Edit tour
Windows
Analysis Report
i7j22nof2Q.exe
Overview
General Information
| Sample name: | i7j22nof2Q.exerenamed because original name is a hash value |
| Original sample name: | ad01c8fa6ec2371dfd9f57200f84e13a.exe |
| Analysis ID: | 1556586 |
| MD5: | ad01c8fa6ec2371dfd9f57200f84e13a |
| SHA1: | 0fb1d82d89253d853dcb0e5d66f4b0d2b067b48d |
| SHA256: | 5179029eb225a9937cc7507b084cc8418f4d84e3c99e13b5a2a0cc8fdba75bd3 |
| Tags: | exeSocks5Systemzuser-abuse_ch |
| Infos: |  |
 | |
Detection
Socks5Systemz
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Multi AV Scanner detection for dropped file
Suricata IDS alerts for network traffic
Yara detected Socks5Systemz
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to infect the boot sector
Found API chain indicative of debugger detection
Machine Learning detection for dropped file
PE file has a writeable .text section
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query network adapater information
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
i7j22nof2Q.exe (PID: 7452 cmdline: "C:\Users\ user\Deskt op\i7j22no f2Q.exe" MD5: AD01C8FA6EC2371DFD9F57200F84E13A) - i7j22nof2Q.tmp (PID: 7504 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\is-C5F IO.tmp\i7j 22nof2Q.tm p" /SL5="$ 20410,5992 012,721408 ,C:\Users\ user\Deskt op\i7j22no f2Q.exe" MD5: 438F4076E92D3C839405BAB4652FE2CE) 
net.exe (PID: 7564 cmdline: "C:\Window s\system32 \net.exe" pause avid enta_11132 MD5: 31890A7DE89936F922D44D677F681A7F) 
conhost.exe (PID: 7572 cmdline: C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - net1.exe (PID: 7616 cmdline:
C:\Windows \system32\ net1 pause avidenta_ 11132 MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1) 
avidenta32.exe (PID: 7624 cmdline: "C:\Users\ user\AppDa ta\Local\A videnta 2. 8.8\aviden ta32.exe" -i MD5: 5F301B2942D42D35402C384009767E5F)
- cleanup
{"C2 list": ["bvubwie.com"]}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Socks5Systemz | Yara detected Socks5Systemz | Joe Security | ||
| JoeSecurity_Socks5Systemz | Yara detected Socks5Systemz | Joe Security | ||
| JoeSecurity_Socks5Systemz | Yara detected Socks5Systemz | Joe Security |
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-15T17:25:15.488237+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49710 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:16.517420+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49711 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:19.747761+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49711 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:20.781819+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49713 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:21.829341+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49715 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:22.884065+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49716 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:23.303855+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49716 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:23.720551+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49716 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:24.765774+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49717 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:25.809295+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49718 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:26.918910+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49719 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:28.130423+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49720 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:29.165529+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49721 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:29.578428+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49721 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:30.640804+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49722 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:31.700049+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49723 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:33.703580+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49724 