Edit tour
Windows
Analysis Report
g1kWKm20Z5.exe
Overview
General Information
| Sample name: | g1kWKm20Z5.exerenamed because original name is a hash value |
| Original sample name: | 6b3ef3a90ba62f467b95d06765ab128bfec21ea012fd4f1e0927ca0d09169d86.exe |
| Analysis ID: | 1555041 |
| MD5: | 33f4cf8b4c1f6c07e80c74669d31021b |
| SHA1: | a2d722720565ab8659c066aaf693f5b2ad8fb3d3 |
| SHA256: | 6b3ef3a90ba62f467b95d06765ab128bfec21ea012fd4f1e0927ca0d09169d86 |
| Tags: | 94-158-244-69exeuser-JAMESWT_MHT |
| Infos: |  |
 | |
Detection
LummaC Stealer
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to hide a thread from the debugger
Delayed program exit found
Found API chain indicative of debugger detection
Found evasive API chain (may stop execution after checking computer name)
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Machine Learning detection for sample
Query firmware table information (likely to detect VMs)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Enables driver privileges
Found evasive API chain (date check)
Found evasive API chain (may stop execution after accessing registry keys)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
One or more processes crash
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match
Classification
- System is w10x64
g1kWKm20Z5.exe (PID: 1352 cmdline: "C:\Users\ user\Deskt op\g1kWKm2 0Z5.exe" MD5: 33F4CF8B4C1F6C07E80C74669D31021B) 
WerFault.exe (PID: 4248 cmdline: C:\Windows \SysWOW64\ WerFault.e xe -u -p 1 352 -s 170 8 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
{"C2 url": "http://94.158.244.69/c2sock", "Build Version": "LummaC2, Build 20233101"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_LummaCStealer_1 | Yara detected LummaC Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security | ||
| Windows_Trojan_Smokeloader_3687686f | unknown | unknown |
| |
| Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
| JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security | ||
| Click to see the 4 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security |
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-13T10:51:46.541425+0100 | 2022930 | 1 | A Network Trojan was detected | 20.109.210.53 | 443 | 192.168.2.4 | 49730 | TCP |
| 2024-11-13T10:52:24.735108+0100 | 2022930 | 1 | A Network Trojan was detected | 20.109.210.53 | 443 | 192.168.2.4 | 49877 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-13T10:51:06.084853+0100 | 2043206 | 1 | A Network Trojan was detected | 192.168.2.4 | 49736 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:51:06.084853+0100 | 2043206 | 1 | A Network Trojan was detected | 192.168.2.4 | 49944 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:52:08.509327+0100 | 2043206 | 1 | A Network Trojan was detected | 192.168.2.4 | 49743 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:52:17.471003+0100 | 2043206 | 1 | A Network Trojan was detected | 192.168.2.4 | 49793 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:52:26.456597+0100 | 2043206 | 1 | A Network Trojan was detected | 192.168.2.4 | 49844 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:52:35.200891+0100 | 2043206 | 1 | A Network Trojan was detected | 192.168.2.4 | 49895 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:52:53.502274+0100 | 2043206 | 1 | A Network Trojan was detected | 192.168.2.4 | 49991 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:52:54.285809+0100 | 2043206 | 1 | A Network Trojan was detected | 192.168.2.4 | 50010 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:53:11.490787+0100 | 2043206 | 1 | A Network Trojan was detected | 192.168.2.4 | 50011 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:53:20.255945+0100 | 2043206 | 1 | A Network Trojan was detected | 192.168.2.4 | 50012 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:53:29.154805+0100 | 2043206 | 1 | A Network Trojan was detected | 192.168.2.4 | 50013 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:53:37.909184+0100 | 2043206 | 1 | A Network Trojan was detected | 192.168.2.4 | 50014 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:53:46.703991+0100 | 2043206 | 1 | A Network Trojan was detected | 192.168.2.4 | 50015 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:53:55.471170+0100 | 2043206 | 1 | A Network Trojan was detected | 192.168.2.4 | 50016 | 94.158.244.69 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-13T10:52:54.285809+0100 | 2843864 | 1 | A Network Trojan was detected | 192.168.2.4 | 50010 | 94.158.244.69 | 80 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Code function: | 0_2_004052D9 | |
Compliance | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Static PE information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Code function: | 0_2_00451FBC | |
| Source: | Code function: | 0_2_02382223 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | URLs: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
System Summary | |
|---|
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Process Stats: | ||
| Source: | Code function: | 0_2_0040B81C | |
| Source: | Code function: | 0_2_00422177 | |
| Source: | Code function: | 0_2_0040A928 | |
| Source: | Code function: | 0_2_0040B129 | |
| Source: | Code function: | 0_2_0042F1C2 | |
| Source: | Code function: | 0_2_0041F9A4 | |
| Source: | Code function: | 0_2_004244E4 | |
| Source: | Code function: | 0_2_004224A3 | |
| Source: | Code function: | 0_2_004245EC | |
| Source: | Code function: | 0_2_00421EEB | |
| Source: | Code function: | 0_2_0040B7BB | |
| Source: | Code function: | 0_2_0040B7F5 | |
| Source: | Code function: | 0_2_0040B81C | |
| Source: | Code function: | 0_2_0042C0DA | |
| Source: | Code function: | 0_2_00434080 | |
| Source: | Code function: | 0_2_0040E14E | |
| Source: | Code function: | 0_2_0040A928 | |
| Source: | Code function: | 0_2_0040B129 | |
| Source: | Code function: | 0_2_0042B9C5 | |
| Source: | Code function: | 0_2_004069A1 | |
| Source: | Code function: | 0_2_0041F9A4 | |
| Source: | Code function: | 0_2_0041C270 | |
| Source: | Code function: | 0_2_0042F278 | |
| Source: | Code function: | 0_2_0040620B | |
| Source: | Code function: | 0_2_00430228 | |
| Source: | Code function: | 0_2_004052D9 | |
| Source: | Code function: | 0_2_00436ADC | |
| Source: | Code function: | 0_2_00405AAA | |
| Source: | Code function: | 0_2_0043B362 | |
| Source: | Code function: | 0_2_00402476 | |
| Source: | Code function: | 0_2_0042FD35 | |
| Source: | Code function: | 0_2_0042AD82 | |
| Source: | Code function: | 0_2_0042D658 | |
| Source: | Code function: | 0_2_00430E6C | |
| Source: | Code function: | 0_2_00438E28 | |
| Source: | Code function: | 0_2_0042CFBA | |
| Source: | Code function: | 0_2_0041204D | |
| Source: | Code function: | 0_2_00441057 | |
| Source: | Code function: | 0_2_00415070 | |
| Source: | Code function: | 0_2_00448800 | |
| Source: | Code function: | 0_2_0043D8D0 | |
| Source: | Code function: | 0_2_0041E083 | |
| Source: | Code function: | 0_2_0044915B | |
| Source: | Code function: | 0_2_0045D15A | |
| Source: | Code function: | 0_2_0041316D | |
| Source: | Code function: | 0_2_0040112C | |
| Source: | Code function: | 0_2_004279E0 | |
| Source: | Code function: | 0_2_0041D1E9 | |
| Source: | Code function: | 0_2_004109FC | |
| Source: | Code function: | 0_2_0040D994 | |
| Source: | Code function: | 0_2_0044F244 | |
| Source: | Code function: | 0_2_0041AA49 | |
| Source: | Code function: | 0_2_0041B251 | |
| Source: | Code function: | 0_2_00429A5B | |
| Source: | Code function: | 0_2_00410218 | |
| Source: | Code function: | 0_2_00410A33 | |
| Source: | Code function: | 0_2_00414A83 | |
| Source: | Code function: | 0_2_0044234A | |
| Source: | Code function: | 0_2_0040136E | |
| Source: | Code function: | 0_2_00457B30 | |
| Source: | Code function: | 0_2_00428334 | |
| Source: | Code function: | 0_2_0041EBEB | |
| Source: | Code function: | 0_2_00415C7E | |
| Source: | Code function: | 0_2_00418413 | |
| Source: | Code function: | 0_2_0043A4FE | |
| Source: | Code function: | 0_2_00424C8D | |
| Source: | Code function: | 0_2_0043BCA4 | |
| Source: | Code function: | 0_2_00416548 | |
| Source: | Code function: | 0_2_00439535 | |
| Source: | Code function: | 0_2_0041764A | |
| Source: | Code function: | 0_2_0043D600 | |
| Source: | Code function: | 0_2_004126B9 | |
| Source: | Code function: | 0_2_00429730 | |
| Source: | Code function: | 0_2_00434FAC | |
| Source: | Code function: | 0_2_0235D221 | |
| Source: | Code function: | 0_2_02365213 | |
| Source: | Code function: | 0_2_02378A67 | |
| Source: | Code function: | 0_2_023422B4 | |
| Source: | Code function: | 0_2_023712BE | |
| Source: | Code function: | 0_2_0233BA83 | |
| Source: | Code function: | 0_2_023642E7 | |
| Source: | Code function: | 0_2_0234E2EA | |
| Source: | Code function: | 0_2_023452D7 | |
| Source: | Code function: | 0_2_02359ADA | |
| Source: | Code function: | 0_2_0236DB37 | |
| Source: | Code function: | 0_2_0235C341 | |
| Source: | Code function: | 0_2_0233E3B5 | |
| Source: | Code function: | 0_2_0233B390 | |
| Source: | Code function: | 0_2_0233AB8F | |
| Source: | Code function: | 0_2_023603F5 | |
| Source: | Code function: | 0_2_0233DBFB | |
| Source: | Code function: | 0_2_023433D4 | |
| Source: | Code function: | 0_2_023793C2 | |
| Source: | Code function: | 0_2_0238D3C1 | |
| Source: | Code function: | 0_2_023478B1 | |
| Source: | Code function: | 0_2_0235D8BF | |
| Source: | Code function: | 0_2_0236908F | |
| Source: | Code function: | 0_2_023610D3 | |
| Source: | Code function: | 0_2_02342920 | |
| Source: | Code function: | 0_2_02359997 | |
| Source: | Code function: | 0_2_0234EE52 | |
| Source: | Code function: | 0_2_02354EF4 | |
| Source: | Code function: | 0_2_02345EE5 | |
| Source: | Code function: | 0_2_02359EE2 | |
| Source: | Code function: | 0_2_023326DD | |
| Source: | Code function: | 0_2_0236BF0B | |
| Source: | Code function: | 0_2_023467AF | |
| Source: | Code function: | 0_2_0236979C | |
| Source: | Code function: | 0_2_0235AFE9 | |
| Source: | Code function: | 0_2_0235BC2C | |
| Source: | Code function: | 0_2_02336C08 | |
| Source: | Code function: | 0_2_0234FC0B | |
| Source: | Code function: | 0_2_02336472 | |
| Source: | Code function: | 0_2_0234047F | |
| Source: | Code function: | 0_2_0234D450 | |
| Source: | Code function: | 0_2_02357C47 | |
| Source: | Code function: | 0_2_0234ACB0 | |
| Source: | Code function: | 0_2_0234B4B8 | |
| Source: | Code function: | 0_2_0237F4AB | |
| Source: | Code function: | 0_2_0236048F | |
| Source: | Code function: | 0_2_0234C4D7 | |
| Source: | Code function: | 0_2_0235F4DF | |
| Source: | Code function: | 0_2_02359CC2 | |
| Source: | Code function: | 0_2_02335D11 | |
| Source: | Code function: | 0_2_02335540 | |
| Source: | Code function: | 0_2_02366D43 | |
| Source: | Code function: | 0_2_023725B1 | |
| Source: | Code function: | 0_2_0235859B | |
| Source: | Code function: | 0_2_0235A5D4 | |
| Source: | Code function: | 0_2_0236B5C9 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process created: | ||
| Source: | Static PE information: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_008ADB56 | |
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | System information queried: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | ReversingLabs: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
Data Obfuscation | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Unpacked PE file: | ||
| Source: | Code function: | 0_2_00464079 | |
| Source: | Code function: | 0_2_00463CB6 | |
| Source: | Code function: | 0_2_00403D71 | |
| Source: | Code function: | 0_2_0045277B | |
| Source: | Code function: | 0_2_023829E2 | |
