMW2i32blpDW2pmoZ1:JmuFc02IqE7SbLVgR1O |
| MD5: | C1D465E061D7D02895DAEB19BDB28AC9 |
| SHA1: | 5E729EE51DF080545C7031D771B85094A2B2D4E9 |
| SHA-256: | 777917D30F277A9E88D8FC04E69B955A2B0BD3F2BCF2E36F7F9CFFEF2583EE60 |
| SHA-512: | 438ADAA0AC3AD47621D288E3FF56493CC7DE4E2A89FC5420E246A6045DB79E7CB84A28D3F3420841340AB33BD632F12FDC3A4E9D8EF99601CA9F975B7F8309E1 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-0DKCV.tmp\file.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2674102 |
| Entropy (8bit): | 6.478999429565673 |
| Encrypted: | false |
| SSDEEP: | 49152:4wGEraSvuJ0xGkpOQs1S5DQTXji45Nkdl:BdubJ0xGkEHo5DQTXjnPk/ |
| MD5: | BFC4C8B95799BA47F346C2E704CCBB91 |
| SHA1: | 4B126F94C3E8514D4C7E8609848F4C8DE8FCE244 |
| SHA-256: | 159B70D7C9DC8F7F7449EC045CCB37452C32E07F864C4D8E9940B28358218A37 |
| SHA-512: | 6B112E96EC9AEC77FD93E8E92FF76E48CC6C09C0BB376E823CBAF26336B35CF67D347F5E1939BB7FB27005E264964C648A7401C2BE3E337F016DD9A0D8B1077F |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-0DKCV.tmp\file.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 392048 |
| Entropy (8bit): | 6.542831007177094 |
| Encrypted: | false |
| SSDEEP: | 6144:1eIwnft+S34NVSTjMFR+oVbKQfbno1/1oz6i2EDSD4I+XdtQXGMiFcoOjAWcIhbl:1eIwnft+S34NVSTQD+oVbKQfrC/1ct25 |
| MD5: | EE856A00410ECED8CC609936D01F954E |
| SHA1: | 705D378626AEC86FECFDF04C86244006BC3AF431 |
| SHA-256: | B6192300D3C1476EF3C25A368D055AA401035E78F9F6DBE5F93C84D36EF1FA62 |
| SHA-512: | 666D731247DAEAE4B57925DFA8CAE845327FD34E0F6B9AAD1BCF471D1800D7E8AF5642A5FB6E0EC58BA3AC7DD98A6D3FE0B473F34C16FFB9985621C98C0463EF |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-0DKCV.tmp\file.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 348160 |
| Entropy (8bit): | 6.542655141037356 |
| Encrypted: | false |
| SSDEEP: | 6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E |
| MD5: | 86F1895AE8C5E8B17D99ECE768A70732 |
| SHA1: | D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA |
| SHA-256: | 8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE |
| SHA-512: | 3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-0DKCV.tmp\file.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1471856 |
| Entropy (8bit): | 6.8308189184145665 |
| Encrypted: | false |
| SSDEEP: | 24576:6PQ+KpPa3kPjWWJy+0PX7PM6ZB9In8QmMMWwI6/I+no9R2aFVWKZxPo89/xc3lRc:brWW0jnMVpUBuwemQnGP8RqYr1mpbk3 |
| MD5: | A236287C42F921D109475D47E9DCAC2B |
| SHA1: | 6D7C177A0AC3076383669BCE46608EB4B6B787EC |
| SHA-256: | 63AA600A7C914C2D59280069169CC93E750E42C9A1146E238C9128E073D578FD |
| SHA-512: | C325B12235AD77937E3799F1406EB6AA3BC5479BFDFF0EA2F2178FE243E63689AC37BB539ADCBB326B0DE6C09B884771AD57F59184A5B69065682855382ADD8A |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-0DKCV.tmp\file.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 719720 |
| Entropy (8bit): | 6.620042925263483 |
| Encrypted: | false |
| SSDEEP: | 12288:ST+z0ucMr64M+yiwUqfWY/EThHzgOXfpwN9Cu66vLHL1e13XYFU8HtUDsMBPxtFe:FPAeKLL1e6kpqsookesEiU1xJycD4R1z |
| MD5: | 20B6B06BBD211A8ACFE51193653E4167 |
| SHA1: | 817D442B46DD6F35FD9641E0C7262C934ED76848 |
| SHA-256: | 7A16E6ED0C0A49AEB8EA4972600A7A1422C92550602A150634B1C221F79300B4 |
| SHA-512: | 0F0C31D46E7274F28F62AFBBB4A172CB088AF40F6C71A56297B08D83D16548C0A4FDA4CF5F4A29C1445EEDF15FE81FC405E2EB8680F92C744406D031A05A72C8 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-0DKCV.tmp\file.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 499712 |
| Entropy (8bit): | 6.414789978441117 |
| Encrypted: | false |
| SSDEEP: | 12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e |
| MD5: | 561FA2ABB31DFA8FAB762145F81667C2 |
| SHA1: | C8CCB04EEDAC821A13FAE314A2435192860C72B8 |
| SHA-256: | DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B |
| SHA-512: | 7D960AA8E3CCE22D63A6723D7F00C195DE7DE83B877ECA126E339E2D8CC9859E813E05C5C0A5671A75BB717243E9295FD13E5E17D8C6660EB59F5BAEE63A7C43 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-0DKCV.tmp\file.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1471856 |
| Entropy (8bit): | 6.8308189184145665 |
| Encrypted: | false |
| SSDEEP: | 24576:6PQ+KpPa3kPjWWJy+0PX7PM6ZB9In8QmMMWwI6/I+no9R2aFVWKZxPo89/xc3lRc:brWW0jnMVpUBuwemQnGP8RqYr1mpbk3 |
| MD5: | A236287C42F921D109475D47E9DCAC2B |
| SHA1: | 6D7C177A0AC3076383669BCE46608EB4B6B787EC |
| SHA-256: | 63AA600A7C914C2D59280069169CC93E750E42C9A1146E238C9128E073D578FD |
| SHA-512: | C325B12235AD77937E3799F1406EB6AA3BC5479BFDFF0EA2F2178FE243E63689AC37BB539ADCBB326B0DE6C09B884771AD57F59184A5B69065682855382ADD8A |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-0DKCV.tmp\file.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 719720 |
| Entropy (8bit): | 6.620042925263483 |
| Encrypted: | false |
| SSDEEP: | 12288:ST+z0ucMr64M+yiwUqfWY/EThHzgOXfpwN9Cu66vLHL1e13XYFU8HtUDsMBPxtFe:FPAeKLL1e6kpqsookesEiU1xJycD4R1z |
| MD5: | 20B6B06BBD211A8ACFE51193653E4167 |
| SHA1: | 817D442B46DD6F35FD9641E0C7262C934ED76848 |
| SHA-256: | 7A16E6ED0C0A49AEB8EA4972600A7A1422C92550602A150634B1C221F79300B4 |
| SHA-512: | 0F0C31D46E7274F28F62AFBBB4A172CB088AF40F6C71A56297B08D83D16548C0A4FDA4CF5F4A29C1445EEDF15FE81FC405E2EB8680F92C744406D031A05A72C8 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-0DKCV.tmp\file.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 499712 |
| Entropy (8bit): | 6.414789978441117 |
| Encrypted: | false |
| SSDEEP: | 12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e |
| MD5: | 561FA2ABB31DFA8FAB762145F81667C2 |
| SHA1: | C8CCB04EEDAC821A13FAE314A2435192860C72B8 |
| SHA-256: | DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B |
| SHA-512: | 7D960AA8E3CCE22D63A6723D7F00C195DE7DE83B877ECA126E339E2D8CC9859E813E05C5C0A5671A75BB717243E9295FD13E5E17D8C6660EB59F5BAEE63A7C43 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-0DKCV.tmp\file.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 348160 |
| Entropy (8bit): | 6.542655141037356 |
| Encrypted: | false |
| SSDEEP: | 6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E |
| MD5: | 86F1895AE8C5E8B17D99ECE768A70732 |
| SHA1: | D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA |
| SHA-256: | 8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE |
| SHA-512: | 3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-0DKCV.tmp\file.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 392048 |
| Entropy (8bit): | 6.542831007177094 |
| Encrypted: | false |
| SSDEEP: | 6144:1eIwnft+S34NVSTjMFR+oVbKQfbno1/1oz6i2EDSD4I+XdtQXGMiFcoOjAWcIhbl:1eIwnft+S34NVSTQD+oVbKQfrC/1ct25 |
| MD5: | EE856A00410ECED8CC609936D01F954E |
| SHA1: | 705D378626AEC86FECFDF04C86244006BC3AF431 |
| SHA-256: | B6192300D3C1476EF3C25A368D055AA401035E78F9F6DBE5F93C84D36EF1FA62 |
| SHA-512: | 666D731247DAEAE4B57925DFA8CAE845327FD34E0F6B9AAD1BCF471D1800D7E8AF5642A5FB6E0EC58BA3AC7DD98A6D3FE0B473F34C16FFB9985621C98C0463EF |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-0DKCV.tmp\file.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4450 |
| Entropy (8bit): | 4.622538963029862 |
| Encrypted: | false |
| SSDEEP: | 96:xCdWI488RpKUip5m9s+eOIhTgL4cVSQs0Lj2ydQNPYl/JfRfd:0dWI48epKUw5cHIhXcVSQ1Td5P |
| MD5: | ED3EC40A99A875CACC79FAEC4FCA23FD |
| SHA1: | 8E43006886F0DCB89A583AC086C8B46FC3E7CC1D |
| SHA-256: | 7F7C3BF4E7F48469664548C6CF5280049E7B3AA19013E6950A03D2C68AFC142B |
| SHA-512: | 791F85C57BDE4363CC6003F9A8782A2035867748CCAFDBEF9CE93C0ECE4C9EA095ED3B4822351847DA51F051B3E16D15436AC315CDF566F5CC9D5EE43B09C82A |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-0DKCV.tmp\file.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 718497 |
| Entropy (8bit): | 6.514969970877754 |
| Encrypted: | false |
| SSDEEP: | 12288:TTPcYn5c/rPx37/zHBA6a5UeYpChr1CERdSrNdyR623o1a+mxyF2:HPcYn5c/rPx37/zHBA6pFpCZ1CEu23oU |
| MD5: | 15A34E695704C037C2F6F57EC771662F |
| SHA1: | E2422E9572A061B5B5192272EF1D97D3F5019A33 |
| SHA-256: | 21C2374F81205E26AC8383DCF04E9499248B38166ADF8CE1B85F2CD8814B157A |
| SHA-512: | 1D20B0AFB21CBFF8680732A52BCEA1B6A2A05182394AB33DF42D451AE501720C246D3AA6C25E8E2E79A4834CBD959E338C4A00FB05446AFA635935B34342B34C |
| Malicious: | true |
| Preview: |
| Process: | C:\Users\user\Desktop\file.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 707072 |
| Entropy (8bit): | 6.5064730436236395 |
| Encrypted: | false |
| SSDEEP: | 12288:LTPcYn5c/rPx37/zHBA6a5UeYpChr1CERdSrNdyR623o1a+mxyF:PPcYn5c/rPx37/zHBA6pFpCZ1CEu23ot |
| MD5: | FAC4C28483FA3BE6BBCBB9544E768C0B |
| SHA1: | 4297CBDA70F4243C7730B01C3040E8FC37AD76EC |
| SHA-256: | DDFC26937B610C0DC32194E7D1AE23D7B00DF31B80BD44DDED58F7418C866E33 |
| SHA-512: | AC34D6494874BE41E1942B3DC0C31CD550034D0DD2F9C830965900ECB58911C31B4B3B2872DE9139FF094957BF92B8F515764BB4B8D0AC99E715B6DE0D4FB342 |
| Malicious: | true |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-0DKCV.tmp\file.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2560 |
| Entropy (8bit): | 2.8818118453929262 |
| Encrypted: | false |
| SSDEEP: | 24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG |
| MD5: | A69559718AB506675E907FE49DEB71E9 |
| SHA1: | BC8F404FFDB1960B50C12FF9413C893B56F2E36F |
| SHA-256: | 2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC |
| SHA-512: | E52E0AA7FE3F79E36330C455D944653D449BA05B2F9ABEE0914A0910C3452CFA679A40441F9AC696B3CCF9445CBB85095747E86153402FC362BB30AC08249A63 |
| Malicious: | true |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-0DKCV.tmp\file.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 13312 |
| Entropy (8bit): | 5.745960477552938 |
| Encrypted: | false |
| SSDEEP: | 384:BXvhMwoSitz/bjx7yxnbdn+EHvbsHoOODCg:BZ7FEAbd+EDsIO |
| MD5: | A813D18268AFFD4763DDE940246DC7E5 |
| SHA1: | C7366E1FD925C17CC6068001BD38EAEF5B42852F |
| SHA-256: | E19781AABE466DD8779CB9C8FA41BBB73375447066BB34E876CF388A6ED63C64 |
| SHA-512: | B310ED4CD2E94381C00A6A370FCB7CC867EBE425D705B69CAAAAFFDAFBAB91F72D357966916053E72E68ECF712F2AF7585500C58BB53EC3E1D539179FCB45FB4 |
| Malicious: | true |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-0DKCV.tmp\file.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6144 |
| Entropy (8bit): | 4.363359036723334 |
| Encrypted: | false |
| SSDEEP: | 48:SvrzfWvPcXegCPUo1vlZQrAxoONfHFZONfH3d1xCWMBFNL2piSS4k+bkg6j0KHc:+fkcXegaJ/ZAYNzcld1xaX12pTSKvkc |
| MD5: | 526426126AE5D326D0A24706C77D8C5C |
| SHA1: | 68BAEC323767C122F74A269D3AA6D49EB26903DB |
| SHA-256: | B20A8D88C550981137ED831F2015F5F11517AEB649C29642D9D61DEA5EBC37D1 |
| SHA-512: | A2D824FB08BF0B2B2CC0B5E4AF8B13D5BC752EA0D195C6D40FD72AEC05360A3569EADE1749BDAC81CFB075112D0D3CD030D40F629DAF7ABCC243F9D8DCA8BFBE |
| Malicious: | true |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-0DKCV.tmp\file.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 23312 |
| Entropy (8bit): | 4.596242908851566 |
| Encrypted: | false |
| SSDEEP: | 384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4 |
| MD5: | 92DC6EF532FBB4A5C3201469A5B5EB63 |
| SHA1: | 3E89FF837147C16B4E41C30D6C796374E0B8E62C |
| SHA-256: | 9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87 |
| SHA-512: | 9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.997774360776952 |
| TrID: |
|
| File name: | file.exe |
| File size: | 3'466'709 bytes |
| MD5: | 16c1b3c872a490d259d8ccca7cedad11 |
| SHA1: | 3d5ab5e1ad2270dfa7dba9328be6a0b8c867e908 |
| SHA256: | 58dbc61b141b1ba5c957c2a4bf1036a8ff92135ecc88085925e7c2bace660860 |
| SHA512: | ad69f082557cba19632be6ebacb33aba6686fd1e4b1c6ba0e4d9400a3fcaa849e9887241798464dbb2e0f0564a414ef5ccb2bff0aa1060ec028b3e6080930fc1 |
| SSDEEP: | 98304:MP/iDooszUlDcnmtyYdH4UpA99UNPgj/HuT6BJkDpsqd:bDvszIhKUIgPNQJCs+ |
| TLSH: | C1F53340A1EBBCB2D66A8F724D1BC161D5037B014E7266B43DCD839EEB23585854EBF2 |
| File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
 | |
| Icon Hash: | 2d2e3797b32b2b99 |
| Entrypoint: | 0x40a5f8 |
| Entrypoint Section: | CODE |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
| DLL Characteristics: | TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 1 |
| OS Version Minor: | 0 |
| File Version Major: | 1 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 1 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 884310b1928934402ea6fec1dbd3cf5e |
| Instruction |
|---|
| push ebp |
| mov ebp, esp |
| add esp, FFFFFFC4h |
| push ebx |
| push esi |
| push edi |
| xor eax, eax |
| mov dword ptr [ebp-10h], eax |
| mov dword ptr [ebp-24h], eax |
| call 00007F30AC908293h |
| call 00007F30AC90949Ah |
| call 00007F30AC909729h |
| call 00007F30AC9097CCh |
| call 00007F30AC90B76Bh |
| call 00007F30AC90E0D6h |
| call 00007F30AC90E23Dh |
| xor eax, eax |
| push ebp |
| push 0040ACC9h |
| push dword ptr fs:[eax] |
| mov dword ptr fs:[eax], esp |
| xor edx, edx |
| push ebp |
| push 0040AC92h |
| push dword ptr fs:[edx] |
| mov dword ptr fs:[edx], esp |
| mov eax, dword ptr [0040C014h] |
| call 00007F30AC90ECEBh |
| call 00007F30AC90E8D6h |
| cmp byte ptr [0040B234h], 00000000h |
| je 00007F30AC90F7CEh |
| call 00007F30AC90EDE8h |
| xor eax, eax |
| call 00007F30AC908F89h |
| lea edx, dword ptr [ebp-10h] |
| xor eax, eax |
| call 00007F30AC90BD7Bh |
| mov edx, dword ptr [ebp-10h] |
| mov eax, 0040CE28h |
| call 00007F30AC90832Ah |
| push 00000002h |
| push 00000000h |
| push 00000001h |
| mov ecx, dword ptr [0040CE28h] |
| mov dl, 01h |
| mov eax, 0040738Ch |
| call 00007F30AC90C60Ah |
| mov dword ptr [0040CE2Ch], eax |
| xor edx, edx |
| push ebp |
| push 0040AC4Ah |
| push dword ptr fs:[edx] |
| mov dword ptr fs:[edx], esp |
| call 00007F30AC90ED46h |
| mov dword ptr [0040CE34h], eax |
| mov eax, dword ptr [0040CE34h] |
| cmp dword ptr [eax+0Ch], 00000000h |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0xd000 | 0x950 | .idata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x11000 | 0x2c00 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0xf000 | 0x18 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| CODE | 0x1000 | 0x9d30 | 0x9e00 | c3bd95c4b1a8e5199981e0d9b45fd18c | False | 0.6052709651898734 | data | 6.631765876950794 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| DATA | 0xb000 | 0x250 | 0x400 | 1ee71d84f1c77af85f1f5c278f880572 | False | 0.306640625 | data | 2.751820662285145 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| BSS | 0xc000 | 0xe8c | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .idata | 0xd000 | 0x950 | 0xa00 | bb5485bf968b970e5ea81292af2acdba | False | 0.414453125 | data | 4.430733069799036 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .tls | 0xe000 | 0x8 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rdata | 0xf000 | 0x18 | 0x200 | 9ba824905bf9c7922b6fc87a38b74366 | False | 0.052734375 | data | 0.2044881574398449 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
| .reloc | 0x10000 | 0x8c4 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
| .rsrc | 0x11000 | 0x2c00 | 0x2c00 | db2b7f00f65c537f8d7ac4d1f0301e18 | False | 0.3288352272727273 | data | 4.539805835873732 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0x11354 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | Dutch | Netherlands | 0.5675675675675675 |
| RT_ICON | 0x1147c | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 320 | Dutch | Netherlands | 0.4486994219653179 |
| RT_ICON | 0x119e4 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | Dutch | Netherlands | 0.4637096774193548 |
| RT_ICON | 0x11ccc | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1152 | Dutch | Netherlands | 0.3935018050541516 |
| RT_STRING | 0x12574 | 0x2f2 | data | 0.35543766578249336 | ||
| RT_STRING | 0x12868 | 0x30c | data | 0.3871794871794872 | ||
| RT_STRING | 0x12b74 | 0x2ce | data | 0.42618384401114207 | ||
| RT_STRING | 0x12e44 | 0x68 | data | 0.75 | ||
| RT_STRING | 0x12eac | 0xb4 | data | 0.6277777777777778 | ||
| RT_STRING | 0x12f60 | 0xae | data | 0.5344827586206896 | ||
| RT_RCDATA | 0x13010 | 0x2c | data | 1.25 | ||
| RT_GROUP_ICON | 0x1303c | 0x3e | data | English | United States | 0.8387096774193549 |
| RT_VERSION | 0x1307c | 0x4f4 | data | English | United States | 0.2618296529968454 |
| RT_MANIFEST | 0x13570 | 0x5e8 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.4252645502645503 |
| DLL | Import |
|---|---|
| kernel32.dll | DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle |
| user32.dll | MessageBoxA |
| oleaut32.dll | VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen |
| advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA |
| kernel32.dll | WriteFile, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, Sleep, SizeofResource, SetLastError, SetFilePointer, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReadFile, LockResource, LoadResource, LoadLibraryA, IsDBCSLeadByte, GetWindowsDirectoryA, GetVersionExA, GetUserDefaultLangID, GetSystemInfo, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetCurrentProcess, GetCommandLineA, GetACP, InterlockedExchange, FormatMessageA, FindResourceA, DeleteFileA, CreateProcessA, CreateFileA, CreateDirectoryA, CloseHandle |
| user32.dll | TranslateMessage, SetWindowLongA, PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, ExitWindowsEx, DispatchMessageA, DestroyWindow, CreateWindowExA, CallWindowProcA, CharPrevA |
| comctl32.dll | InitCommonControls |
| advapi32.dll | AdjustTokenPrivileges |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| Dutch | Netherlands |  |