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:34.764778+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49725 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:35.791590+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49726 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:36.209969+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49726 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:37.353042+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49727 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:38.398773+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49728 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:38.819187+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49728 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:39.884726+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49729 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:40.306930+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49729 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:41.060962+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49729 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:42.462478+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49730 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:42.876613+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49730 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:43.925251+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49731 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:44.959529+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49732 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:45.391480+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49732 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:46.443060+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49733 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:47.483529+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49734 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:48.509317+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49735 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:48.919795+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49735 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:50.004223+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49736 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:51.022745+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49737 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:51.435958+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49737 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:52.493124+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49738 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:52.911237+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49738 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:53.950270+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49739 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:54.992378+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49740 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:55.412025+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49740 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:56.446147+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49741 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:57.555761+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49742 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:57.976783+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49742 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:58.405379+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49742 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:59.440168+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49743 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:00.475281+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49744 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:01.253247+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49744 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:02.307033+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49745 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:03.346268+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49746 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:04.405876+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49747 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:05.453159+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49748 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:06.517400+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49749 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:07.553501+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49750 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:08.666118+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49751 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:09.093843+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49751 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:10.138651+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49752 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:11.177320+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49753 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:12.224964+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49754 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:12.645092+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49754 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:13.662002+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49755 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:14.714239+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49756 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:15.131551+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49756 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:16.173876+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49757 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:17.224984+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49758 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:18.272171+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49759 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:19.404347+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49760 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:20.440481+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49761 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:21.490160+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49762 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:22.570609+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49763 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:23.652674+0100 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.9 | 49764 | 185.208.158.202 | 80 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | ||
| Source: | ReversingLabs: | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Code function: | 2_2_10001000 | |
| Source: | Code function: | 2_2_10001130 | |
Compliance | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Static PE information: | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | URLs: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | Code function: | 6_2_02CA72AB | |
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
System Summary | |
|---|
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 6_2_00401A4F | |
| Source: | Code function: | 6_2_00401051 | |
| Source: | Code function: | 6_2_00401C26 | |
| Source: | Code function: | 6_2_00406FB7 | |
| Source: | Code function: | 6_2_02CDB4E5 | |
| Source: | Code function: | 6_2_02CBE25D | |
| Source: | Code function: | 6_2_02CAF085 | |
| Source: | Code function: | 6_2_02CC4EF9 | |
| Source: | Code function: | 6_2_02CC2E84 | |
| Source: | Code function: | 6_2_02CBE675 | |
| Source: | Code function: | 6_2_02CB9F54 | |
| Source: | Code function: | 6_2_02CC5470 | |
| Source: | Code function: | 6_2_02CBDD69 | |
| Source: | Code function: | 6_2_02CBAD0A | |
| Source: | Code function: | 6_2_02CB8512 | |
| Source: | Dropped File: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 6_2_02CB08D0 | |
| Source: | Code function: | 6_2_00402BAD | |
| Source: | Code function: | 6_2_00401F64 | |
| Source: | Code function: | 6_2_00402232 | |
| Source: | Code function: | 6_2_00402232 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key value created or modified: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | String found in binary or memory: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Key value created or modified: | Jump to behavior | ||