| Source: | Code function: | 0_2_02333FD8 | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | Code function: | 0_2_00401FF9 | |
| Source: | Code function: | 0_2_00401FF9 | |
| Source: | Code function: | 0_2_02332260 | |
| Source: | Evasive API call chain: | graph_0-72481 | ||
| Source: | Evasive API call chain: | graph_0-72423 | ||
| Source: | Evasive API call chain: | graph_0-72573 | ||
| Source: | System information queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_00429EF7 | |
| Source: | Code function: | 0_2_0041F9A4 | |
| Source: | Evasive API call chain: | graph_0-72589 | ||
| Source: | Evasive API call chain: | graph_0-72523 | ||
| Source: | Evasive API call chain: | graph_0-72531 | ||
| Source: | Code function: | 0_2_00451FBC | |
| Source: | Code function: | 0_2_02382223 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-72470 | ||
Anti Debugging | |
|---|
| Source: | Code function: | 0_2_004244E4 | |
| Source: | Debugger detection routine: | graph_0-72556 | ||
| Source: | Thread information set: | Jump to behavior | ||
| Source: | System information queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_00429EF7 | |
| Source: | Code function: | 0_2_0044E33B | |
| Source: | Code function: | 0_2_0041F9A4 | |
| Source: | Code function: | 0_2_00422177 | |
| Source: | Code function: | 0_2_00443998 | |
| Source: | Code function: | 0_2_0041F9A4 | |
| Source: | Code function: | 0_2_004262A1 | |
| Source: | Code function: | 0_2_0043B362 | |
| Source: | Code function: | 0_2_0044FB15 | |
| Source: | Code function: | 0_2_004244E4 | |
| Source: | Code function: | 0_2_004224A3 | |
| Source: | Code function: | 0_2_004245EC | |
| Source: | Code function: | 0_2_00421EEB | |
| Source: | Code function: | 0_2_00422817 | |
| Source: | Code function: | 0_2_0041F916 | |
| Source: | Code function: | 0_2_004269E4 | |
| Source: | Code function: | 0_2_00424995 | |
| Source: | Code function: | 0_2_00424995 | |
| Source: | Code function: | 0_2_00426A42 | |
| Source: | Code function: | 0_2_0042F265 | |
| Source: | Code function: | 0_2_00424B24 | |
| Source: | Code function: | 0_2_0041EBEB | |
| Source: | Code function: | 0_2_00424BED | |
| Source: | Code function: | 0_2_00424C8D | |
| Source: | Code function: | 0_2_0041E6F0 | |
| Source: | Code function: | 0_2_00429EF7 | |
| Source: | Code function: | 0_2_008AD433 | |
| Source: | Code function: | 0_2_02352A7E | |
| Source: | Code function: | 0_2_0234FB7D | |
| Source: | Code function: | 0_2_02373BFF | |
| Source: | Code function: | 0_2_02354BFC | |
| Source: | Code function: | 0_2_02354BFC | |
| Source: | Code function: | 0_2_023523DE | |
| Source: | Code function: | 0_2_02354853 | |
| Source: | Code function: | 0_2_0233092B | |
| Source: | Code function: | 0_2_0234E957 | |
| Source: | Code function: | 0_2_02352152 | |
| Source: | Code function: | 0_2_0235A15E | |
| Source: | Code function: | 0_2_02354E54 | |
| Source: | Code function: | 0_2_0234EE52 | |
| Source: | Code function: | 0_2_02354EF4 | |
| Source: | Code function: | 0_2_0235270A | |
| Source: | Code function: | 0_2_0235474B | |
| Source: | Code function: | 0_2_0234FC0B | |
| Source: | Code function: | 0_2_02356C4B | |
| Source: | Code function: | 0_2_02356CA9 | |
| Source: | Code function: | 0_2_0235F4CC | |
| Source: | Code function: | 0_2_02356508 | |
| Source: | Code function: | 0_2_0237FD7C | |
| Source: | Code function: | 0_2_02330D90 | |
| Source: | Code function: | 0_2_02354D8B | |
| Source: | Code function: | 0_2_0236B5C9 | |
| Source: | Code function: | 0_2_0043323B | |
| Source: | Code function: | 0_2_0044E33B | |
| Source: | Code function: | 0_2_0043D3A0 | |
| Source: | Code function: | 0_2_0043CE89 | |
| Source: | Code function: | 0_2_0043CE95 | |
| Source: | Code function: | 0_2_0236D0FC | |
| Source: | Code function: | 0_2_0236D607 | |
| Source: | Code function: | 0_2_0237E5A2 | |
| Source: | Code function: | 0_2_0043D0B8 | |
| Source: | Code function: | 0_2_0044614F | |
| Source: | Code function: | 0_2_00402476 | |
| Source: | Code function: | 0_2_00453BC4 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 21 Native API | 1 LSASS Driver | 1 Process Injection | 32 Virtualization/Sandbox Evasion | 1 OS Credential Dumping | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 LSASS Driver | 1 Process Injection | LSASS Memory | 471 Security Software Discovery | Remote Desktop Protocol | 31 Data from Local System | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | Security Account Manager | 32 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 11 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 2 Obfuscated Files or Information | NTDS | 2 Process Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Software Packing | LSA Secrets | 1 Account Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | 1 System Owner/User Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 11 File and Directory Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | 113 System Information Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 89% | ReversingLabs | Win32.Trojan.Smokeloader | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
⊘No contacted domains info
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 94.158.244.69 | unknown | Moldova Republic of | 39798 | MIVOCLOUDMD | true |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1555041 |
| Start date and time: | 2024-11-13 10:50:09 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 6m 59s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 9 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | g1kWKm20Z5.exerenamed because original name is a hash value |
| Original Sample Name: | 6b3ef3a90ba62f467b95d06765ab128bfec21ea012fd4f1e0927ca0d09169d86.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@2/5@0/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.42.73.29
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: g1kWKm20Z5.exe
| Time | Type | Description |
|---|---|---|
| 04:54:14 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 94.158.244.69 | Get hash | malicious | LummaC Stealer | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
|
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| MIVOCLOUDMD | Get hash | malicious | LummaC Stealer | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_g1kWKm20Z5.exe_a17a8fe720c9a7565be7f83fdfcc5dd30f1751_239bb738_1ece0bb0-e076-4511-a73b-9cacc3992694\Report.wer 
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.8418074565782038 |
| Encrypted: | false |
| SSDEEP: | 96:0J4RJcFrBtQs8hc27Z9uQXIDcQvc6PcEfcw3/b+HbHg/PB6HeaZFEOyKZoxm6J+f:3RSpBtQt0RLVsjxyzuiFZZ24IO8P |
| MD5: | F31165B79C97B86DFFF48EA97E6F7D5C |
| SHA1: | DC8ED85DCE916F9AA5D8D16BACD1E5D1A6C8CD9A |
| SHA-256: | 6555CA4E6F598004E4D51DB162587C84F420D0247C1A115A095E8E550AD69E41 |
| SHA-512: | FED5DC03A32E6D0166B81E94EBB4FBA08E84DC835BFA5760EB14628E69E0D6F95A70F1D22EA005205AE5E1C1A1A445DA3DE55CE8C2BDECE440D718327299A9E1 |
| Malicious: | true |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 40132 |
| Entropy (8bit): | 2.5044018772735157 |
| Encrypted: | false |
| SSDEEP: | 192:0Srk7X8jwkvHgO2hCy/wnuYg/UKrtY5F3+VVnx9Tb7yP/JBR28s:31jJvX2hCtnuYMrtY5cnx9jaPns |
| MD5: | AE75A8DF9791E31C863AA8D986348F05 |
| SHA1: | 61837D2CF55B7BCB19638C89DF654FCAADECAA12 |
| SHA-256: | D5BE6679C0E14C10B082A91131E7A6047C59D1E3B8F668CF3A606906B27585E2 |
| SHA-512: | 5FD70E051036F27BF74EC90159B5A47E0758AC39A9A4BB6498F89A9F87FD95975123251F0D58D3D9A4463FCB1C382AC611A67A73271602FCFC6ADEB521663A9D |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8334 |
| Entropy (8bit): | 3.698588280417024 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJt46Iv6Y9tSU8cgmfvNpDT89bTBsfVS1xm:R6lXJC6Iv6YHSU8cgmfv8T6fwa |
| MD5: | C1407B466A6CDF6F7938363AFA9D3338 |
| SHA1: | 7A19203B0982B7ADE05352779138B60F7D6EDB93 |
| SHA-256: | 1930321C6E2AA04BBA2BF5823BBCD541F530EE65DBEEA5FAF13144B6F22E5961 |
| SHA-512: | 116A8EEB6CD712EC1945A97ED5AC6E95578F5D55172424DDEB7EEDC635126BFD99AACF902E88572AD8E9E215E4F0D4BE4379519CBCAD7050357276E260862BB1 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4579 |
| Entropy (8bit): | 4.466967220325166 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zsrJg77aI9liWpW8VYZYm8M4JVW+oFLhd+q8vgimoHbE+lWd:uIjfFI7fj7VtJ8+IfWzmoHbE+lWd |
| MD5: | C3965C8AC1FB1101B4C6B205BD582C1A |
| SHA1: | 2207B1933FFE370EB42976E4522FA7F5905929EA |
| SHA-256: | E448414639D692F78D7343186E7A4CBB24BFAA2A53EE9B6D9271101B8AA78193 |
| SHA-512: | 2498B32E79E54C0411F8282ED36C1ED11382500A5F82081F78F2FF52327C78C688F45CEDE4158347F80DA2BDA63C25D807FC19E893393B2A1542F01EDDF502D7 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1835008 |
| Entropy (8bit): | 4.465456372302432 |
| Encrypted: | false |
| SSDEEP: | 6144:LIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNRdwBCswSbD:MXD94+WlLZMM6YFHL+D |
| MD5: | C6F2C441ECD09FF966DA7E383574F832 |
| SHA1: | E01AAFF5C7975302F087CD6ED3CC9F28096BD3DB |
| SHA-256: | D503C7CA9D6EE857ACDB7DA5164DE5AEF2A2D8924B9028B5E96E0E4D574D5766 |
| SHA-512: | BA2E6C3FD851978CF7B80CF3F1B462A6A49E958DED31B645317191F5A75EBC9EF4FAE1273F82724D3757893F7538A54668AB2490773D806BE38F9B481F92067A |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.478193783736392 |
| TrID: |
|
| File name: | g1kWKm20Z5.exe |
| File size: | 440'832 bytes |
| MD5: | 33f4cf8b4c1f6c07e80c74669d31021b |
| SHA1: | a2d722720565ab8659c066aaf693f5b2ad8fb3d3 |
| SHA256: | 6b3ef3a90ba62f467b95d06765ab128bfec21ea012fd4f1e0927ca0d09169d86 |
| SHA512: | 1ef0b1eccd6dd90df14c0f0567f9a3b57e74ef74dbe44a764fece43fe6ca7d1df01bb2d7409c3167e74d6f27b862e4c68e5bdd32031a23a3f1f87af28290f240 |
| SSDEEP: | 6144:Cj0t6wsVjQTgZTI4CcWDLszhmMZcjRfIL5tMD1XqTS41rQ76iW51TLOF82Ul:CIt6wMMST0TuhmMZclSuBEpQcdL1 |
| TLSH: | AF94BF0372E17C60F62687718F2ED6F8662EF5508F597BAB1A159A2F08B11B2C373315 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........\..r...r...r.......r.......r.......r.......r...s.;.r.......r.......r.......r.Rich..r.........PE..L...u..a.................j. |
 | |
| Icon Hash: | 412d25010561973e |
| Entrypoint: | 0x408bc1 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x61B1DD75 [Thu Dec 9 10:41:57 2021 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 1 |
| File Version Major: | 5 |
| File Version Minor: | 1 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 1 |
| Import Hash: | 496128ad91bbbd96eb429e15aca0d468 |
| Instruction |
|---|
| call 00007F8C80F5CAC4h |
| jmp 00007F8C80F570AEh |
| push dword ptr [0045C0B8h] |
| call dword ptr [004010F4h] |
| test eax, eax |
| je 00007F8C80F57224h |
| call eax |
| push 00000019h |
| call 00007F8C80F5B5AAh |
| push 00000001h |
| push 00000000h |
| call 00007F8C80F5916Eh |
| add esp, 0Ch |
| jmp 00007F8C80F59133h |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| mov ecx, dword ptr [esp+04h] |
| test ecx, 00000003h |
| je 00007F8C80F57246h |
| mov al, byte ptr [ecx] |
| add ecx, 01h |
| test al, al |
| je 00007F8C80F57270h |
| test ecx, 00000003h |
| jne 00007F8C80F57211h |
| add eax, 00000000h |
| lea esp, dword ptr [esp+00000000h] |
| lea esp, dword ptr [esp+00000000h] |
| mov eax, dword ptr [ecx] |
| mov edx, 7EFEFEFFh |
| add edx, eax |
| xor eax, FFFFFFFFh |
| xor eax, edx |
| add ecx, 04h |
| test eax, 81010100h |
| je 00007F8C80F5720Ah |
| mov eax, dword ptr [ecx-04h] |
| test al, al |
| je 00007F8C80F57254h |
| test ah, ah |
| je 00007F8C80F57246h |
| test eax, 00FF0000h |
| je 00007F8C80F57235h |
| test eax, FF000000h |
| je 00007F8C80F57224h |
| jmp 00007F8C80F571EFh |
| lea eax, dword ptr [ecx-01h] |
| mov ecx, dword ptr [esp+04h] |
| sub eax, ecx |
| ret |
| lea eax, dword ptr [ecx-02h] |
| mov ecx, dword ptr [esp+04h] |
| sub eax, ecx |
| ret |
| lea eax, dword ptr [ecx-03h] |
| mov ecx, dword ptr [esp+04h] |
| sub eax, ecx |
| ret |
| lea eax, dword ptr [ecx-04h] |