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-09-15T13:55:54.665683+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49736 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:55:54.665683+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49736 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:55:57.580967+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49736 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:55:57.580967+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49736 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:55:57.932793+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49736 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:55:57.932793+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49736 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:55:58.740593+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49740 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:55:58.740593+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49740 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:55:59.548731+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49741 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:55:59.548731+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49741 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:00.366296+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49742 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:00.366296+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49742 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:01.201427+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49743 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:01.201427+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49743 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:01.556782+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49743 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:01.556782+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49743 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:02.370326+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49744 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:02.370326+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49744 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:03.236756+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49745 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:03.236756+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49745 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:03.581051+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49745 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:03.581051+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49745 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:03.928369+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49745 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:03.928369+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49745 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:04.742235+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49746 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:04.742235+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49746 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:05.597968+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49747 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:05.597968+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49747 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:06.424544+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49748 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:06.424544+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49748 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:06.771344+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49748 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:06.771344+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49748 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:07.590774+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49749 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:07.590774+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49749 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:08.402041+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49750 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:08.402041+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49750 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:09.212851+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49751 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:09.212851+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49751 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:10.025953+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49752 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:10.025953+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49752 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:10.840863+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49753 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:10.840863+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49753 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:11.653919+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49754 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:11.653919+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49754 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:12.479146+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49755 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:12.479146+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49755 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:13.296919+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49756 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:13.296919+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49756 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:13.652098+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49756 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:13.652098+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49756 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:14.465756+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49757 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:14.465756+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49757 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:15.303053+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49758 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:15.303053+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49758 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:16.120176+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49759 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:16.120176+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49759 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:16.928031+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49760 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:16.928031+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49760 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:17.772303+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49761 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:17.772303+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49761 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:18.615510+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49762 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:18.615510+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49762 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:19.433862+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49763 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:19.433862+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49763 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:20.247297+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49764 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:20.247297+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49764 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:21.052795+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49765 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:21.052795+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49765 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:21.876208+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49766 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:21.876208+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49766 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:22.234210+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49766 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:22.234210+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49766 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:22.583463+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49766 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:22.583463+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49766 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:23.422809+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49767 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:23.422809+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49767 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:23.785208+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49767 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:23.785208+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49767 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:24.608723+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49768 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:24.608723+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49768 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:24.958189+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49768 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:24.958189+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49768 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:25.774256+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49769 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:25.774256+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49769 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:26.595278+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49770 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:26.595278+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49770 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:26.941466+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49770 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:26.941466+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49770 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:27.290490+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49770 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:27.290490+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49770 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:28.091523+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49771 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:28.091523+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49771 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:28.906668+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49772 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:28.906668+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49772 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:29.258690+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49772 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:29.258690+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49772 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:30.081968+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49773 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:30.081968+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49773 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:30.923177+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49774 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:30.923177+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49774 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:31.279978+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49774 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:31.279978+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49774 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:31.629543+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49774 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:31.629543+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49774 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:32.451725+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49775 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:32.451725+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49775 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:33.366497+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49776 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:33.366497+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49776 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:34.200081+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49777 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:34.200081+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49777 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:35.007645+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49778 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:35.007645+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49778 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:35.896889+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49779 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:35.896889+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49779 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:36.718667+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49780 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:36.718667+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49780 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:37.068584+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49780 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:37.068584+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49780 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:37.892510+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49781 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:37.892510+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49781 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:38.735983+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49782 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:38.735983+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49782 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:39.087427+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49782 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:39.087427+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49782 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:39.932334+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49783 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:39.932334+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49783 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:40.779893+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49784 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:40.779893+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49784 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:41.595992+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49785 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:41.595992+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49785 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:41.950046+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49785 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:41.950046+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49785 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:42.793731+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49786 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:42.793731+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49786 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:43.632048+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49787 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:43.632048+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49787 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:44.464711+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49788 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:44.464711+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49788 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:45.302301+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49789 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:45.302301+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49789 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:46.126399+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49790 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:46.126399+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49790 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:46.482038+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49790 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:46.482038+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49790 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:47.293011+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49791 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:47.293011+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49791 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:48.112792+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49792 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:48.112792+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49792 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:48.933845+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49793 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:48.933845+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49793 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:49.760762+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49794 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:49.760762+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49794 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:50.578871+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49795 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:50.578871+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49795 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:51.407828+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49796 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:51.407828+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49796 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:51.759255+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49796 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:51.759255+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49796 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:52.727965+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49797 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:52.727965+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49797 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:53.592994+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49798 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:53.592994+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49798 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:54.409471+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49799 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:54.409471+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49799 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:55.229367+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49800 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:55.229367+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49800 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:56.046244+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49801 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:56.046244+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49801 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:57.144604+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49802 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:57.144604+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49802 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:57.978961+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49803 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:57.978961+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49803 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:58.821593+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49804 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:58.821593+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49804 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:59.665656+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49805 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:56:59.665656+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49805 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:57:00.485041+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49806 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:57:00.485041+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49806 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:57:01.308009+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49807 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:57:01.308009+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49807 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:57:02.154495+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49808 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:57:02.154495+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49808 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:57:03.099744+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49809 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:57:03.099744+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49809 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:57:03.934141+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49810 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:57:03.934141+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49810 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:57:04.745497+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49811 | 185.196.8.214 | 80 | TCP |