| Source: | Window found: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Data Obfuscation | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Unpacked PE file: | ||
| Source: | Code function: | 6_2_00401B4B | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 6_2_0040D417 | |
| Source: | Code function: | 6_2_0040D677 | |
| Source: | Code function: | 6_2_00402523 | |
| Source: | Code function: | 6_2_004030DE | |
| Source: | Code function: | 6_2_0040D417 | |
| Source: | Code function: | 6_2_0040B6D9 | |
| Source: | Code function: | 6_2_0040D417 | |
| Source: | Code function: | 6_2_0040B6D9 | |
| Source: | Code function: | 6_2_02D109B9 | |
| Source: | Code function: | 6_2_02CFAA4F | |
| Source: | Code function: | 6_2_02CFAA68 | |
| Source: | Code function: | 6_2_02CFAA6F | |
| Source: | Code function: | 6_2_02D16A2B | |
| Source: | Code function: | 6_2_02D28D84 | |
| Source: | Code function: | 6_2_02D28D9E | |
| Source: | Code function: | 6_2_02D28DDC | |
| Source: | Code function: | 6_2_02CDFAEC | |
| Source: | Code function: | 6_2_02D0F388 | |
| Source: | Code function: | 6_2_02CB8C08 | |
| Source: | Code function: | 6_2_02CAEF9E | |
| Source: | Code function: | 6_2_02CC546B | |
| Source: | Code function: | 6_2_02CA546F | |
| Source: | Code function: | 6_2_02CC541E | |
Persistence and Installation Behavior | |
|---|
| Source: | Code function: | 6_2_00401A4F | |
| Source: | Code function: | 6_2_02CAF8AE | |
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
Boot Survival | |
|---|
| Source: | Code function: | 6_2_00401A4F | |
| Source: | Code function: | 6_2_02CAF8AE | |
| Source: | Code function: | 6_2_00402232 | |
| Source: | Code function: | 6_2_02CB8512 | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Code function: | 6_2_00401B4B | |
| Source: | Code function: | 6_2_02CAF9B2 | |
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Evasive API call chain: | graph_6-19511 | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_6-19512 | ||
| Source: | API call chain: | graph_6-19981 | ||
| Source: | Process information queried: | Jump to behavior | ||
Anti Debugging | |
|---|
| Source: | Debugger detection routine: | graph_6-21992 | ||
| Source: | Code function: | 6_2_02CC01CE | |
| Source: | Code function: | 6_2_02CC01CE | |
| Source: | Code function: | 6_2_00401B4B | |
| Source: | Code function: | 6_2_02CA648B | |
| Source: | Code function: | 6_2_02CB9538 | |
| Source: | Process created: | Jump to behavior | ||
| Source: | Code function: | 6_2_02CAF866 | |
| Source: | Code function: | 6_2_0040D1C8 | |
| Source: | Code function: | 2_2_10001000 | |
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | 5 Windows Service | 5 Windows Service | 2 Obfuscated Files or Information | LSASS Memory | 23 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | 2 Service Execution | 1 Bootkit | 11 Process Injection | 2 Software Packing | Security Account Manager | 241 Security Software Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 1 Process Discovery | Distributed Component Object Model | Input Capture | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Masquerading | LSA Secrets | 121 Virtualization/Sandbox Evasion | SSH | Keylogging | 112 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 121 Virtualization/Sandbox Evasion | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 11 Process Injection | DCSync | 2 System Owner/User Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 Bootkit | Proc Filesystem | 1 Remote System Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
| Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | HTML Smuggling | /etc/passwd and /etc/shadow | 1 System Network Configuration Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Avira | HEUR/AGEN.1332534 |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Joe Sandbox ML | |||
| 67% | ReversingLabs | Win32.Trojan.Ekstak | ||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 67% | ReversingLabs | Win32.Trojan.Ekstak | ||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| bvubwie.com | 185.208.158.202 | true | true | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown | |
| true |
| unknown | |