| mov ecx, dword ptr [esp+04h] |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x16c94 | 0x50 | .text |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x2db000 | 0x113c0 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x4350 | 0x40 | .text |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x1f0 | .text |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x16806 | 0x16a00 | ceb684546bf2ba621dc0ff91b8bf007b | False | 0.5262862569060773 | data | 6.399556964516839 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .data | 0x18000 | 0x2c2fa8 | 0x43800 | 52a08bac948c68fbb07dc6b4fce62075 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x2db000 | 0x113c0 | 0x11400 | d63e69c9c54c8a044762721fd27e8a22 | False | 0.34288666213768115 | data | 4.049478983681206 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0x2db6a0 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Tamil | India | 0.4891696750902527 |
| RT_ICON | 0x2db6a0 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Tamil | Sri Lanka | 0.4891696750902527 |
| RT_ICON | 0x2dbf48 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Tamil | India | 0.554147465437788 |
| RT_ICON | 0x2dbf48 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Tamil | Sri Lanka | 0.554147465437788 |
| RT_ICON | 0x2dc610 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Tamil | India | 0.5491329479768786 |
| RT_ICON | 0x2dc610 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Tamil | Sri Lanka | 0.5491329479768786 |
| RT_ICON | 0x2dcb78 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Tamil | India | 0.43058161350844276 |
| RT_ICON | 0x2dcb78 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Tamil | Sri Lanka | 0.43058161350844276 |
| RT_ICON | 0x2ddc20 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Tamil | India | 0.41721311475409834 |
| RT_ICON | 0x2ddc20 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Tamil | Sri Lanka | 0.41721311475409834 |
| RT_ICON | 0x2de5a8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Tamil | India | 0.449468085106383 |
| RT_ICON | 0x2de5a8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Tamil | Sri Lanka | 0.449468085106383 |
| RT_ICON | 0x2dea70 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Tamil | India | 0.2798507462686567 |
| RT_ICON | 0x2dea70 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Tamil | Sri Lanka | 0.2798507462686567 |
| RT_ICON | 0x2df918 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Tamil | India | 0.3957373271889401 |
| RT_ICON | 0x2df918 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Tamil | Sri Lanka | 0.3957373271889401 |
| RT_ICON | 0x2dffe0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Tamil | India | 0.39378612716763006 |
| RT_ICON | 0x2dffe0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Tamil | Sri Lanka | 0.39378612716763006 |
| RT_ICON | 0x2e0548 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Tamil | India | 0.2232365145228216 |
| RT_ICON | 0x2e0548 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Tamil | Sri Lanka | 0.2232365145228216 |
| RT_ICON | 0x2e2af0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Tamil | India | 0.2807223264540338 |
| RT_ICON | 0x2e2af0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Tamil | Sri Lanka | 0.2807223264540338 |
| RT_ICON | 0x2e3b98 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Tamil | India | 0.3008196721311475 |
| RT_ICON | 0x2e3b98 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Tamil | Sri Lanka | 0.3008196721311475 |
| RT_ICON | 0x2e4520 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Tamil | India | 0.34131205673758863 |
| RT_ICON | 0x2e4520 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Tamil | Sri Lanka | 0.34131205673758863 |
| RT_ICON | 0x2e49f0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Tamil | India | 0.31636460554371004 |
| RT_ICON | 0x2e49f0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Tamil | Sri Lanka | 0.31636460554371004 |
| RT_ICON | 0x2e5898 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Tamil | India | 0.3844765342960289 |
| RT_ICON | 0x2e5898 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Tamil | Sri Lanka | 0.3844765342960289 |
| RT_ICON | 0x2e6140 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Tamil | India | 0.41993087557603687 |
| RT_ICON | 0x2e6140 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Tamil | Sri Lanka | 0.41993087557603687 |
| RT_ICON | 0x2e6808 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Tamil | India | 0.3959537572254335 |
| RT_ICON | 0x2e6808 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Tamil | Sri Lanka | 0.3959537572254335 |
| RT_ICON | 0x2e6d70 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | Tamil | India | 0.24647302904564317 |
| RT_ICON | 0x2e6d70 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | Tamil | Sri Lanka | 0.24647302904564317 |
| RT_ICON | 0x2e9318 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | Tamil | India | 0.2790806754221388 |
| RT_ICON | 0x2e9318 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | Tamil | Sri Lanka | 0.2790806754221388 |
| RT_ICON | 0x2ea3c0 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | Tamil | India | 0.28975409836065574 |
| RT_ICON | 0x2ea3c0 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | Tamil | Sri Lanka | 0.28975409836065574 |
| RT_ICON | 0x2ead48 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | Tamil | India | 0.32890070921985815 |
| RT_ICON | 0x2ead48 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | Tamil | Sri Lanka | 0.32890070921985815 |
| RT_STRING | 0x2eb4d8 | 0x3c4 | data | Tamil | India | 0.47614107883817425 |
| RT_STRING | 0x2eb4d8 | 0x3c4 | data | Tamil | Sri Lanka | 0.47614107883817425 |
| RT_STRING | 0x2eb8a0 | 0x218 | data | Tamil | India | 0.5205223880597015 |
| RT_STRING | 0x2eb8a0 | 0x218 | data | Tamil | Sri Lanka | 0.5205223880597015 |
| RT_STRING | 0x2ebab8 | 0x2d4 | Matlab v4 mat-file (little endian) , numeric, rows 0, columns 0 | Tamil | India | 0.4613259668508287 |
| RT_STRING | 0x2ebab8 | 0x2d4 | Matlab v4 mat-file (little endian) , numeric, rows 0, columns 0 | Tamil | Sri Lanka | 0.4613259668508287 |
| RT_STRING | 0x2ebd90 | 0x5a0 | data | Tamil | India | 0.4409722222222222 |
| RT_STRING | 0x2ebd90 | 0x5a0 | data | Tamil | Sri Lanka | 0.4409722222222222 |
| RT_STRING | 0x2ec330 | 0x90 | data | Tamil | India | 0.5972222222222222 |
| RT_STRING | 0x2ec330 | 0x90 | data | Tamil | Sri Lanka | 0.5972222222222222 |
| RT_ACCELERATOR | 0x2eb228 | 0x90 | data | Tamil | India | 0.6944444444444444 |
| RT_ACCELERATOR | 0x2eb228 | 0x90 | data | Tamil | Sri Lanka | 0.6944444444444444 |
| RT_GROUP_ICON | 0x2dea10 | 0x5a | data | Tamil | India | 0.7222222222222222 |
| RT_GROUP_ICON | 0x2dea10 | 0x5a | data | Tamil | Sri Lanka | 0.7222222222222222 |
| RT_GROUP_ICON | 0x2e4988 | 0x68 | data | Tamil | India | 0.7211538461538461 |
| RT_GROUP_ICON | 0x2e4988 | 0x68 | data | Tamil | Sri Lanka | 0.7211538461538461 |
| RT_GROUP_ICON | 0x2eb1b0 | 0x76 | data | Tamil | India | 0.6779661016949152 |
| RT_GROUP_ICON | 0x2eb1b0 | 0x76 | data | Tamil | Sri Lanka | 0.6779661016949152 |
| RT_VERSION | 0x2eb2c8 | 0x20c | data | 0.5553435114503816 | ||
| None | 0x2eb2b8 | 0xa | data | Tamil | India | 1.8 |
| None | 0x2eb2b8 | 0xa | data | Tamil | Sri Lanka | 1.8 |
| DLL | Import |
|---|---|
| KERNEL32.dll | ConvertThreadToFiber, InterlockedIncrement, InterlockedDecrement, WaitNamedPipeA, SetMailslotInfo, ZombifyActCtx, QueryDosDeviceA, GetModuleHandleW, EnumTimeFormatsW, SetProcessPriorityBoost, GetPrivateProfileIntA, GetPrivateProfileStructW, GetCalendarInfoW, GetConsoleAliasExesLengthW, GetFileAttributesW, WriteConsoleW, SetSystemPowerState, GetModuleFileNameW, CompareStringW, GetVolumePathNameA, GetShortPathNameA, GetProfileIntA, GetLastError, GetProcAddress, AttachConsole, GetDriveTypeW, SearchPathA, ResetEvent, OpenWaitableTimerA, LoadLibraryA, GetProcessId, InterlockedExchangeAdd, LocalAlloc, SetCalendarInfoW, FindFirstVolumeMountPointW, AddAtomW, OpenJobObjectW, SetSystemTime, GlobalWire, FindNextFileA, EnumDateFormatsA, CreateIoCompletionPort, GetModuleHandleA, FreeEnvironmentStringsW, CreateMailslotA, EnumDateFormatsW, OpenSemaphoreW, FileTimeToLocalFileTime, GetVolumeNameForVolumeMountPointW, EnumCalendarInfoExA, EnumSystemLocalesW, AreFileApisANSI, GlobalDeleteAtom, SetComputerNameA, GlobalFix, CreateFileW, FlushFileBuffers, EncodePointer, DecodePointer, Sleep, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, WideCharToMultiByte, HeapFree, HeapAlloc, DeleteFileA, HeapReAlloc, GetCommandLineA, HeapSetInformation, GetStartupInfoW, RaiseException, RtlUnwind, LCMapStringW, MultiByteToWideChar, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, TerminateProcess, GetCurrentProcess, IsProcessorFeaturePresent, HeapCreate, ExitProcess, WriteFile, GetStdHandle, SetFilePointer, SetHandleCount, InitializeCriticalSectionAndSpinCount, GetFileType, GetModuleFileNameA, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, GetLocaleInfoW, HeapSize, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, GetStringTypeW, GetConsoleCP, GetConsoleMode, LoadLibraryW, SetStdHandle, CloseHandle |
| GDI32.dll | GetCharABCWidthsA, SelectObject |
| WINHTTP.dll | WinHttpGetProxyForUrl |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| Tamil | India |  |
| Tamil | Sri Lanka |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-13T10:51:06.084853+0100 | 2043206 | ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 | 1 | 192.168.2.4 | 49736 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:51:06.084853+0100 | 2043206 | ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 | 1 | 192.168.2.4 | 49944 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:51:46.541425+0100 | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 1 | 20.109.210.53 | 443 | 192.168.2.4 | 49730 | TCP |
| 2024-11-13T10:52:08.509327+0100 | 2043206 | ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 | 1 | 192.168.2.4 | 49743 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:52:17.471003+0100 | 2043206 | ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 | 1 | 192.168.2.4 | 49793 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:52:24.735108+0100 | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 1 | 20.109.210.53 | 443 | 192.168.2.4 | 49877 | TCP |