| 2024-09-15T13:57:04.745497+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49811 | 185.196.8.214 | 80 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Sep 15, 2024 13:55:53.970256090 CEST | 49736 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:55:53.975142002 CEST | 80 | 49736 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:55:53.975250006 CEST | 49736 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:55:53.975594997 CEST | 49736 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:55:53.980357885 CEST | 80 | 49736 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:55:54.665621042 CEST | 80 | 49736 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:55:54.665683031 CEST | 49736 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:55:54.667258024 CEST | 49737 | 2023 | 192.168.2.4 | 195.154.173.35 |
| Sep 15, 2024 13:55:54.672049046 CEST | 2023 | 49737 | 195.154.173.35 | 192.168.2.4 |
| Sep 15, 2024 13:55:54.672166109 CEST | 49737 | 2023 | 192.168.2.4 | 195.154.173.35 |
| Sep 15, 2024 13:55:54.672216892 CEST | 49737 | 2023 | 192.168.2.4 | 195.154.173.35 |
| Sep 15, 2024 13:55:54.677102089 CEST | 2023 | 49737 | 195.154.173.35 | 192.168.2.4 |
| Sep 15, 2024 13:55:54.677146912 CEST | 49737 | 2023 | 192.168.2.4 | 195.154.173.35 |
| Sep 15, 2024 13:55:54.681870937 CEST | 2023 | 49737 | 195.154.173.35 | 192.168.2.4 |
| Sep 15, 2024 13:55:55.299565077 CEST | 2023 | 49737 | 195.154.173.35 | 192.168.2.4 |
| Sep 15, 2024 13:55:55.342047930 CEST | 49737 | 2023 | 192.168.2.4 | 195.154.173.35 |
| Sep 15, 2024 13:55:57.313724041 CEST | 49736 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:55:57.318629980 CEST | 80 | 49736 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:55:57.580874920 CEST | 80 | 49736 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:55:57.580966949 CEST | 49736 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:55:57.688524008 CEST | 49736 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:55:57.693526030 CEST | 80 | 49736 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:55:57.932581902 CEST | 80 | 49736 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:55:57.932792902 CEST | 49736 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:55:57.933456898 CEST | 49739 | 2023 | 192.168.2.4 | 195.154.173.35 |
| Sep 15, 2024 13:55:57.938313961 CEST | 2023 | 49739 | 195.154.173.35 | 192.168.2.4 |
| Sep 15, 2024 13:55:57.938404083 CEST | 49739 | 2023 | 192.168.2.4 | 195.154.173.35 |
| Sep 15, 2024 13:55:57.938505888 CEST | 49739 | 2023 | 192.168.2.4 | 195.154.173.35 |
| Sep 15, 2024 13:55:57.938549995 CEST | 49739 | 2023 | 192.168.2.4 | 195.154.173.35 |
| Sep 15, 2024 13:55:57.943367958 CEST | 2023 | 49739 | 195.154.173.35 | 192.168.2.4 |
| Sep 15, 2024 13:55:57.987855911 CEST | 2023 | 49739 | 195.154.173.35 | 192.168.2.4 |
| Sep 15, 2024 13:55:58.049624920 CEST | 49736 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:55:58.050338984 CEST | 49740 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:55:58.055031061 CEST | 80 | 49736 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:55:58.055129051 CEST | 49736 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:55:58.055277109 CEST | 80 | 49740 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:55:58.055360079 CEST | 49740 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:55:58.055557966 CEST | 49740 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:55:58.060379982 CEST | 80 | 49740 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:55:58.382786989 CEST | 2023 | 49739 | 195.154.173.35 | 192.168.2.4 |
| Sep 15, 2024 13:55:58.382926941 CEST | 49739 | 2023 | 192.168.2.4 | 195.154.173.35 |
| Sep 15, 2024 13:55:58.740447998 CEST | 80 | 49740 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:55:58.740592957 CEST | 49740 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:55:58.861794949 CEST | 49740 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:55:58.862215996 CEST | 49741 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:55:58.866930962 CEST | 80 | 49740 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:55:58.867063046 CEST | 80 | 49741 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:55:58.867063999 CEST | 49740 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:55:58.867175102 CEST | 49741 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:55:58.867314100 CEST | 49741 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:55:58.872111082 CEST | 80 | 49741 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:55:59.548640966 CEST | 80 | 49741 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:55:59.548731089 CEST | 49741 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:55:59.673401117 CEST | 49741 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:55:59.673733950 CEST | 49742 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:55:59.678659916 CEST | 80 | 49742 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:55:59.678700924 CEST | 80 | 49741 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:55:59.678754091 CEST | 49742 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:55:59.678788900 CEST | 49741 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:55:59.678982973 CEST | 49742 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:55:59.683851004 CEST | 80 | 49742 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:00.366180897 CEST | 80 | 49742 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:00.366296053 CEST | 49742 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:00.485258102 CEST | 49742 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:00.485690117 CEST | 49743 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:00.490575075 CEST | 80 | 49743 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:00.490709066 CEST | 80 | 49742 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:00.490732908 CEST | 49743 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:00.490784883 CEST | 49742 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:00.490936041 CEST | 49743 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:00.495765924 CEST | 80 | 49743 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:01.201309919 CEST | 80 | 49743 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:01.201426983 CEST | 49743 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:01.315649033 CEST | 49743 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:01.320740938 CEST | 80 | 49743 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:01.556662083 CEST | 80 | 49743 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:01.556782007 CEST | 49743 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:01.672616005 CEST | 49743 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:01.673003912 CEST | 49744 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:01.677937031 CEST | 80 | 49744 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:01.678039074 CEST | 49744 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:01.678134918 CEST | 80 | 49743 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:01.678194046 CEST | 49743 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:01.678262949 CEST | 49744 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:01.683202028 CEST | 80 | 49744 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:02.366827011 CEST | 80 | 49744 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:02.370326042 CEST | 49744 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:02.536416054 CEST | 49744 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:02.536812067 CEST | 49745 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:02.541802883 CEST | 80 | 49745 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:02.542212009 CEST | 80 | 49744 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:02.542419910 CEST | 49745 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:02.542422056 CEST | 49744 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:02.545629978 CEST | 49745 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:02.550554991 CEST | 80 | 49745 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:03.236615896 CEST | 80 | 49745 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:03.236756086 CEST | 49745 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:03.345135927 CEST | 49745 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:03.350255013 CEST | 80 | 49745 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:03.580848932 CEST | 80 | 49745 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:03.581051111 CEST | 49745 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:03.689874887 CEST | 49745 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:03.695060015 CEST | 80 | 49745 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:03.928208113 CEST | 80 | 49745 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:03.928369045 CEST | 49745 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:04.047982931 CEST | 49745 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:04.048280954 CEST | 49746 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:04.053278923 CEST | 80 | 49746 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:04.053364038 CEST | 49746 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:04.053483963 CEST | 49746 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:04.053585052 CEST | 80 | 49745 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:04.053646088 CEST | 49745 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:04.058955908 CEST | 80 | 49746 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:04.742130995 CEST | 80 | 49746 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:04.742234945 CEST | 49746 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:04.875997066 CEST | 49746 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:04.876355886 CEST | 49747 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:04.881299973 CEST | 80 | 49747 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:04.881427050 CEST | 49747 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:04.881597996 CEST | 80 | 49746 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:04.881669998 CEST | 49746 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:04.883038044 CEST | 49747 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:04.889784098 CEST | 80 | 49747 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:05.597886086 CEST | 80 | 49747 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:05.597968102 CEST | 49747 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:05.720179081 CEST | 49747 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:05.720807076 CEST | 49748 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:05.727164030 CEST | 80 | 49747 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:05.727277994 CEST | 49747 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:05.727444887 CEST | 80 | 49748 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:05.727648973 CEST | 49748 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:05.727824926 CEST | 49748 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:05.734410048 CEST | 80 | 49748 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:06.424293995 CEST | 80 | 49748 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:06.424544096 CEST | 49748 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:06.534006119 CEST | 49748 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:06.538954020 CEST | 80 | 49748 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:06.771215916 CEST | 80 | 49748 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:06.771343946 CEST | 49748 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:06.892852068 CEST | 49748 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:06.893297911 CEST | 49749 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:06.898322105 CEST | 80 | 49748 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:06.898369074 CEST | 80 | 49749 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:06.898411989 CEST | 49748 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:06.898482084 CEST | 49749 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:06.898751974 CEST | 49749 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:06.903542042 CEST | 80 | 49749 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:07.590563059 CEST | 80 | 49749 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:07.590774059 CEST | 49749 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:07.705492020 CEST | 49749 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:07.706000090 CEST | 49750 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:07.714018106 CEST | 80 | 49749 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:07.714036942 CEST | 80 | 49750 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:07.714076042 CEST | 49749 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:07.714133978 CEST | 49750 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:07.714313030 CEST | 49750 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:07.719124079 CEST | 80 | 49750 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:08.401971102 CEST | 80 | 49750 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:08.402040958 CEST | 49750 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:08.518445969 CEST | 49750 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:08.518893957 CEST | 49751 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:08.523823023 CEST | 80 | 49751 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:08.523927927 CEST | 49751 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:08.524120092 CEST | 49751 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:08.524246931 CEST | 80 | 49750 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:08.524434090 CEST | 49750 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:08.528908014 CEST | 80 | 49751 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:09.212583065 CEST | 80 | 49751 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:09.212851048 CEST | 49751 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:09.330565929 CEST | 49751 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:09.330996037 CEST | 49752 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:09.336255074 CEST | 80 | 49752 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:09.336302996 CEST | 80 | 49751 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:09.336502075 CEST | 49751 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:09.336513996 CEST | 49752 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:09.336709976 CEST | 49752 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:09.341650963 CEST | 80 | 49752 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:10.025723934 CEST | 80 | 49752 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:10.025953054 CEST | 49752 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:10.141976118 CEST | 49752 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:10.142250061 CEST | 49753 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:10.147150040 CEST | 80 | 49753 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:10.147217989 CEST | 80 | 49752 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:10.147258997 CEST | 49753 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:10.147294998 CEST | 49752 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:10.147408962 CEST | 49753 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:10.152301073 CEST | 80 | 49753 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:10.840734005 CEST | 80 | 49753 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:10.840862989 CEST | 49753 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:10.954138041 CEST | 49753 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:10.954449892 CEST | 49754 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:10.959408998 CEST | 80 | 49754 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:10.959476948 CEST | 80 | 49753 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:10.959497929 CEST | 49754 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:10.959523916 CEST | 49753 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:10.959708929 CEST | 49754 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:10.964562893 CEST | 80 | 49754 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:11.653692961 CEST | 80 | 49754 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:11.653918982 CEST | 49754 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:11.766719103 CEST | 49754 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:11.767035961 CEST | 49755 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:11.771902084 CEST | 80 | 49755 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:11.771984100 CEST | 49755 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:11.772097111 CEST | 80 | 49754 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:11.772145033 CEST | 49754 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:11.772224903 CEST | 49755 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:11.777048111 CEST | 80 | 49755 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:12.479068995 CEST | 80 | 49755 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:12.479146004 CEST | 49755 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:12.594526052 CEST | 49755 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:12.594782114 CEST | 49756 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:12.599718094 CEST | 80 | 49756 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:12.599822044 CEST | 49756 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:12.599955082 CEST | 49756 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:12.599967957 CEST | 80 | 49755 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:12.600039959 CEST | 49755 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:12.604849100 CEST | 80 | 49756 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:13.296746016 CEST | 80 | 49756 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:13.296919107 CEST | 49756 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:13.409562111 CEST | 49756 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:13.414802074 CEST | 80 | 49756 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:13.651885033 CEST | 80 | 49756 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:13.652097940 CEST | 49756 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:13.773152113 CEST | 49756 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:13.773571014 CEST | 49757 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:13.778626919 CEST | 80 | 49756 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:13.778669119 CEST | 80 | 49757 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:13.778722048 CEST | 49756 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:13.778775930 CEST | 49757 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:13.778920889 CEST | 49757 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:13.783827066 CEST | 80 | 49757 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:14.465457916 CEST | 80 | 49757 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:14.465755939 CEST | 49757 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:14.579989910 CEST | 49757 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:14.580347061 CEST | 49758 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:14.585212946 CEST | 80 | 49758 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:14.585283041 CEST | 80 | 49757 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:14.585298061 CEST | 49758 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:14.585359097 CEST | 49757 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:14.585882902 CEST | 49758 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:14.590693951 CEST | 80 | 49758 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:15.302892923 