| true |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 185.208.158.202 | bvubwie.com | Switzerland | 34888 | SIMPLECARRER2IT | true | |
| 89.105.201.183 | unknown | Netherlands | 24875 | NOVOSERVE-ASNL | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1556586 |
| Start date and time: | 2024-11-15 17:23:14 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 57s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 12 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | i7j22nof2Q.exerenamed because original name is a hash value |
| Original Sample Name: | ad01c8fa6ec2371dfd9f57200f84e13a.exe |
| Detection: | MAL |
| Classification: | mal100.troj.evad.winEXE@10/57@1/2 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target i7j22nof2Q.tmp, PID 7504 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: i7j22nof2Q.exe
| Time | Type | Description |
|---|---|---|
| 11:24:55 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 185.208.158.202 | Get hash | malicious | LummaC, Amadey, LummaC Stealer, Stealc, Vidar | Browse | ||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, Socks5Systemz, Stealc, Vidar | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| 89.105.201.183 | Get hash | malicious | Socks5Systemz | Browse |
| |
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
|
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| SIMPLECARRER2IT | Get hash | malicious | LummaC, Amadey, LummaC Stealer, Stealc, Vidar | Browse |
| |
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, Socks5Systemz, Stealc, Vidar | Browse |
| ||
| NOVOSERVE-ASNL | Get hash | malicious | LummaC, Amadey, LummaC Stealer, Stealc, Vidar | Browse |
| |
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, Socks5Systemz, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
|
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Avidenta 2.8.8\CH375DLL.dll (copy) | Get hash | malicious | LummaC, Amadey, LummaC Stealer, Stealc, Vidar | Browse | ||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, Stealc, Vidar, Zhark RAT | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Babadeda SystemBC | Browse |
| Process: | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8 |
| Entropy (8bit): | 2.0 |
| Encrypted: | false |
| SSDEEP: | 3:JB:j |
| MD5: | 9E18E2301D9F3939E1880C61A34E1D45 |
| SHA1: | 4DA7060DFC815D567FA775B587CF2163A05DED0C |
| SHA-256: | 7D23B62606F919BABEC65E464CFE778372F58B9DA2309FA8FE5870BAB1220F93 |
| SHA-512: | 51939494DD275D4063FD0D3B71FDF01811D43EC0085FA96F7C9C5E69BED8885DEDC4770A10C2B3B053DD14EED6188E8A127F965DADFFC5BD50B3C884E66B45D1 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:B:B |
| MD5: | B1DD6CE1962B44284E65236B55569647 |
| SHA1: | 431843DD3CC038DAD438BD24384025DBC2A56BB7 |
| SHA-256: | BA8C9EAC092A503E4FB70771C34A00C5BB651043DE24DB4D3525EBBB3EE7FF08 |
| SHA-512: | 3094130EEC92FF403E7529287BA26EF0AFF8A9BB77572B0CCBD143CCFB2B4FC2175AD8D6137559475C78418C33C253A87F5462E9C6430D463540250CABE110E2 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 128 |
| Entropy (8bit): | 2.9545817380615236 |
| Encrypted: | false |
| SSDEEP: | 3:SmwW3Fde9UUDrjStGs/:Smze7DPStGM |
| MD5: | 98DDA7FC0B3E548B68DE836D333D1539 |
| SHA1: | D0CB784FA2BBD3BDE2BA4400211C3B613638F1C6 |
| SHA-256: | 870555CDCBA1F066D893554731AE99A21AE776D41BCB680CBD6510CB9F420E3D |
| SHA-512: | E79BD8C2E0426DBEBA8AC2350DA66DC0413F79860611A05210905506FEF8B80A60BB7E76546B0CE9C6E6BC9DDD4BC66FF4C438548F26187EAAF6278F769B3AC1 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 128 |
| Entropy (8bit): | 1.7095628900165245 |
| Encrypted: | false |
| SSDEEP: | 3:LDXdQSWBdMUE/:LLdQSGd |
| MD5: | 4FFFD4D2A32CBF8FB78D521B4CC06680 |
| SHA1: | 3FA6EFA82F738740179A9388D8046619C7EBDF54 |
| SHA-256: | EC52F73A17E6AFCF78F3FD8DFC7177024FEB52F5AC2B602886788E4348D5FB68 |
| SHA-512: | 130A074E6AD38EEE2FB088BED2FCB939BF316B0FCBB4F5455AB49C2685BEEDCB5011107A22A153E56BF5E54A45CA4801C56936E71899C99BA9A4F694A1D4CC6D |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3805184 |
| Entropy (8bit): | 6.981118512863489 |
| Encrypted: | false |
| SSDEEP: | 49152:8vEFI1Qof0vYjuVdAHf73Or2+595THLZHePIoIrIk7jsIJq4qXMnF89:8vEFaQjAjuYHf7erx5TNepUJ |
| MD5: | 5F301B2942D42D35402C384009767E5F |
| SHA1: | CF7A22C7C4A3C535B1B76D8B4FD5E17B3166FF44 |
| SHA-256: | 7909A486FB464E8332395296B6D1930B0B2E2B008BBA1E68B696D315BC5B3323 |