| 2024-11-13T10:52:26.456597+0100 | 2043206 | ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 | 1 | 192.168.2.4 | 49844 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:52:35.200891+0100 | 2043206 | ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 | 1 | 192.168.2.4 | 49895 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:52:53.502274+0100 | 2043206 | ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 | 1 | 192.168.2.4 | 49991 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:52:54.285809+0100 | 2043206 | ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 | 1 | 192.168.2.4 | 50010 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:52:54.285809+0100 | 2843864 | ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 | 1 | 192.168.2.4 | 50010 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:53:11.490787+0100 | 2043206 | ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 | 1 | 192.168.2.4 | 50011 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:53:20.255945+0100 | 2043206 | ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 | 1 | 192.168.2.4 | 50012 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:53:29.154805+0100 | 2043206 | ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 | 1 | 192.168.2.4 | 50013 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:53:37.909184+0100 | 2043206 | ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 | 1 | 192.168.2.4 | 50014 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:53:46.703991+0100 | 2043206 | ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 | 1 | 192.168.2.4 | 50015 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:53:55.471170+0100 | 2043206 | ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 | 1 | 192.168.2.4 | 50016 | 94.158.244.69 | 80 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Nov 13, 2024 10:51:51.021006107 CET | 49736 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:51:51.037643909 CET | 80 | 49736 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:51:51.037710905 CET | 49736 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:51:51.037914038 CET | 49736 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:51:51.038527966 CET | 49736 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:51:51.046174049 CET | 80 | 49736 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:51:51.046190977 CET | 80 | 49736 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:51:51.046231985 CET | 49736 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:51:51.046260118 CET | 49736 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:51:51.046308994 CET | 80 | 49736 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:51:51.046319962 CET | 80 | 49736 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:51:51.046329021 CET | 80 | 49736 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:51:51.046338081 CET | 80 | 49736 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:51:51.046351910 CET | 49736 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:51:51.046381950 CET | 49736 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:51:51.046405077 CET | 80 | 49736 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:51:51.046413898 CET | 80 | 49736 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:51:51.046422005 CET | 80 | 49736 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:51:51.046431065 CET | 80 | 49736 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:51:51.051115990 CET | 80 | 49736 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:51:51.051172018 CET | 80 | 49736 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:51:51.051183939 CET | 80 | 49736 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:51:51.051192999 CET | 80 | 49736 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:51:51.051213026 CET | 80 | 49736 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:51:51.051296949 CET | 80 | 49736 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:51:51.069289923 CET | 49736 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:51:51.074245930 CET | 80 | 49736 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:51:59.519512892 CET | 80 | 49736 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:00.020899057 CET | 49743 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:00.025996923 CET | 80 | 49743 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:00.026246071 CET | 49743 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:00.026247025 CET | 49743 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:00.026686907 CET | 49743 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:00.031249046 CET | 80 | 49743 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:00.031753063 CET | 80 | 49743 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:00.031784058 CET | 80 | 49743 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:00.031811953 CET | 80 | 49743 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:00.031841040 CET | 80 | 49743 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:00.031907082 CET | 80 | 49743 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:00.031934977 CET | 80 | 49743 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:00.031963110 CET | 80 | 49743 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:00.032023907 CET | 80 | 49743 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:00.032052040 CET | 80 | 49743 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:00.032089949 CET | 80 | 49743 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:08.509216070 CET | 80 | 49743 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:08.509326935 CET | 49743 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:08.510354042 CET | 49743 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:08.516621113 CET | 80 | 49743 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:08.979197025 CET | 49793 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:08.984241962 CET | 80 | 49793 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:08.984340906 CET | 49793 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:08.984435081 CET | 49793 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:08.984817982 CET | 49793 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:08.989370108 CET | 80 | 49793 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:08.989670992 CET | 80 | 49793 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:17.467288971 CET | 80 | 49793 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:17.471003056 CET | 49793 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:17.471162081 CET | 49793 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:17.476130009 CET | 80 | 49793 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:17.967411041 CET | 49844 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:17.972816944 CET | 80 | 49844 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:17.972913027 CET | 49844 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:17.973020077 CET | 49844 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:17.973377943 CET | 49844 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:17.978399992 CET | 80 | 49844 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:17.978751898 CET | 80 | 49844 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:26.456470966 CET | 80 | 49844 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:26.456597090 CET | 49844 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:26.456686974 CET | 49844 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:26.462404966 CET | 80 | 49844 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:26.699780941 CET | 49895 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:26.710021019 CET | 80 | 49895 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:26.710119009 CET | 49895 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:26.710982084 CET | 49895 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:26.711991072 CET | 49895 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:26.715842962 CET | 80 | 49895 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:26.716898918 CET | 80 | 49895 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:35.200824976 CET | 80 | 49895 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:35.200891018 CET | 49895 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:35.201375008 CET | 49895 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:35.206146002 CET | 80 | 49895 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:36.041203976 CET | 49944 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:36.046175957 CET | 80 | 49944 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:36.046273947 CET | 49944 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:36.046396017 CET | 49944 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:36.046822071 CET | 49944 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:36.051170111 CET | 80 | 49944 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:36.051237106 CET | 49944 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:36.051846981 CET | 80 | 49944 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:36.051898956 CET | 49944 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:36.052115917 CET | 80 | 49944 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:36.052175999 CET | 49944 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:36.052851915 CET | 80 | 49944 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:36.052908897 CET | 49944 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:36.052985907 CET | 80 | 49944 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:36.053034067 CET | 49944 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:36.054101944 CET | 80 | 49944 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:36.054291010 CET | 80 | 49944 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:36.054905891 CET | 80 | 49944 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:36.054919004 CET | 80 | 49944 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:36.054924965 CET | 80 | 49944 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:36.056119919 CET | 80 | 49944 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:36.056782007 CET | 80 | 49944 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:36.056905985 CET | 80 | 49944 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:36.057102919 CET | 80 | 49944 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:36.057117939 CET | 80 | 49944 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:36.058147907 CET | 80 | 49944 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:36.101469040 CET | 80 | 49944 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:44.534466982 CET | 80 | 49944 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:45.022811890 CET | 49991 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:45.027585983 CET | 80 | 49991 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:45.027695894 CET | 49991 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:45.027837992 CET | 49991 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:45.028214931 CET | 49991 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:45.032596111 CET | 80 | 49991 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:45.033027887 CET | 80 | 49991 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:53.502155066 CET | 80 | 49991 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:53.502274036 CET | 49991 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:53.502346992 CET | 49991 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:53.507162094 CET | 80 | 49991 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.227046013 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:54.231996059 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.232132912 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:54.232328892 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:54.232878923 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:54.237102985 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.237184048 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:54.237924099 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.237941980 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.237951994 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.237962008 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.237972021 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.237981081 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.237996101 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:54.237997055 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.238006115 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.238015890 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.238018036 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:54.238042116 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:54.238068104 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:54.242103100 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.242171049 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:54.242989063 