CEST | 80 | 49758 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:15.303052902 CEST | 49758 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:15.422678947 CEST | 49758 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:15.423053026 CEST | 49759 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:15.427990913 CEST | 80 | 49759 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:15.428047895 CEST | 80 | 49758 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:15.428112030 CEST | 49759 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:15.428138018 CEST | 49758 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:15.428392887 CEST | 49759 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:15.433223009 CEST | 80 | 49759 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:16.120045900 CEST | 80 | 49759 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:16.120176077 CEST | 49759 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:16.241445065 CEST | 49759 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:16.241946936 CEST | 49760 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:16.246958971 CEST | 80 | 49759 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:16.247005939 CEST | 80 | 49760 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:16.247081995 CEST | 49759 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:16.247168064 CEST | 49760 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:16.247484922 CEST | 49760 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:16.252465010 CEST | 80 | 49760 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:16.927876949 CEST | 80 | 49760 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:16.928030968 CEST | 49760 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:17.049168110 CEST | 49760 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:17.049606085 CEST | 49761 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:17.054694891 CEST | 80 | 49760 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:17.054789066 CEST | 80 | 49761 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:17.054794073 CEST | 49760 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:17.054862022 CEST | 49761 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:17.055031061 CEST | 49761 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:17.060067892 CEST | 80 | 49761 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:17.772099972 CEST | 80 | 49761 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:17.772303104 CEST | 49761 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:17.893956900 CEST | 49761 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:17.894296885 CEST | 49762 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:17.899250031 CEST | 80 | 49762 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:17.899286032 CEST | 80 | 49761 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:17.899389982 CEST | 49761 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:17.899409056 CEST | 49762 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:17.899636030 CEST | 49762 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:17.904490948 CEST | 80 | 49762 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:18.615401030 CEST | 80 | 49762 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:18.615509987 CEST | 49762 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:18.736823082 CEST | 49762 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:18.737297058 CEST | 49763 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:18.742985964 CEST | 80 | 49762 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:18.743027925 CEST | 80 | 49763 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:18.743097067 CEST | 49762 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:18.743168116 CEST | 49763 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:18.743433952 CEST | 49763 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:18.748198032 CEST | 80 | 49763 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:19.433630943 CEST | 80 | 49763 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:19.433861971 CEST | 49763 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:19.549262047 CEST | 49763 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:19.549714088 CEST | 49764 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:19.554634094 CEST | 80 | 49763 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:19.554699898 CEST | 80 | 49764 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:19.554728031 CEST | 49763 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:19.554804087 CEST | 49764 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:19.554986954 CEST | 49764 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:19.559849977 CEST | 80 | 49764 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:20.247206926 CEST | 80 | 49764 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:20.247297049 CEST | 49764 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:20.361754894 CEST | 49764 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:20.362232924 CEST | 49765 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:20.367013931 CEST | 80 | 49764 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:20.367121935 CEST | 49764 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:20.367206097 CEST | 80 | 49765 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:20.367292881 CEST | 49765 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:20.367489100 CEST | 49765 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:20.373533964 CEST | 80 | 49765 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:21.052726030 CEST | 80 | 49765 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:21.052794933 CEST | 49765 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:21.174496889 CEST | 49765 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:21.174925089 CEST | 49766 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:21.179910898 CEST | 80 | 49765 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:21.179954052 CEST | 80 | 49766 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:21.180001974 CEST | 49765 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:21.180061102 CEST | 49766 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:21.180286884 CEST | 49766 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:21.185164928 CEST | 80 | 49766 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:21.876090050 CEST | 80 | 49766 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:21.876208067 CEST | 49766 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:21.987179041 CEST | 49766 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:21.992230892 CEST | 80 | 49766 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:22.234103918 CEST | 80 | 49766 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:22.234210014 CEST | 49766 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:22.346745968 CEST | 49766 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:22.351717949 CEST | 80 | 49766 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:22.583301067 CEST | 80 | 49766 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:22.583462954 CEST | 49766 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:22.706028938 CEST | 49766 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:22.706454992 CEST | 49767 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:22.711247921 CEST | 80 | 49766 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:22.711293936 CEST | 80 | 49767 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:22.711374998 CEST | 49766 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:22.711488008 CEST | 49767 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:22.711821079 CEST | 49767 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:22.716634035 CEST | 80 | 49767 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:23.422576904 CEST | 80 | 49767 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:23.422808886 CEST | 49767 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:23.544405937 CEST | 49767 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:23.549525023 CEST | 80 | 49767 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:23.785114050 CEST | 80 | 49767 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:23.785207987 CEST | 49767 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:23.908493996 CEST | 49767 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:23.909109116 CEST | 49768 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:23.913903952 CEST | 80 | 49767 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:23.914031029 CEST | 49767 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:23.914133072 CEST | 80 | 49768 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:23.914201021 CEST | 49768 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:23.914382935 CEST | 49768 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:23.919244051 CEST | 80 | 49768 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:24.608568907 CEST | 80 | 49768 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:24.608722925 CEST | 49768 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:24.721180916 CEST | 49768 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:24.726418972 CEST | 80 | 49768 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:24.958019972 CEST | 80 | 49768 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:24.958189011 CEST | 49768 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:25.080939054 CEST | 49768 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:25.081393003 CEST | 49769 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:25.086473942 CEST | 80 | 49769 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:25.086560011 CEST | 80 | 49768 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:25.086668968 CEST | 49768 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:25.086678982 CEST | 49769 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:25.086882114 CEST | 49769 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:25.091881037 CEST | 80 | 49769 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:25.774142981 CEST | 80 | 49769 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:25.774255991 CEST | 49769 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:25.891844988 CEST | 49769 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:25.892205954 CEST | 49770 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:25.897110939 CEST | 80 | 49770 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:25.897219896 CEST | 49770 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:25.897320032 CEST | 49770 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:25.897448063 CEST | 80 | 49769 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:25.897499084 CEST | 49769 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:25.902189016 CEST | 80 | 49770 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:26.595196009 CEST | 80 | 49770 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:26.595278025 CEST | 49770 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:26.704250097 CEST | 49770 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:26.709275961 CEST | 80 | 49770 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:26.941339970 CEST | 80 | 49770 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:26.941466093 CEST | 49770 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:27.047930002 CEST | 49770 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:27.052867889 CEST | 80 | 49770 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:27.290354013 CEST | 80 | 49770 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:27.290489912 CEST | 49770 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:27.407430887 CEST | 49770 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:27.407885075 CEST | 49771 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:27.412625074 CEST | 80 | 49770 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:27.412686110 CEST | 49770 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:27.412733078 CEST | 80 | 49771 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:27.412858009 CEST | 49771 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:27.413038015 CEST | 49771 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:27.417834044 CEST | 80 | 49771 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:28.091331959 CEST | 80 | 49771 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:28.091522932 CEST | 49771 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:28.204449892 CEST | 49771 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:28.204855919 CEST | 49772 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:28.209553957 CEST | 80 | 49771 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:28.209640026 CEST | 49771 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:28.209722042 CEST | 80 | 49772 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:28.209786892 CEST | 49772 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:28.209939003 CEST | 49772 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:28.214767933 CEST | 80 | 49772 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:28.906548977 CEST | 80 | 49772 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:28.906667948 CEST | 49772 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:29.016910076 CEST | 49772 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:29.021831036 CEST | 80 | 49772 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:29.258594990 CEST | 80 | 49772 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:29.258690119 CEST | 49772 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:29.376456976 CEST | 49772 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:29.376851082 CEST | 49773 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:29.381805897 CEST | 80 | 49773 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:29.381925106 CEST | 49773 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:29.381977081 CEST | 80 | 49772 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:29.382031918 CEST | 49772 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:29.382143974 CEST | 49773 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:29.386908054 CEST | 80 | 49773 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:30.081876993 CEST | 80 | 49773 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:30.081968069 CEST | 49773 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:30.219573975 CEST | 49773 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:30.219887018 CEST | 49774 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:30.224802971 CEST | 80 | 49774 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:30.224900961 CEST | 49774 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:30.224922895 CEST | 80 | 49773 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:30.224973917 CEST | 49773 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:30.225095987 CEST | 49774 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:30.229917049 CEST | 80 | 49774 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:30.922903061 CEST | 80 | 49774 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:30.923177004 CEST | 49774 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:31.033176899 CEST | 49774 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:31.038808107 CEST | 80 | 49774 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:31.279489994 CEST | 80 | 49774 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:31.279978037 CEST | 49774 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:31.391963959 CEST | 49774 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:31.397167921 CEST | 80 | 49774 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:31.629300117 CEST | 80 | 49774 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:31.629543066 CEST | 49774 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:31.751550913 CEST | 49774 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:31.751946926 CEST | 49775 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:31.758021116 CEST | 80 | 49775 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:31.758147955 CEST | 49775 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:31.758198023 CEST | 80 | 49774 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:31.758235931 CEST | 49775 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:31.758255959 CEST | 49774 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:31.764174938 CEST | 80 | 49775 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:32.447911978 CEST | 80 | 49775 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:32.451725006 CEST | 49775 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:32.663362980 CEST | 49775 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:32.666594028 CEST | 49776 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:32.668749094 CEST | 80 | 49775 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:32.670562983 CEST | 49775 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:32.671648026 CEST | 80 | 49776 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:32.674129963 CEST | 49776 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:32.674302101 CEST | 49776 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:32.679146051 CEST | 80 | 49776 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:33.366411924 CEST | 80 | 49776 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:33.366497040 CEST | 49776 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:33.485491991 CEST | 49776 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:33.485861063 CEST | 49777 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:33.490767002 CEST | 80 | 49777 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:33.490825891 CEST | 80 | 49776 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:33.490864038 CEST | 49777 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:33.490871906 CEST | 49776 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:33.491055012 CEST | 49777 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:33.495845079 CEST | 80 | 49777 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:34.199765921 CEST | 80 | 49777 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:34.200081110 CEST | 49777 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:34.315903902 CEST | 49777 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:34.316261053 CEST | 49778 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:34.321547031 CEST | 80 | 49778 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:34.321654081 CEST | 49778 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:34.321768999 CEST | 49778 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:34.321907997 CEST | 80 | 49777 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:34.321978092 CEST | 49777 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:34.327153921 CEST | 80 | 49778 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:35.007534981 CEST | 80 | 49778 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:35.007644892 CEST | 49778 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:35.198472977 CEST | 49778 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:35.198856115 CEST | 49779 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:35.203738928 CEST | 80 | 49779 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:35.203804970 CEST | 49779 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:35.203867912 CEST | 80 | 49778 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:35.203916073 CEST | 49778 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:35.210097075 CEST | 49779 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:35.214890003 CEST | 80 | 49779 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:35.896727085 