| SHA-512: | 9BF15BC5D25853AA66FDD88B1464CAC2D1D58AE556BBD53506FEBA88DF52A775835A4EC7D1AAA1A00414044C87C2299298D1D9DC5CEA91125574C63BD789307B |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 15864 |
| Entropy (8bit): | 5.446150628226878 |
| Encrypted: | false |
| SSDEEP: | 384:zVQEjoZ7ooLzDCccymQx/9DSpNAJemtjf0Ncl08:zV1joxLH1SpKJtTF08 |
| MD5: | 43F2BC6828B177477C2F98B8973460E8 |
| SHA1: | F0A3C975346AF66A843E8B49574DC9083CD32E02 |
| SHA-256: | 3B578B15AD0D0747E8A3D958A0E7BF1FF6D5C335B8894FF7A020604DA008D79D |
| SHA-512: | 2449C3D615E5BCECE4C1B773FE629A75061A3E1488F6D3D743D7D209F1D687F26997937AB13B3A1B89B650D122DB030D2188E1E89BC1AB03CF2DF9A29CAA456C |
| Malicious: | true |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 56223 |
| Entropy (8bit): | 7.675938408908281 |
| Encrypted: | false |
| SSDEEP: | 1536:/+jsHu4IMEuSznazX2TQZwm+WxhM6HMy6Z7:/ppIMEulGTuwmXhMwMB |
| MD5: | 619CA288DE840F0BEC52218DB7F2036C |
| SHA1: | D1D5389AAE91284734F4940BD8319CFA2BC40A0D |
| SHA-256: | C2A6D78B635CA45E316D10936EF7507B1643F4674BAA08B79FE22285EADC3966 |
| SHA-512: | 4FACBC40E37F9801E9177A057D55BF236C5FBCE5397AF973B60B21C027AB258FD1A91B893F93AE3100A6785AD67089FBF623C121B7D4990A987A311E47314E5C |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 132979 |
| Entropy (8bit): | 7.662743912764236 |
| Encrypted: | false |
| SSDEEP: | 3072:viQWV2mUue1Kkp5F8U4rpAzmYDbUabHidS42O9mR:vTWa91dFr4rpwnUTdF2O6 |
| MD5: | F88752DB58C53A82F2DCD5D11F8233AB |
| SHA1: | 6D41999B017AD74783339AD00E03811F48A60E97 |
| SHA-256: | 8B5AD9F2E46D3331989887761AFB6C3C7786BCA8D846444BF2FF234FD4E0E2DD |
| SHA-512: | 86350CC5DB773D092BFBDCB5710E90391ECE9D243E16706CD17E62197683520478FD32C2D4036DF45AF9326F59BF263A7FF7E56C662BEC5AA3960F6328852A00 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 543833 |
| Entropy (8bit): | 7.50496335178111 |
| Encrypted: | false |
| SSDEEP: | 6144:9DQ1236dLlSmlgZOw9/+wdM0zOyJromlIK1Z7HsH1GpYMnhdjYnDf67:dx6dLk/xSc+6sV8YIhdkDf67 |
| MD5: | 7D692438B7E70DE932BC386A3D44D319 |
| SHA1: | 5FC91DF8EA79A005A8583DCF44E0D48B7EC5A90F |
| SHA-256: | 05CB2D622DDEED62E052B8BBDB19DBE99B83F44F4447408601823B518D330586 |
| SHA-512: | 1A605B25724B91BE5802104BC8BAA0C4EB0A3638CFD84D8AECFF10FC41B72BFD44DDD8DA34373C1BB8B7C8D4823D222441E0CFAF9696B8F119F8BEA37ED9724D |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 81816 |
| Entropy (8bit): | 7.707519991934002 |
| Encrypted: | false |
| SSDEEP: | 1536:bsicsYedzR8eO9gKbvL2aiWqAIqwsoxlprW+DWu8UYHI7zoZ8jPy74RSBsZ:7p/dG9Bbz2DWqA1w7jKGWY3oujfRSBsZ |
| MD5: | 4C1F9B5ECF86DC7B839BF5D8F3ADFDC0 |
| SHA1: | CC6D1748BD0FFBB9036C0D871EC894E59B1CD6FC |
| SHA-256: | F2A2A3C04FB8E6E9467A62B408F705D77C9A4269B2ADF5EC1947A871A0D1C4F9 |
| SHA-512: | C49470EBA77A8616E7CE32CFE8DA98010635BDA0046BD8904328D11777162DE9774635F20627A772F24719DA3C7E217CDEB8A8ED41BBD71B04C722D6F0E217AB |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 66594 |
| Entropy (8bit): | 7.800838697373916 |
| Encrypted: | false |
| SSDEEP: | 1536:bOqndgG+IQ32TpUJz0DXmKTmg9usUFSZVl:bvQ3216zuXlFZVl |
| MD5: | DE2D8D73F85285535A13F89B0F904847 |
| SHA1: | A4A42EB9FA7F9C8A51CD24560D999163DEE57290 |
| SHA-256: | 306F7E5AFA1685939708DBBDAC6A0DD91DFE7C106BA6F84780BE9E44656B775B |
| SHA-512: | CD1E87D933E8E821769721A1B03E244655D519722329E114388FD5E18F4DA57DAA7D2E769379C4938BA8F958AA71A87FD1DA194967A57EF5B94AA3347ECB8D29 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Avidenta 2.8.8\Library\MichelleMyBelle Creations.scal (copy)
Download File
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 595545 |
| Entropy (8bit): | 7.0713050562667386 |
| Encrypted: | false |
| SSDEEP: | 12288:fTBZLFkAEYvIfNLmu2cTbZqSNTuh4kMjBUJ84Ch9ycd8sl:f7LgLF2cbZtNT+sjOJXCrgsl |
| MD5: | 3695D419AA9C7B11C464BE2A58A40530 |
| SHA1: | C73513DF0555DB421EF81EF436136E53CCF4EE11 |
| SHA-256: | 0487C6C64C185AC5BF459A907F302E363E5A162081B651570E691B3EA07818DD |
| SHA-512: | 54883F5E76E2208856F07DC16C9E5BCEA3ACBDA7C4B9CE48BF043CC371AD57F2925DCB6360CA85F5725609FC692906546B6E5BF70D8F839A206E06316C9E2F59 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 44241 |
| Entropy (8bit): | 7.747233988337866 |
| Encrypted: | false |
| SSDEEP: | 768:tZh3JPKW648iSo736Az5jwwcFuyZ3Y1Lnhe5xaLZPTAXogkA1sywv6:thPKz4/7h6fZ3Y1LhqxaB0Xrkosfv6 |
| MD5: | 561A63F0CD4A70F3134143A5E266E58D |