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.242999077 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.243056059 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:54.243098021 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.243108034 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.243118048 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.243140936 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:54.243156910 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:54.243247986 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.243345022 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:54.285510063 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.285809040 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:54.337508917 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.337724924 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:54.385427952 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.385556936 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:54.433446884 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.433687925 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:54.481544971 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.481666088 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:54.529558897 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.529674053 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:54.581564903 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.581662893 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:54.633513927 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.633583069 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:54.685445070 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.685528040 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:54.737565994 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.737648964 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:54.789505959 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.789573908 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:54.841475010 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.841537952 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:54.889516115 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.889621973 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:54.937401056 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.937526941 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:54.985547066 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:54.985635996 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:55.038336039 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:55.038461924 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:55.089607954 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:55.089818001 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:55.137362957 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:55.137449980 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:55.185391903 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:55.185465097 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:55.233566046 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:55.233763933 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:55.281488895 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:55.281614065 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:55.329468966 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:55.329544067 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:55.381556988 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:55.381623983 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:55.429615974 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:55.429753065 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:55.477597952 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:55.477706909 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:55.525533915 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:55.525614977 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:55.573434114 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:55.573561907 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:55.621594906 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:55.621685982 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:55.677459955 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:55.677567959 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:55.725487947 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:55.725559950 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:55.777553082 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:55.777690887 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:55.829472065 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:55.829603910 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:55.877526045 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:55.877774000 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:55.925498009 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:55.925551891 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:55.973539114 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:55.973592997 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:56.021541119 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:56.021593094 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:56.069480896 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:56.069590092 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:56.117418051 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:56.117660999 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:56.169452906 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:56.169534922 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:56.217442989 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:56.217627048 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:56.265500069 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:56.265836000 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:56.317374945 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:56.317738056 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:56.369534016 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:56.369688988 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:56.417561054 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:56.417673111 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:56.465487957 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:56.465553045 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:56.514029980 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:56.514075041 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:56.565535069 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:56.565593004 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:56.613529921 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:56.613651991 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:56.661660910 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:56.661768913 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:56.709578037 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:56.709652901 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:56.758109093 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:56.758183956 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:56.809473991 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:56.809636116 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:56.858177900 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:56.858290911 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:56.905467987 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:56.905580997 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:56.959331989 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:56.959547043 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:57.009439945 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:57.009650946 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:57.057507992 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:57.057714939 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:57.109541893 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:57.109776020 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:57.157696009 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:57.157896996 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:57.205784082 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:57.206002951 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:57.253516912 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:57.253690958 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:57.305414915 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:57.305509090 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:57.354417086 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:57.354486942 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:57.401827097 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:57.401894093 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:57.449636936 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:57.449724913 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:57.502360106 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:57.502556086 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:57.553622961 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:57.553780079 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:57.601571083 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:57.601638079 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:57.653528929 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:57.653594971 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:57.702864885 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:57.702958107 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:57.749846935 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:57.749910116 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:57.797462940 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:57.797635078 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:57.845446110 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:57.845544100 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:57.893412113 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:57.893517971 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:57.941416025 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:57.941483021 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:57.989465952 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:57.989542007 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:58.037410975 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:58.037539005 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:58.089685917 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:58.089756012 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:58.137644053 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:58.137706041 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:58.185705900 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:58.185774088 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:58.233638048 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:58.233694077 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:58.281461000 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:58.281553984 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:58.333602905 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:58.333772898 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:58.381572962 