CEST | 80 | 49779 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:35.896888971 CEST | 49779 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:36.016688108 CEST | 49779 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:36.017044067 CEST | 49780 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:36.022393942 CEST | 80 | 49779 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:36.022414923 CEST | 80 | 49780 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:36.022489071 CEST | 49779 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:36.022526026 CEST | 49780 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:36.022664070 CEST | 49780 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:36.027621984 CEST | 80 | 49780 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:36.718580961 CEST | 80 | 49780 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:36.718667030 CEST | 49780 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:36.829334021 CEST | 49780 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:36.834399939 CEST | 80 | 49780 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:37.066749096 CEST | 80 | 49780 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:37.068583965 CEST | 49780 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:37.193337917 CEST | 49780 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:37.193684101 CEST | 49781 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:37.198688030 CEST | 80 | 49780 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:37.198755026 CEST | 80 | 49781 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:37.198777914 CEST | 49780 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:37.198848009 CEST | 49781 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:37.198996067 CEST | 49781 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:37.204000950 CEST | 80 | 49781 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:37.892420053 CEST | 80 | 49781 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:37.892509937 CEST | 49781 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:38.023269892 CEST | 49781 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:38.023611069 CEST | 49782 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:38.028934002 CEST | 80 | 49782 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:38.028980970 CEST | 80 | 49781 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:38.029031992 CEST | 49782 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:38.029067993 CEST | 49781 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:38.029206991 CEST | 49782 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:38.034704924 CEST | 80 | 49782 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:38.735704899 CEST | 80 | 49782 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:38.735982895 CEST | 49782 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:38.846863985 CEST | 49782 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:38.853403091 CEST | 80 | 49782 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:39.087316036 CEST | 80 | 49782 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:39.087426901 CEST | 49782 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:39.204190016 CEST | 49782 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:39.204528093 CEST | 49783 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:39.213248968 CEST | 80 | 49782 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:39.213293076 CEST | 80 | 49783 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:39.213428974 CEST | 49782 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:39.213485956 CEST | 49783 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:39.213638067 CEST | 49783 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:39.223054886 CEST | 80 | 49783 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:39.932142019 CEST | 80 | 49783 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:39.932333946 CEST | 49783 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:40.047702074 CEST | 49783 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:40.048178911 CEST | 49784 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:40.053498983 CEST | 80 | 49784 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:40.053586006 CEST | 80 | 49783 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:40.053649902 CEST | 49784 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:40.053683043 CEST | 49783 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:40.053845882 CEST | 49784 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:40.058814049 CEST | 80 | 49784 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:40.779686928 CEST | 80 | 49784 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:40.779892921 CEST | 49784 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:40.891763926 CEST | 49784 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:40.892076969 CEST | 49785 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:40.897053957 CEST | 80 | 49785 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:40.897123098 CEST | 49785 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:40.897142887 CEST | 80 | 49784 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:40.897243023 CEST | 49784 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:40.897407055 CEST | 49785 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:40.911461115 CEST | 80 | 49785 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:41.595905066 CEST | 80 | 49785 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:41.595992088 CEST | 49785 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:41.709767103 CEST | 49785 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:41.717469931 CEST | 80 | 49785 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:41.949868917 CEST | 80 | 49785 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:41.950046062 CEST | 49785 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:42.067629099 CEST | 49785 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:42.068077087 CEST | 49786 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:42.072876930 CEST | 80 | 49785 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:42.072999954 CEST | 80 | 49786 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:42.073005915 CEST | 49785 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:42.073061943 CEST | 49786 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:42.073271990 CEST | 49786 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:42.078099966 CEST | 80 | 49786 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:42.790877104 CEST | 80 | 49786 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:42.793730974 CEST | 49786 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:42.908479929 CEST | 49786 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:42.908926010 CEST | 49787 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:42.914424896 CEST | 80 | 49787 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:42.914551020 CEST | 80 | 49786 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:42.914638996 CEST | 49787 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:42.914774895 CEST | 49786 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:42.914905071 CEST | 49787 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:42.919771910 CEST | 80 | 49787 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:43.631731033 CEST | 80 | 49787 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:43.632047892 CEST | 49787 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:43.761377096 CEST | 49787 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:43.761609077 CEST | 49788 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:43.767091036 CEST | 80 | 49788 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:43.767406940 CEST | 49788 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:43.767550945 CEST | 80 | 49787 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:43.767630100 CEST | 49788 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:43.767777920 CEST | 49787 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:43.772768021 CEST | 80 | 49788 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:44.464615107 CEST | 80 | 49788 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:44.464710951 CEST | 49788 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:44.580192089 CEST | 49788 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:44.580708027 CEST | 49789 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:44.585481882 CEST | 80 | 49788 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:44.585556030 CEST | 49788 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:44.585653067 CEST | 80 | 49789 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:44.585728884 CEST | 49789 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:44.585840940 CEST | 49789 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:44.590660095 CEST | 80 | 49789 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:45.302161932 CEST | 80 | 49789 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:45.302300930 CEST | 49789 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:45.423994064 CEST | 49789 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:45.424457073 CEST | 49790 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:45.429526091 CEST | 80 | 49789 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:45.429569006 CEST | 80 | 49790 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:45.429708958 CEST | 49789 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:45.429750919 CEST | 49790 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:45.429924011 CEST | 49790 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:45.434928894 CEST | 80 | 49790 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:46.126235962 CEST | 80 | 49790 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:46.126399040 CEST | 49790 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:46.240503073 CEST | 49790 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:46.249373913 CEST | 80 | 49790 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:46.481950998 CEST | 80 | 49790 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:46.482038021 CEST | 49790 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:46.594940901 CEST | 49790 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:46.595108986 CEST | 49791 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:46.600123882 CEST | 80 | 49791 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:46.600200891 CEST | 49791 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:46.600306988 CEST | 49791 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:46.600495100 CEST | 80 | 49790 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:46.600555897 CEST | 49790 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:46.609793901 CEST | 80 | 49791 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:47.292912006 CEST | 80 | 49791 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:47.293010950 CEST | 49791 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:47.408509970 CEST | 49791 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:47.408881903 CEST | 49792 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:47.413841963 CEST | 80 | 49791 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:47.413928032 CEST | 49791 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:47.413960934 CEST | 80 | 49792 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:47.414031982 CEST | 49792 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:47.414215088 CEST | 49792 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:47.419377089 CEST | 80 | 49792 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:48.112646103 CEST | 80 | 49792 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:48.112792015 CEST | 49792 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:48.237128019 CEST | 49792 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:48.237514019 CEST | 49793 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:48.242482901 CEST | 80 | 49793 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:48.242600918 CEST | 49793 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:48.242753983 CEST | 49793 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:48.242793083 CEST | 80 | 49792 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:48.242856979 CEST | 49792 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:48.247665882 CEST | 80 | 49793 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:48.933758020 CEST | 80 | 49793 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:48.933845043 CEST | 49793 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:49.054286003 CEST | 49793 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:49.054619074 CEST | 49794 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:49.059748888 CEST | 80 | 49794 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:49.059847116 CEST | 49794 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:49.059900045 CEST | 80 | 49793 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:49.059937000 CEST | 49794 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:49.059959888 CEST | 49793 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:49.065651894 CEST | 80 | 49794 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:49.760507107 CEST | 80 | 49794 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:49.760761976 CEST | 49794 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:49.877603054 CEST | 49794 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:49.877918959 CEST | 49795 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:49.883080006 CEST | 80 | 49795 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:49.883183956 CEST | 49795 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:49.883285046 CEST | 80 | 49794 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:49.883342981 CEST | 49794 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:49.883380890 CEST | 49795 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:49.888533115 CEST | 80 | 49795 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:50.578775883 CEST | 80 | 49795 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:50.578871012 CEST | 49795 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:50.688133001 CEST | 49795 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:50.688543081 CEST | 49796 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:50.693557978 CEST | 80 | 49796 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:50.693759918 CEST | 49796 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:50.693924904 CEST | 80 | 49795 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:50.693933964 CEST | 49796 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:50.694133043 CEST | 49795 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:50.698868036 CEST | 80 | 49796 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:51.407538891 CEST | 80 | 49796 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:51.407828093 CEST | 49796 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:51.518273115 CEST | 49796 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:51.524291992 CEST | 80 | 49796 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:51.758948088 CEST | 80 | 49796 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:51.759254932 CEST | 49796 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:51.877836943 CEST | 49796 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:51.878289938 CEST | 49797 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:52.028184891 CEST | 80 | 49797 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:52.028341055 CEST | 80 | 49796 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:52.028372049 CEST | 49797 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:52.028410912 CEST | 49796 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:52.030684948 CEST | 49797 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:52.035810947 CEST | 80 | 49797 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:52.727859974 CEST | 80 | 49797 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:52.727965117 CEST | 49797 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:52.877513885 CEST | 49797 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:52.877929926 CEST | 49798 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:52.891829967 CEST | 80 | 49798 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:52.891998053 CEST | 49798 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:52.892306089 CEST | 49798 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:52.892333031 CEST | 80 | 49797 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:52.892394066 CEST | 49797 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:52.897593021 CEST | 80 | 49798 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:53.592663050 CEST | 80 | 49798 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:53.592993975 CEST | 49798 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:53.706767082 CEST | 49798 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:53.707107067 CEST | 49799 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:53.712338924 CEST | 80 | 49799 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:53.712382078 CEST | 80 | 49798 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:53.712446928 CEST | 49799 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:53.712477922 CEST | 49798 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:53.712709904 CEST | 49799 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:53.717556953 CEST | 80 | 49799 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:54.409368038 CEST | 80 | 49799 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:54.409471035 CEST | 49799 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:54.533638000 CEST | 49799 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:54.534080982 CEST | 49800 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:54.538918018 CEST | 80 | 49799 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:54.539015055 CEST | 49799 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:54.539030075 CEST | 80 | 49800 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:54.539112091 CEST | 49800 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:54.539236069 CEST | 49800 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:54.544017076 CEST | 80 | 49800 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:55.229031086 CEST | 80 | 49800 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:55.229367018 CEST | 49800 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:55.354495049 CEST | 49800 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:55.354794025 CEST | 49801 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:55.360155106 CEST | 80 | 49800 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:55.360241890 CEST | 80 | 49801 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:55.360249996 CEST | 49800 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:55.360430002 CEST | 49801 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:55.360553026 CEST | 49801 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:55.365660906 CEST | 80 | 49801 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:56.046024084 CEST | 80 | 49801 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:56.046243906 CEST | 49801 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:56.158643961 CEST | 49801 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:56.159094095 CEST | 49802 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:56.164012909 CEST | 80 | 49802 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:56.164122105 CEST | 80 | 49801 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:56.164246082 