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:58.381661892 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:58.429517984 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:58.429610014 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:58.477633953 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:58.477716923 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:58.525602102 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:58.525659084 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:58.573492050 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:58.573586941 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:58.621551991 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:58.621678114 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:58.673515081 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:58.673629045 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:58.725478888 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:58.725862026 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:58.773499966 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:58.773597956 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:58.821554899 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:58.821858883 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:58.873406887 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:58.873543978 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:58.921489954 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:58.921555996 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:58.973525047 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:58.973772049 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:59.021500111 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:59.021728039 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:59.069555044 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:59.069664001 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:59.117501020 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:59.117815971 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:59.165580988 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:59.165715933 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:59.217536926 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:59.217647076 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:59.265547991 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:59.265645027 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:59.313462019 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:59.313553095 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:59.361546993 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:59.361720085 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:59.409451008 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:59.409641027 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:59.457463980 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:59.457516909 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:59.505482912 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:59.505590916 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:59.557445049 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:59.557578087 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:59.605403900 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:59.605472088 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:59.653419018 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:59.653498888 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:59.701397896 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:59.701544046 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:59.749521017 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:59.749593019 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:59.797494888 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:59.797555923 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:59.849648952 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:59.849741936 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:59.897454977 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:59.897650003 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:59.945554972 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:59.945637941 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:52:59.993530035 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:52:59.993717909 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:00.045618057 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:00.045743942 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:00.097731113 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:00.097937107 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:00.145565987 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:00.145637035 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:00.193582058 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:00.193769932 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:00.245620012 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:00.245711088 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:00.293529987 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:00.293649912 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:00.341623068 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:00.341741085 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:00.393394947 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:00.393626928 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:00.441620111 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:00.441677094 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:00.493417025 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:00.493477106 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:00.541440964 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:00.541620970 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:00.589370012 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:00.589622021 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:00.637434006 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:00.637567997 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:00.685499907 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:00.685580969 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:00.733589888 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:00.733757973 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:00.785691023 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:00.785770893 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:00.837682962 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:00.837781906 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:00.889483929 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:00.889596939 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:00.937545061 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:00.937666893 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:00.985372066 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:00.985531092 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:01.033477068 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:01.033534050 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:01.085489988 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:01.085542917 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:01.134444952 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:01.134520054 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:01.181757927 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:01.181865931 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:01.229727983 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:01.229809999 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:01.277575970 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:01.277687073 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:01.325370073 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:01.325480938 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:01.373375893 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:01.373491049 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:01.425461054 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:01.425553083 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:01.473414898 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:01.473525047 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:01.521442890 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:01.521537066 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:01.569613934 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:01.569755077 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:01.621473074 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:01.621557951 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:01.669476032 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:01.669579983 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:01.721515894 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:01.721662045 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:01.773514032 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:01.773643970 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:01.825587988 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:01.825771093 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:01.873554945 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:01.873677969 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:01.921413898 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:01.921581984 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:01.969419956 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:01.969634056 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:02.017484903 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:02.017602921 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:02.069408894 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:02.069562912 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:02.121418953 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:02.121474981 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:02.169405937 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:02.169481993 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:02.221631050 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:02.221688986 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:02.269370079 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:02.269500971 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:02.317462921 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:02.317629099 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:02.365457058 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:02.365550041 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:02.413546085 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:02.413662910 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:02.461529016 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:02.461642981 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:02.509419918 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:02.509521961 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:02.561386108 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:02.561510086 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:02.609699965 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:02.609797001 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:02.657543898 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:02.657614946 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:02.705400944 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:02.705554008 CET | 50010 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:02.706746101 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:02.710511923 CET | 80 | 50010 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:03.004311085 CET | 50011 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:03.009424925 CET | 80 | 50011 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:03.009517908 CET | 50011 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:03.009649038 CET | 50011 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:03.010031939 CET | 50011 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:03.015068054 CET | 80 | 50011 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:03.015404940 CET | 80 | 50011 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:11.490643024 CET | 80 | 50011 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:11.490787029 CET | 50011 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:11.490865946 CET | 50011 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:11.495692968 CET | 80 | 50011 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:11.774096012 CET | 50012 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:11.779071093 CET | 80 | 50012 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:11.779155970 CET | 50012 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:11.779273987 CET | 50012 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:11.779647112 CET | 50012 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:11.784120083 CET | 80 | 50012 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:11.784761906 CET | 80 | 50012 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:20.255753040 CET | 80 | 50012 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:20.255944967 CET | 50012 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:20.255944967 CET | 50012 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:20.260782003 CET | 80 | 50012 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:20.667278051 CET | 50013 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:20.672370911 CET | 80 | 50013 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:20.672472954 CET | 50013 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:20.672610998 CET | 50013 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:20.672972918 CET | 50013 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:20.677437067 CET | 80 | 50013 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:20.677766085 CET | 80 | 50013 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:29.154710054 CET | 80 | 50013 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:29.154804945 CET | 50013 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:29.154872894 CET | 50013 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:29.159842014 CET | 80 | 50013 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:29.411429882 CET | 50014 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:29.417093039 CET | 80 | 50014 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:29.417304039 CET | 50014 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:29.417304039 CET | 50014 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:29.418088913 CET | 50014 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:29.422947884 CET | 80 | 50014 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:29.423002005 CET | 80 | 50014 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:37.908978939 CET | 80 | 50014 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:37.909183979 CET | 50014 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:37.909183979 CET | 50014 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:37.914283037 CET | 80 | 50014 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:38.175916910 CET | 50015 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:38.221759081 CET | 80 | 50015 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:38.221930981 CET | 50015 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:38.222455978 CET | 50015 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:38.223850965 CET | 50015 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:38.227410078 CET | 80 | 50015 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:38.228759050 CET | 80 | 50015 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:46.703774929 CET | 80 | 50015 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:46.703990936 CET | 50015 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:46.703990936 CET | 50015 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:46.709033012 CET | 80 | 50015 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:46.983675957 CET | 50016 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:46.989391088 CET | 80 | 50016 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:46.989481926 CET | 50016 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:46.989612103 CET | 50016 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:46.989995003 CET | 50016 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:46.994539976 CET | 80 | 50016 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:46.994981050 CET | 80 | 50016 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:55.471035004 CET | 80 | 50016 | 94.158.244.69 | 192.168.2.4 |
| Nov 13, 2024 10:53:55.471169949 CET | 50016 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:55.471215963 CET | 50016 | 80 | 192.168.2.4 | 94.158.244.69 |
| Nov 13, 2024 10:53:55.476258039 CET | 80 | 50016 | 94.158.244.69 | 192.168.2.4 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49736 | 94.158.244.69 | 80 | 1352 | C:\Users\user\Desktop\g1kWKm20Z5.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 13, 2024 10:51:51.037914038 CET | 190 | OUT | |
| Nov 13, 2024 10:51:51.038527966 CET | 11124 | OUT | |
| Nov 13, 2024 10:51:51.046231985 CET | 1236 | OUT | |
| Nov 13, 2024 10:51:51.046260118 CET | 2472 | OUT | |
| Nov 13, 2024 10:51:51.046351910 CET | 4944 | OUT | |
| Nov 13, 2024 10:51:51.046381950 CET | 4307 | OUT | |
| Nov 13, 2024 10:51:51.069289923 CET | 1236 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49743 | 94.158.244.69 | 80 | 1352 | C:\Users\user\Desktop\g1kWKm20Z5.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 13, 2024 10:52:00.026247025 CET | 190 | OUT | |
| Nov 13, 2024 10:52:00.026686907 CET | 11665 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 49793 | 94.158.244.69 | 80 | 1352 | C:\Users\user\Desktop\g1kWKm20Z5.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 13, 2024 10:52:08.984435081 CET | 188 | OUT | |
| Nov 13, 2024 10:52:08.984817982 CET | 440 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.4 | 49844 | 94.158.244.69 | 80 | 1352 | C:\Users\user\Desktop\g1kWKm20Z5.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 13, 2024 10:52:17.973020077 CET | 188 | OUT | |
| Nov 13, 2024 10:52:17.973377943 CET | 440 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.4 | 49895 | 94.158.244.69 | 80 | 1352 | C:\Users\user\Desktop\g1kWKm20Z5.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 13, 2024 10:52:26.710982084 CET | 188 | OUT | |
| Nov 13, 2024 10:52:26.711991072 CET | 440 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.4 | 49944 | 94.158.244.69 | 80 | 1352 | C:\Users\user\Desktop\g1kWKm20Z5.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 13, 2024 10:52:36.046396017 CET | 190 | OUT | |
| Nov 13, 2024 10:52:36.046822071 CET | 11124 | OUT | |
| Nov 13, 2024 10:52:36.051237106 CET | 1236 | OUT | |
| Nov 13, 2024 10:52:36.051898956 CET | 2472 | OUT | |
| Nov 13, 2024 10:52:36.052175999 CET | 2472 | OUT | |
| Nov 13, 2024 10:52:36.052908897 CET | 2472 | OUT | |
| Nov 13, 2024 10:52:36.053034067 CET | 597 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.4 | 49991 | 94.158.244.69 | 80 | 1352 | C:\Users\user\Desktop\g1kWKm20Z5.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 13, 2024 10:52:45.027837992 CET | 189 | OUT | |
| Nov 13, 2024 10:52:45.028214931 CET | 1135 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.4 | 50010 | 94.158.244.69 | 80 | 1352 | C:\Users\user\Desktop\g1kWKm20Z5.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 13, 2024 10:52:54.232328892 CET | 191 | OUT | |
| Nov 13, 2024 10:52:54.232878923 CET | 11124 | OUT | |
| Nov 13, 2024 10:52:54.237184048 CET | 1236 | OUT | |
| Nov 13, 2024 10:52:54.237996101 CET | 4944 | OUT | |
| Nov 13, 2024 10:52:54.238018036 CET | 4944 | OUT | |
| Nov 13, 2024 10:52:54.238042116 CET | 7416 | OUT | |
| Nov 13, 2024 10:52:54.238068104 CET | 4944 | OUT | |
| Nov 13, 2024 10:52:54.242171049 CET | 2472 | OUT | |
| Nov 13, 2024 10:52:54.243056059 CET | 4944 | OUT | |
| Nov 13, 2024 10:52:54.243140936 CET | 4944 | OUT | |
| Nov 13, 2024 10:52:54.243156910 CET | 2472 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.4 | 50011 | 94.158.244.69 | 80 | 1352 | C:\Users\user\Desktop\g1kWKm20Z5.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 13, 2024 10:53:03.009649038 CET | 188 | OUT | |
| Nov 13, 2024 10:53:03.010031939 CET | 440 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.4 | 50012 | 94.158.244.69 | 80 | 1352 | C:\Users\user\Desktop\g1kWKm20Z5.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 13, 2024 10:53:11.779273987 CET | 188 | OUT | |
| Nov 13, 2024 10:53:11.779647112 CET | 440 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.4 | 50013 | 94.158.244.69 | 80 | 1352 | C:\Users\user\Desktop\g1kWKm20Z5.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 13, 2024 10:53:20.672610998 CET | 188 | OUT | |
| Nov 13, 2024 10:53:20.672972918 CET | 440 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.4 | 50014 | 94.158.244.69 | 80 | 1352 | C:\Users\user\Desktop\g1kWKm20Z5.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 13, 2024 10:53:29.417304039 CET | 188 | OUT | |
| Nov 13, 2024 10:53:29.418088913 CET | 440 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.4 | 50015 | 94.158.244.69 | 80 | 1352 | C:\Users\user\Desktop\g1kWKm20Z5.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 13, 2024 10:53:38.222455978 CET | 188 | OUT | |
| Nov 13, 2024 10:53:38.223850965 CET | 440 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.4 | 50016 | 94.158.244.69 | 80 | 1352 | C:\Users\user\Desktop\g1kWKm20Z5.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 13, 2024 10:53:46.989612103 CET | 188 | OUT | |
| Nov 13, 2024 10:53:46.989995003 CET | 440 | OUT |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 04:51:02 |
| Start date: | 13/11/2024 |
| Path: | C:\Users\user\Desktop\g1kWKm20Z5.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 440'832 bytes |
| MD5 hash: | 33F4CF8B4C1F6C07E80C74669D31021B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 7 |
| Start time: | 04:53:55 |
| Start date: | 13/11/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb10000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 3.9% |
| Dynamic/Decrypted Code Coverage: | 10.1% |
| Signature Coverage: | 52.4% |
| Total number of Nodes: | 773 |
| Total number of Limit Nodes: | 25 |
Graph