CEST | 49801 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:56.164268017 CEST | 49802 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:56.164783955 CEST | 49802 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:56.169783115 CEST | 80 | 49802 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:57.144510984 CEST | 80 | 49802 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:57.144603968 CEST | 49802 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:57.274286985 CEST | 49802 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:57.274880886 CEST | 49803 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:57.279917002 CEST | 80 | 49802 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:57.279978991 CEST | 49802 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:57.280175924 CEST | 80 | 49803 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:57.280246973 CEST | 49803 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:57.280400991 CEST | 49803 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:57.285964012 CEST | 80 | 49803 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:57.978821993 CEST | 80 | 49803 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:57.978960991 CEST | 49803 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:58.098865032 CEST | 49803 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:58.099327087 CEST | 49804 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:58.104177952 CEST | 80 | 49803 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:58.104268074 CEST | 80 | 49804 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:58.104269981 CEST | 49803 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:58.104343891 CEST | 49804 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:58.104554892 CEST | 49804 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:58.109451056 CEST | 80 | 49804 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:58.821500063 CEST | 80 | 49804 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:58.821593046 CEST | 49804 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:58.944987059 CEST | 49804 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:58.945664883 CEST | 49805 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:58.950685978 CEST | 80 | 49805 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:58.950831890 CEST | 49805 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:58.951037884 CEST | 49805 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:58.951042891 CEST | 80 | 49804 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:58.951127052 CEST | 49804 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:58.955905914 CEST | 80 | 49805 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:59.665563107 CEST | 80 | 49805 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:59.665656090 CEST | 49805 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:59.788395882 CEST | 49805 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:59.788783073 CEST | 49806 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:59.793629885 CEST | 80 | 49806 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:59.793704033 CEST | 80 | 49805 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:56:59.793709040 CEST | 49806 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:59.793800116 CEST | 49805 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:59.793934107 CEST | 49806 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:56:59.798773050 CEST | 80 | 49806 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:57:00.484935999 CEST | 80 | 49806 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:57:00.485040903 CEST | 49806 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:00.599776030 CEST | 49806 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:00.600264072 CEST | 49807 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:00.605060101 CEST | 80 | 49806 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:57:00.605091095 CEST | 80 | 49807 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:57:00.605146885 CEST | 49806 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:00.605221033 CEST | 49807 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:00.609174013 CEST | 49807 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:00.614077091 CEST | 80 | 49807 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:57:01.307682991 CEST | 80 | 49807 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:57:01.308008909 CEST | 49807 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:01.432687998 CEST | 49807 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:01.433319092 CEST | 49808 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:01.438909054 CEST | 80 | 49807 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:57:01.438966036 CEST | 49807 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:01.439100981 CEST | 80 | 49808 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:57:01.439182997 CEST | 49808 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:01.439431906 CEST | 49808 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:01.444737911 CEST | 80 | 49808 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:57:02.154284954 CEST | 80 | 49808 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:57:02.154495001 CEST | 49808 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:02.398813963 CEST | 49808 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:02.403659105 CEST | 49809 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:02.404014111 CEST | 80 | 49808 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:57:02.407942057 CEST | 49808 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:02.411052942 CEST | 80 | 49809 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:57:02.412765980 CEST | 49809 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:02.413309097 CEST | 49809 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:02.418195009 CEST | 80 | 49809 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:57:03.097340107 CEST | 80 | 49809 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:57:03.099744081 CEST | 49809 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:03.238223076 CEST | 49809 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:03.239012957 CEST | 49810 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:03.245857954 CEST | 80 | 49810 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:57:03.245987892 CEST | 80 | 49809 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:57:03.246062994 CEST | 49809 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:03.246062994 CEST | 49810 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:03.246504068 CEST | 49810 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:03.251283884 CEST | 80 | 49810 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:57:03.934073925 CEST | 80 | 49810 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:57:03.934140921 CEST | 49810 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:04.054775953 CEST | 49810 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:04.055100918 CEST | 49811 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:04.060233116 CEST | 80 | 49810 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:57:04.060260057 CEST | 80 | 49811 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:57:04.060307980 CEST | 49810 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:04.060344934 CEST | 49811 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:04.060467005 CEST | 49811 | 80 | 192.168.2.4 | 185.196.8.214 |
| Sep 15, 2024 13:57:04.065464973 CEST | 80 | 49811 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:57:04.745443106 CEST | 80 | 49811 | 185.196.8.214 | 192.168.2.4 |
| Sep 15, 2024 13:57:04.745496988 CEST | 49811 | 80 | 192.168.2.4 | 185.196.8.214 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Sep 15, 2024 13:55:53.821142912 CEST | 63385 | 53 | 192.168.2.4 | 152.89.198.214 |
| Sep 15, 2024 13:55:53.864814997 CEST | 53 | 63385 | 152.89.198.214 | 192.168.2.4 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Sep 15, 2024 13:55:53.821142912 CEST | 192.168.2.4 | 152.89.198.214 | 0x3f33 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Sep 15, 2024 13:55:53.864814997 CEST | 152.89.198.214 | 192.168.2.4 | 0x3f33 | No error (0) | 185.196.8.214 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49736 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:55:53.975594997 CEST | 318 | OUT | |
| Sep 15, 2024 13:55:54.665621042 CEST | 576 | IN | |
| Sep 15, 2024 13:55:57.313724041 CEST | 326 | OUT | |
| Sep 15, 2024 13:55:57.580874920 CEST | 220 | IN | |
| Sep 15, 2024 13:55:57.688524008 CEST | 326 | OUT | |
| Sep 15, 2024 13:55:57.932581902 CEST | 431 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49740 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:55:58.055557966 CEST | 326 | OUT | |
| Sep 15, 2024 13:55:58.740447998 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 49741 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:55:58.867314100 CEST | 326 | OUT | |
| Sep 15, 2024 13:55:59.548640966 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.4 | 49742 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:55:59.678982973 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:00.366180897 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.4 | 49743 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:00.490936041 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:01.201309919 CEST | 220 | IN | |
| Sep 15, 2024 13:56:01.315649033 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:01.556662083 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.4 | 49744 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:01.678262949 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:02.366827011 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.4 | 49745 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:02.545629978 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:03.236615896 CEST | 220 | IN | |
| Sep 15, 2024 13:56:03.345135927 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:03.580848932 CEST | 220 | IN | |
| Sep 15, 2024 13:56:03.689874887 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:03.928208113 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.4 | 49746 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:04.053483963 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:04.742130995 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.4 | 49747 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:04.883038044 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:05.597886086 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.4 | 49748 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:05.727824926 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:06.424293995 CEST | 220 | IN | |
| Sep 15, 2024 13:56:06.534006119 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:06.771215916 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.4 | 49749 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:06.898751974 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:07.590563059 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.4 | 49750 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:07.714313030 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:08.401971102 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.4 | 49751 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:08.524120092 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:09.212583065 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.4 | 49752 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:09.336709976 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:10.025723934 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.4 | 49753 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:10.147408962 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:10.840734005 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.4 | 49754 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:10.959708929 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:11.653692961 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.4 | 49755 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:11.772224903 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:12.479068995 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 17 | 192.168.2.4 | 49756 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:12.599955082 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:13.296746016 CEST | 220 | IN | |
| Sep 15, 2024 13:56:13.409562111 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:13.651885033 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 18 | 192.168.2.4 | 49757 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:13.778920889 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:14.465457916 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 19 | 192.168.2.4 | 49758 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:14.585882902 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:15.302892923 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 20 | 192.168.2.4 | 49759 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:15.428392887 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:16.120045900 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 21 | 192.168.2.4 | 49760 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:16.247484922 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:16.927876949 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 22 | 192.168.2.4 | 49761 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:17.055031061 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:17.772099972 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 23 | 192.168.2.4 | 49762 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:17.899636030 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:18.615401030 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 24 | 192.168.2.4 | 49763 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:18.743433952 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:19.433630943 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 25 | 192.168.2.4 | 49764 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:19.554986954 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:20.247206926 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 26 | 192.168.2.4 | 49765 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:20.367489100 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:21.052726030 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 27 | 192.168.2.4 | 49766 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:21.180286884 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:21.876090050 CEST | 220 | IN | |
| Sep 15, 2024 13:56:21.987179041 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:22.234103918 CEST | 220 | IN | |
| Sep 15, 2024 13:56:22.346745968 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:22.583301067 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 28 | 192.168.2.4 | 49767 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:22.711821079 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:23.422576904 CEST | 220 | IN | |
| Sep 15, 2024 13:56:23.544405937 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:23.785114050 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 29 | 192.168.2.4 | 49768 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:23.914382935 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:24.608568907 CEST | 220 | IN | |
| Sep 15, 2024 13:56:24.721180916 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:24.958019972 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 30 | 192.168.2.4 | 49769 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:25.086882114 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:25.774142981 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 31 | 192.168.2.4 | 49770 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:25.897320032 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:26.595196009 CEST | 220 | IN | |
| Sep 15, 2024 13:56:26.704250097 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:26.941339970 CEST | 220 | IN | |
| Sep 15, 2024 13:56:27.047930002 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:27.290354013 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 32 | 192.168.2.4 | 49771 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:27.413038015 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:28.091331959 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 33 | 192.168.2.4 | 49772 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:28.209939003 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:28.906548977 CEST | 220 | IN | |
| Sep 15, 2024 13:56:29.016910076 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:29.258594990 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 34 | 192.168.2.4 | 49773 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:29.382143974 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:30.081876993 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 35 | 192.168.2.4 | 49774 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:30.225095987 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:30.922903061 CEST | 220 | IN | |
| Sep 15, 2024 13:56:31.033176899 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:31.279489994 CEST | 220 | IN | |
| Sep 15, 2024 13:56:31.391963959 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:31.629300117 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 36 | 192.168.2.4 | 49775 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:31.758235931 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:32.447911978 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 37 | 192.168.2.4 | 49776 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:32.674302101 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:33.366411924 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 38 | 192.168.2.4 | 49777 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:33.491055012 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:34.199765921 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 39 | 192.168.2.4 | 49778 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:34.321768999 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:35.007534981 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 40 | 192.168.2.4 | 49779 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:35.210097075 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:35.896727085 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 41 | 192.168.2.4 | 49780 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:36.022664070 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:36.718580961 CEST | 220 | IN | |
| Sep 15, 2024 13:56:36.829334021 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:37.066749096 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 42 | 192.168.2.4 | 49781 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:37.198996067 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:37.892420053 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 43 | 192.168.2.4 | 49782 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:38.029206991 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:38.735704899 CEST | 220 | IN | |
| Sep 15, 2024 13:56:38.846863985 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:39.087316036 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 44 | 192.168.2.4 | 49783 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:39.213638067 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:39.932142019 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 45 | 192.168.2.4 | 49784 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:40.053845882 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:40.779686928 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 46 | 192.168.2.4 | 49785 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:40.897407055 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:41.595905066 CEST | 220 | IN | |