Function 004069A1 Relevance: 208.6, APIs: 6, Strings: 112, Instructions: 2052stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00436ADC Relevance: 91.3, APIs: 22, Strings: 29, Instructions: 2004COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040B81C Relevance: 70.2, APIs: 17, Strings: 22, Instructions: 1922stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040E14E Relevance: 40.3, APIs: 6, Strings: 16, Instructions: 1822stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00430E6C Relevance: 39.9, APIs: 14, Strings: 8, Instructions: 1432memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00434080 Relevance: 39.4, APIs: 10, Strings: 12, Instructions: 872registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0042AD82 Relevance: 25.7, Strings: 20, Instructions: 749COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00405AAA Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 448stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040620B Relevance: 21.4, APIs: 8, Strings: 4, Instructions: 445stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0042B9C5 Relevance: 16.7, Strings: 13, Instructions: 436COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040A928 Relevance: 14.5, APIs: 5, Strings: 3, Instructions: 475stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0042FD35 Relevance: 14.1, Strings: 11, Instructions: 308COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004262A1 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 391libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040B129 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 375nativefileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00422177 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 183nativeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00401FF9 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 254sleepCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004224A3 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 201nativeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0042C0DA Relevance: 6.8, Strings: 5, Instructions: 552COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0043B362 Relevance: 6.6, APIs: 1, Strings: 3, Instructions: 550stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00430228 Relevance: 5.7, Strings: 4, Instructions: 717COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004052D9 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 467encryptionCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0042F278 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 222stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0042CFBA Relevance: 5.4, Strings: 4, Instructions: 405COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00453BC4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116timeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040B7BB Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40nativeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040B7F5 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16nativeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 008ADB56 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004245EC Relevance: 1.7, APIs: 1, Instructions: 207nativeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00421EEB Relevance: 1.7, APIs: 1, Instructions: 153nativeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0042F1C2 Relevance: 1.5, APIs: 1, Instructions: 32nativeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044FB15 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00443998 Relevance: .0, Instructions: 12COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0042F625 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 418stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0233003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00432718 Relevance: 10.7, APIs: 7, Instructions: 234COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044CF15 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044575F Relevance: 9.3, APIs: 6, Instructions: 269COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00402FCC Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 283libraryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00453B82 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 140timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044E224 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02330E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00418BA2 Relevance: 1.8, APIs: 1, Instructions: 313COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0045699F Relevance: 1.5, APIs: 1, Instructions: 44memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00450330 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044EB6F Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 008AD815 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0233BA83 Relevance: 42.2, APIs: 5, Strings: 18, Instructions: 1922stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 023642E7 Relevance: 25.4, APIs: 7, Strings: 7, Instructions: 872registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0233E3B5 Relevance: 20.6, Strings: 15, Instructions: 1822COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00439535 Relevance: 10.9, Strings: 8, Instructions: 905COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00428334 Relevance: 9.8, Strings: 7, Instructions: 1067COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00424C8D Relevance: 7.4, Strings: 5, Instructions: 1174COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02332260 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 254sleepCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041EBEB Relevance: 6.8, Strings: 5, Instructions: 537COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 023603F5 Relevance: 6.6, Strings: 5, Instructions: 301COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0233AB8F Relevance: 6.5, APIs: 4, Instructions: 475stringCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044F244 Relevance: 6.3, APIs: 4, Instructions: 337COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00451FBC Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02382223 Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0043CE95 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0235D221 Relevance: 5.4, Strings: 4, Instructions: 405COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00424BED Relevance: 4.5, APIs: 3, Instructions: 32fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00448800 Relevance: 3.4, APIs: 2, Instructions: 449COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02378A67 Relevance: 3.4, APIs: 2, Instructions: 449COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0043BCA4 Relevance: 3.1, Strings: 2, Instructions: 611COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0043D600 Relevance: 3.1, APIs: 2, Instructions: 92COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044614F Relevance: 3.0, APIs: 2, Instructions: 44timeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0233B390 Relevance: 2.9, Strings: 2, Instructions: 375COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004279E0 Relevance: 1.8, Strings: 1, Instructions: 509COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00415070 Relevance: 1.7, Strings: 1, Instructions: 471COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 023452D7 Relevance: 1.7, Strings: 1, Instructions: 471COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0043D0B8 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00414A83 Relevance: 1.6, Strings: 1, Instructions: 352COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 023712BE Relevance: 1.6, Strings: 1, Instructions: 344COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040136E Relevance: 1.6, Strings: 1, Instructions: 318COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041F916 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0234FB7D Relevance: 1.6, APIs: 1, Instructions: 54COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00424B24 Relevance: 1.5, APIs: 1, Instructions: 47memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0043CE89 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041E6F0 Relevance: 1.5, Strings: 1, Instructions: 232COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004126B9 Relevance: .8, Instructions: 751COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0235C341 Relevance: .6, Instructions: 552COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041D1E9 Relevance: .5, Instructions: 492COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041204D Relevance: .5, Instructions: 486COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 023422B4 Relevance: .5, Instructions: 486COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040D994 Relevance: .5, Instructions: 464COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0233DBFB Relevance: .5, Instructions: 464COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041316D Relevance: .4, Instructions: 440COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041E083 Relevance: .4, Instructions: 379COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0234E2EA Relevance: .4, Instructions: 379COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00429A5B Relevance: .3, Instructions: 346COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00441057 Relevance: .3, Instructions: 344COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044234A Relevance: .3, Instructions: 344COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00410A33 Relevance: .3, Instructions: 313COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00418413 Relevance: .3, Instructions: 279COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00429730 Relevance: .2, Instructions: 246COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004109FC Relevance: .2, Instructions: 210COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044915B Relevance: .2, Instructions: 158COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02359ADA Relevance: .2, Instructions: 151COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00424995 Relevance: .1, Instructions: 132COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0043D8D0 Relevance: .1, Instructions: 76COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0236DB37 Relevance: .1, Instructions: 76COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00422817 Relevance: .1, Instructions: 68COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02352A7E Relevance: .1, Instructions: 68COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00426A42 Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 008AD433 Relevance: .1, Instructions: 61COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00410218 Relevance: .1, Instructions: 58COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00429EF7 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02373BFF Relevance: .0, Instructions: 12COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004269E4 Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0042F265 Relevance: .0, Instructions: 5COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0045999F Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 303COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0045C793 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044C5A0 Relevance: 9.3, APIs: 6, Instructions: 275COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00443916 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044623D Relevance: 7.6, APIs: 5, Instructions: 146COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00446CD2 Relevance: 7.6, APIs: 5, Instructions: 143pipeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00459DC4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 118COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00456D31 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004537D0 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044C89A Relevance: 6.1, APIs: 4, Instructions: 109COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00450F41 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00455DA6 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00455E0C Relevance: 6.0, APIs: 4, Instructions: 42COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0045962F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|