| Sep 15, 2024 13:56:41.709767103 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:41.949868917 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 47 | 192.168.2.4 | 49786 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:42.073271990 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:42.790877104 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 48 | 192.168.2.4 | 49787 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:42.914905071 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:43.631731033 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 49 | 192.168.2.4 | 49788 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:43.767630100 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:44.464615107 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 50 | 192.168.2.4 | 49789 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:44.585840940 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:45.302161932 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 51 | 192.168.2.4 | 49790 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:45.429924011 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:46.126235962 CEST | 220 | IN | |
| Sep 15, 2024 13:56:46.240503073 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:46.481950998 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 52 | 192.168.2.4 | 49791 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:46.600306988 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:47.292912006 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 53 | 192.168.2.4 | 49792 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:47.414215088 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:48.112646103 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 54 | 192.168.2.4 | 49793 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:48.242753983 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:48.933758020 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 55 | 192.168.2.4 | 49794 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:49.059937000 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:49.760507107 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 56 | 192.168.2.4 | 49795 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:49.883380890 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:50.578775883 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 57 | 192.168.2.4 | 49796 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:50.693933964 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:51.407538891 CEST | 220 | IN | |
| Sep 15, 2024 13:56:51.518273115 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:51.758948088 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 58 | 192.168.2.4 | 49797 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:52.030684948 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:52.727859974 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 59 | 192.168.2.4 | 49798 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:52.892306089 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:53.592663050 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 60 | 192.168.2.4 | 49799 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:53.712709904 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:54.409368038 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 61 | 192.168.2.4 | 49800 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:54.539236069 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:55.229031086 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 62 | 192.168.2.4 | 49801 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:55.360553026 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:56.046024084 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 63 | 192.168.2.4 | 49802 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:56.164783955 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:57.144510984 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 64 | 192.168.2.4 | 49803 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:57.280400991 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:57.978821993 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 65 | 192.168.2.4 | 49804 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:58.104554892 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:58.821500063 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 66 | 192.168.2.4 | 49805 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:58.951037884 CEST | 326 | OUT | |
| Sep 15, 2024 13:56:59.665563107 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 67 | 192.168.2.4 | 49806 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:56:59.793934107 CEST | 326 | OUT | |
| Sep 15, 2024 13:57:00.484935999 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 68 | 192.168.2.4 | 49807 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:57:00.609174013 CEST | 326 | OUT | |
| Sep 15, 2024 13:57:01.307682991 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 69 | 192.168.2.4 | 49808 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:57:01.439431906 CEST | 326 | OUT | |
| Sep 15, 2024 13:57:02.154284954 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 70 | 192.168.2.4 | 49809 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:57:02.413309097 CEST | 326 | OUT | |
| Sep 15, 2024 13:57:03.097340107 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 71 | 192.168.2.4 | 49810 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:57:03.246504068 CEST | 326 | OUT | |
| Sep 15, 2024 13:57:03.934073925 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 72 | 192.168.2.4 | 49811 | 185.196.8.214 | 80 | 1800 | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 15, 2024 13:57:04.060467005 CEST | 326 | OUT | |
| Sep 15, 2024 13:57:04.745443106 CEST | 220 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 07:54:59 |
| Start date: | 15/09/2024 |
| Path: | C:\Users\user\Desktop\file.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 3'466'709 bytes |
| MD5 hash: | 16C1B3C872A490D259D8CCCA7CEDAD11 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | false |
| Target ID: | 1 |
| Start time: | 07:54:59 |
| Start date: | 15/09/2024 |
| Path: | C:\Users\user\AppData\Local\Temp\is-0DKCV.tmp\file.tmp |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 707'072 bytes |
| MD5 hash: | FAC4C28483FA3BE6BBCBB9544E768C0B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | false |
| Target ID: | 2 |
| Start time: | 07:55:00 |
| Start date: | 15/09/2024 |
| Path: | C:\Users\user\AppData\Local\Free Programing TV\freeprogramingtv32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 2'674'102 bytes |
| MD5 hash: | EF7530E4B883531FD823363CAE0463A0 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Antivirus matches: |
|
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 21.5% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 2.4% |
| Total number of Nodes: | 1521 |
| Total number of Limit Nodes: | 22 |
Graph
Function 00409B78 Relevance: 7.6, APIs: 5, Instructions: 78memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040520C Relevance: 1.5, APIs: 1, Instructions: 29COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040457C Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 27libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004090A4 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004099EC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77processCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401918 Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A814 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A82F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407749 Relevance: 3.3, APIs: 2, Instructions: 284fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401FD4 Relevance: 3.1, APIs: 2, Instructions: 122COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406FA0 Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040766C Relevance: 3.0, APIs: 2, Instructions: 30COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040762C Relevance: 3.0, APIs: 2, Instructions: 30fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004075C4 Relevance: 3.0, APIs: 2, Instructions: 24COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401430 Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405280 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407576 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407578 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004069DC Relevance: 1.5, APIs: 1, Instructions: 29COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004076C8 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407284 Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004076AC Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406FFB Relevance: 1.5, APIs: 1, Instructions: 10COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407017 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406970 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407F10 Relevance: 1.3, APIs: 1, Instructions: 62memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401658 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407548 Relevance: 1.3, APIs: 1, Instructions: 20COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407EB8 Relevance: 1.3, APIs: 1, Instructions: 15COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00409448 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41shutdownCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00409C34 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405258 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004026C4 Relevance: 1.5, APIs: 1, Instructions: 20timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405CF4 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040840C Relevance: .5, Instructions: 545COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407024 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 86registrylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403A97 Relevance: 15.1, APIs: 10, Instructions: 122fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004019DC Relevance: 9.1, APIs: 6, Instructions: 59COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403D02 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 72windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004036B8 Relevance: 7.6, APIs: 5, Instructions: 55memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406E10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 113registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00409C88 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004094D8 Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 15.6% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 4.9% |
| Total number of Nodes: | 2000 |
| Total number of Limit Nodes: | 54 |
Graph
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042E09C Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 178memorylibraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004502C0 Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 45libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00423C0C Relevance: 21.4, APIs: 14, Instructions: 395COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004673A4 Relevance: 15.7, APIs: 4, Strings: 4, Instructions: 1656windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00452A60 Relevance: 3.0, APIs: 2, Instructions: 45fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046E13C Relevance: 3.0, APIs: 2, Instructions: 28comCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408568 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00423B84 Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045559C Relevance: 1.5, APIs: 1, Instructions: 20COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042F520 Relevance: 1.5, APIs: 1, Instructions: 17nativeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046F1A8 Relevance: 72.2, APIs: 1, Strings: 40, Instructions: 500registryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0049299C Relevance: 56.4, APIs: 16, Strings: 16, Instructions: 431sleepCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00483BD0 Relevance: 26.3, APIs: 9, Strings: 6, Instructions: 68libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00468DA4 Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 155registryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00423874 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 98windowregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0047CFCC Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 95libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040631C Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 27libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00467180 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 141windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042F560 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 90windowregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004531F0 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00430940 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 23registryclipboardthreadCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042368C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 96windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00418F38 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 55threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041363C Relevance: 9.1, APIs: 6, Instructions: 60COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004556D8 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 142registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042DE44 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 32registrylibraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00454DD4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 102libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042ED38 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 55libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00455A10 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 41registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004722A8 Relevance: 6.3, APIs: 4, Instructions: 272fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0047FE4C Relevance: 6.1, APIs: 4, Instructions: 147fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00421274 Relevance: 6.1, APIs: 4, Instructions: 127windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00416B42 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004230C8 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004019CC Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040626C Relevance: 6.0, APIs: 4, Instructions: 11memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042DC00 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 113registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004840DC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0047C72C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046EF94 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042DE1C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004570B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 11libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046CE48 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00481DD0 Relevance: 4.6, APIs: 3, Instructions: 98windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004243FC Relevance: 4.6, APIs: 3, Instructions: 59windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00416644 Relevance: 4.5, APIs: 3, Instructions: 39COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041EE54 Relevance: 4.5, APIs: 3, Instructions: 27windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0047C648 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39registryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046F004 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0047E5C8 Relevance: 3.2, APIs: 2, Instructions: 160windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402088 Relevance: 3.1, APIs: 2, Instructions: 122COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004527E8 Relevance: 3.1, APIs: 2, Instructions: 60processCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040ADD8 Relevance: 3.1, APIs: 2, Instructions: 51COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041EEA4 Relevance: 3.0, APIs: 2, Instructions: 49threadCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00452C80 Relevance: 3.0, APIs: 2, Instructions: 48fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00452770 Relevance: 3.0, APIs: 2, Instructions: 43COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042323C Relevance: 3.0, APIs: 2, Instructions: 35COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042E394 Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0047C9DF Relevance: 3.0, APIs: 2, Instructions: 26COMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004508F8 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004014E4 Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004085DC Relevance: 1.6, APIs: 1, Instructions: 99COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041FB9C Relevance: 1.6, APIs: 1, Instructions: 65COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046C4A8 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00441394 Relevance: 1.5, APIs: 1, Instructions: 36fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00416550 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004149B4 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004507C4 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042CCCC Relevance: 1.5, APIs: 1, Instructions: 29COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042E8C8 Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004062E8 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00454BF8 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041467C Relevance: 1.5, APIs: 1, Instructions: 23COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406F10 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042364C Relevance: 1.5, APIs: 1, Instructions: 22COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004242C4 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00466B40 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042CD24 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406EC0 Relevance: 1.5, APIs: 1, Instructions: 14fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045092C Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004072A8 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042E3EF Relevance: 1.5, APIs: 1, Instructions: 10COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004165EC Relevance: 1.5, APIs: 1, Instructions: 4COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00448728 Relevance: 1.4, APIs: 1, Instructions: 158COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0047DEEC Relevance: 1.4, APIs: 1, Instructions: 157COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041F3C4 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00452FC4 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040170C Relevance: 1.3, APIs: 1, Instructions: 48COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406F48 Relevance: 1.3, APIs: 1, Instructions: 3COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041F118 Relevance: 45.6, APIs: 15, Strings: 11, Instructions: 87libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004585C8 Relevance: 40.4, APIs: 11, Strings: 12, Instructions: 186pipeprocessfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00418384 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 58windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004555E4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41shutdownCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045D188 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 34libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004981F8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 90fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00457594 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 241windownativeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00455E0C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 112libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00417CD0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00464158 Relevance: 7.6, APIs: 5, Instructions: 129fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00463CDC Relevance: 7.6, APIs: 5, Instructions: 129fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042E934 Relevance: 7.6, APIs: 5, Instructions: 50fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00483A90 Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00462750 Relevance: 4.6, APIs: 3, Instructions: 67fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004241DC Relevance: 4.5, APIs: 3, Instructions: 32windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00417CCE Relevance: 3.0, APIs: 2, Instructions: 49windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00417598 Relevance: 3.0, APIs: 2, Instructions: 44windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00424194 Relevance: 3.0, APIs: 2, Instructions: 22windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004125D8 Relevance: 1.7, APIs: 1, Instructions: 188nativeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00478C14 Relevance: 1.6, APIs: 1, Instructions: 107nativeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045D23C Relevance: 1.5, APIs: 1, Instructions: 12COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045D254 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 10001130 Relevance: .1, Instructions: 55COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 10001000 Relevance: .0, Instructions: 2COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044B658 Relevance: 166.5, APIs: 48, Strings: 47, Instructions: 252libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00456638 Relevance: 26.6, APIs: 4, Strings: 11, Instructions: 310comCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00498524 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 251synchronizationCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045CBC0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 182libraryloadermemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00454874 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 244registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00459458 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 165registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00458A44 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 70sleepsynchronizationCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00454528 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 228registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00496DA4 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 141fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042E418 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 86registrylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004629F0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 82libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042F188 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 82libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00458C1C Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 127pipeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00456D20 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 99libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404ABF Relevance: 15.1, APIs: 10, Instructions: 122fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004819A8 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 175windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045D2B4 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 41libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044D178 Relevance: 13.6, APIs: 9, Instructions: 90COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041B66C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 144windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041B93C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 142windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00496648 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90sleepsynchronizationthreadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0047034C Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 89registrywindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00462E30 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 75windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004784C4 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66libraryfileloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00429480 Relevance: 12.1, APIs: 8, Instructions: 62COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041DE24 Relevance: 12.1, APIs: 8, Instructions: 60windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00476DA4 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 200windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004116F4 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 158windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004572DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046B478 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 99sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00477DC0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 92windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00459784 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 86libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041C148 Relevance: 10.6, APIs: 7, Instructions: 70windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00418C54 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00483DC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 61registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041B462 Relevance: 10.6, APIs: 7, Instructions: 57windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00495480 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 47libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045D688 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 33libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042EA1C Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 30libraryloaderwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044C7DC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 28libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00478D74 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 14libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041B508 Relevance: 9.1, APIs: 6, Instructions: 113windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041BD8C Relevance: 9.1, APIs: 6, Instructions: 71COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401A90 Relevance: 9.1, APIs: 6, Instructions: 59COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0047E8AC Relevance: 9.1, APIs: 6, Instructions: 57COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041B270 Relevance: 9.0, APIs: 6, Instructions: 43COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004538BC Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 100fileCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042EAA8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042E9AC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00477CE8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderthreadCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00416C2C Relevance: 7.6, APIs: 5, Instructions: 104COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00414800 Relevance: 7.6, APIs: 5, Instructions: 102COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004297CC Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041BBB8 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403CA4 Relevance: 7.6, APIs: 5, Instructions: 55memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004143E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406FA4 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 156shareCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00416410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89registryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404D2A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00456BFC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00457154 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00478840 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55windowkeyboardCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00459364 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00483D18 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042D8F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042EB54 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044F744 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00498ABC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004645F4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 8libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0047D7D0 Relevance: 6.2, APIs: 4, Instructions: 195fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00413CF8 Relevance: 6.1, APIs: 4, Instructions: 107COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408A54 Relevance: 6.1, APIs: 4, Instructions: 95windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044E8C4 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00495A78 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00417218 Relevance: 6.1, APIs: 4, Instructions: 72COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00495730 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00454F7C Relevance: 6.1, APIs: 4, Instructions: 54COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040D010 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0047CE9C Relevance: 6.0, APIs: 4, Instructions: 35sleepCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00478358 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00424240 Relevance: 6.0, APIs: 4, Instructions: 26windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0047A36C Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 210registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00476500 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 105timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00478FEC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 86registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00450168 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004964F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042DD64 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56registryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00455674 Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 10.3% |
| Dynamic/Decrypted Code Coverage: | 83.9% |
| Signature Coverage: | 1.7% |
| Total number of Nodes: | 2000 |
| Total number of Limit Nodes: | 37 |
Graph
Function 02B972A7 Relevance: 74.2, APIs: 29, Strings: 13, Instructions: 659networksleepfileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B96487 Relevance: 68.5, APIs: 34, Strings: 5, Instructions: 228memorysleeplibraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00401B4B Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 74libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02B9F8DA Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 87libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B9F7D6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 100fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02B9641D Relevance: 68.5, APIs: 34, Strings: 5, Instructions: 251memorylibraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B91CF8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 105synchronizationCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B94D86 Relevance: 16.8, APIs: 11, Instructions: 256COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02B926DB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92timeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B92B95 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 132networkCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B97B7F Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 125sleepCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B929EE Relevance: 7.6, APIs: 5, Instructions: 79networkCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B91BA7 Relevance: 7.6, APIs: 5, Instructions: 75COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00402D60 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02B92EDD Relevance: 6.0, APIs: 4, Instructions: 49networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B92DB5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B92AC7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B9353E Relevance: 4.6, APIs: 3, Instructions: 127COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B9369A Relevance: 4.6, APIs: 3, Instructions: 60COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02BA2030 Relevance: 4.5, APIs: 3, Instructions: 42threadCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B91AA9 Relevance: 4.5, APIs: 3, Instructions: 18networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004021DD Relevance: 4.5, APIs: 3, Instructions: 13timeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02B94BED Relevance: 3.1, APIs: 2, Instructions: 137COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B92D39 Relevance: 3.0, APIs: 2, Instructions: 50networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B9831D Relevance: 3.0, APIs: 2, Instructions: 32networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004039F0 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004024FE Relevance: 3.0, APIs: 2, Instructions: 15timeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B4CA Relevance: 3.0, APIs: 2, Instructions: 6registryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02B95119 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02BCE1D3 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02BCE0FE Relevance: 1.7, APIs: 1, Instructions: 158fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02C03737 Relevance: 1.6, APIs: 1, Instructions: 103fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02BD2E02 Relevance: 1.6, APIs: 1, Instructions: 90fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02B9E8F4 Relevance: 1.6, APIs: 1, Instructions: 75COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02BD64D9 Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02B933B2 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B9E484 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B9E263 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00402544 Relevance: 1.5, APIs: 1, Instructions: 9registryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B174 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040258B Relevance: 1.5, APIs: 1, Instructions: 9registryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402212 Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B5BD Relevance: 1.5, APIs: 1, Instructions: 8fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040229B Relevance: 1.5, APIs: 1, Instructions: 5COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402784 Relevance: 1.5, APIs: 1, Instructions: 3registryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B1B2 Relevance: 1.5, APIs: 1, Instructions: 3registryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02BA20A0 Relevance: 1.3, APIs: 1, Instructions: 43COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00402573 Relevance: 1.3, APIs: 1, Instructions: 32stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004022A1 Relevance: 1.3, APIs: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402344 Relevance: 1.3, APIs: 1, Instructions: 11memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B160 Relevance: 1.3, APIs: 1, Instructions: 6sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B219 Relevance: 1.3, APIs: 1, Instructions: 5sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040265E Relevance: 6.0, APIs: 4, Instructions: 23serviceCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02BA08B8 Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004021E9 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02B924E1 Relevance: 21.2, APIs: 14, Instructions: 173COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004023B3 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 75registrysynchronizationthreadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02B93423 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 94libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00405408 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 50libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403C59 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 100fileCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004058D5 Relevance: 13.7, APIs: 9, Instructions: 177COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02BA1550 Relevance: 10.6, APIs: 7, Instructions: 132COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B92081 Relevance: 10.6, APIs: 7, Instructions: 116timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02BA1662 Relevance: 10.6, APIs: 7, Instructions: 107synchronizationCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00404618 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 102memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02BA5CD4 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02BA3404 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02BA34D9 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02BB55C0 Relevance: 9.3, APIs: 6, Instructions: 276COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00405B24 Relevance: 9.1, APIs: 6, Instructions: 117COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02B91C91 Relevance: 9.0, APIs: 6, Instructions: 39synchronizationthreadinjectionCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02BA1870 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 66COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B94030 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004036D0 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B9207C Relevance: 7.6, APIs: 5, Instructions: 98timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B9E02B Relevance: 7.6, APIs: 5, Instructions: 92COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B921D5 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B92298 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B92420 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B91EC7 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02BA0800 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 179windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B930AE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02BA3A8F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00403E3A Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 265memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02BA36F0 Relevance: 6.1, APIs: 4, Instructions: 136COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02B93D7E Relevance: 6.1, APIs: 4, Instructions: 57networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B9239D Relevance: 6.1, APIs: 4, Instructions: 52COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B9247D Relevance: 6.0, APIs: 4, Instructions: 38COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B92004 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B91E26 Relevance: 6.0, APIs: 4, Instructions: 30COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040475C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 27memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02B9959C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02B919C2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040446C Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|