| SHA1: | 18F871AE3532B1F9A030EBF2EEE7AA7A4491D60C |
| SHA-256: | 7C1B0B11EBF37D03AE2F6CF5135593D604BC1D3BF942329A3952DC0CCB770769 |
| SHA-512: | 52F15AE1794120CA3E7E6204A4AEC9364BB8EBF7BF446753C53E8B5232BD7F76114603DABF41562318903EBEBB5390CDC4E651CDB33350AC5F3C0BDEDBBE3594 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 76044 |
| Entropy (8bit): | 7.781593198930996 |
| Encrypted: | false |
| SSDEEP: | 1536:9zCUsvuDmEm7KAaAJB2x56SPCwlkmsKpUaYVRMguAIXSA2:9z/s2Vm7KAajfl/sKpUaYVRM8YSf |
| MD5: | FA20A58E0C27D4DED87150AADDBB2556 |
| SHA1: | 74CF094D22A5806FD0DF01701851309CA3D3F263 |
| SHA-256: | A047FE59A6C64A6C17B887934245E64DAB2CDA4925B259456596C2C597740D75 |
| SHA-512: | 3E1C65AD1FB8728724FEFCB8601918BEABCFBF4DC31AE17BC5BAD66BFA32DB184950AC077B0B27AE399A4B3A6B5890AAB325805F4444CDF07C4D216B7FDA4EDD |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 92038 |
| Entropy (8bit): | 7.7200406826946235 |
| Encrypted: | false |
| SSDEEP: | 1536:ca4Jw4jmV7T35O0vMSndbJMZSMSU514ph64P8beNFbWmGINBU0Od:ca2bmh35rkmrU5f4P8beNhhG0rM |
| MD5: | E98226F38153CFBF93BF77744E364434 |
| SHA1: | 6E613678B12144ADAA5ADCC18AA40965EB903101 |
| SHA-256: | 825F3BA18ABDFA2164FBC1D183D8C1C178C9D99C3C4B694AC358D833A755D241 |
| SHA-512: | 228B1334D11F455EC6610DB53E36BCC2D747975EB5E8D650D41C92FD856A34E266ACE5A8A094FCE407E518EF76B6E0B00C983A0CDCE2B930B2222E16A4B6A5CD |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 114158 |
| Entropy (8bit): | 7.754245071397085 |
| Encrypted: | false |
| SSDEEP: | 3072:o4KTAq4ntdBWZ4H9fCXCzTP0UuBkZcvqqUnj7K:ITCtzg4dCkgUuM1ju |
| MD5: | 1092617765A52BADA8A812FEA901B137 |
| SHA1: | 31DAA90CFE29AFA8E3FAAA10C049B45834833308 |
| SHA-256: | 88FF0A560A3DA375C323FD0C3761328419A06BA58E373EFB09F8418BC7EFF393 |
| SHA-512: | 37DA07F3DA44D298CED21FA3323B54CADC839F3C19ACE0FC000A614C0D8FAD833ABC06C6239C89D8FFAB465848FADB3E667D365DB8310286935705A118FBF901 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 132558 |
| Entropy (8bit): | 7.669771822889911 |
| Encrypted: | false |
| SSDEEP: | 3072:aqP0FOHIgQ/1E8d9ko/te/O+MFgriBmVdQIKgaKKHEZkiIZR1WjA/sBf:3P+Oogc1EyO8t4LMFgri0/3EPnIsEf |
| MD5: | E6497DA72921573C22D29C664B5C1EAA |
| SHA1: | 5D2F7BBC3E94BDCA08B9DABBE47CB4762024FCB8 |
| SHA-256: | 17BB9F3422F532DDFE5D6C9602E9E49BE765E4848ACA1C191CF0484B0092AB59 |
| SHA-512: | 1090C1B1D4005725DF62A20D8D4D68E0B561E7A285104CBD99F42E16A170A1BA8A2452F05162212D05683264104DEE3F504C90CE38033A393E92B62427397562 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 59279 |
| Entropy (8bit): | 7.723890349807642 |
| Encrypted: | false |
| SSDEEP: | 1536:WQSDmzHAmdxSMSfXUkfK9H3BpBZYtzWBiAmNHDm:W35mdxS2kfOHR1sqB8g |
| MD5: | A667A4635760A604F5E90455657DF9BA |
| SHA1: | 3ACEABEEDCFF9C6F7922FC954218D42D08B54A1F |
| SHA-256: | 196FD731971B11B3873D52EE13C1EFAC4BF9F0F91D82856CBBE05CA1FB659152 |
| SHA-512: | 3ABCFEC0BC6D820F4317A32B3E027B1CC3D4438825844618AEEF1443C8A0F9A059C1FAF36ACE16F6CD156260D74BC92BDC9EA489BE8F23B1FEA069D795E0B1E3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 56822 |
| Entropy (8bit): | 7.651463699422176 |
| Encrypted: | false |
| SSDEEP: | 768:1ro+zsC5ugrZR+LeBc+m5IShs7ohcTvNg2xhMNdZ/aDIg2fbGw:pugrb+LeGvNukcTlg20V/anS1 |
| MD5: | 1FF0C9489E836499DB1ED7B3417BA478 |
| SHA1: | 750206AB4FBD34B17205ADF33710F91140323915 |
| SHA-256: | 74A96CB715FB81EB958BE3DFB60AF0C716D6CB0EF7DD1F5217CD15594DC3F39E |
| SHA-512: | 7EDE209919E3ECF80C47EBEC43207195AAC41C71F4C8398115AF2807EF07043A984086251C0A683A3F5F60AF51304D3559F9CC5385CE782FF5F6FA28B34F40B2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 64537 |
| Entropy (8bit): | 7.783531894467484 |
| Encrypted: | false |
| SSDEEP: | 1536:mY9p0pAuZhUVKdEmHZt/YPBkBbnFeAHiix8qwQ1tTepK:m1EVmT/YpMT8qwQoK |
| MD5: | B877B821FAA0514BE7D67132C026D97B |
| SHA1: | B634758494358A2951799BDCDAA664271DFAD248 |
| SHA-256: | 32BC4297D594164F7BE3753FE2328132B0562C81C5EA18AC97831AE10C707F1B |
| SHA-512: | FD47CD1C73A83DAC589EE449D28BAC8E6AFE4D74BFBC077D670BF57A7BF141B7865BDE1F0C5179A7BC9569917ACD9967C6D173B7967442648E104F420C7A921F |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 211380 |
| Entropy (8bit): | 7.37236649718158 |
| Encrypted: | false |
| SSDEEP: | 3072:IOT3BfdrN6I+0ZQ/yYLtpAYVZy72KKkhaQ3iBbuRb4yVgwNefQd2Flx4wL0wT:1RFrN6I+02yf2KkJBOb4yVlefQ2FnT |
| MD5: | 5D5EAAC4FAA75CB7478198FEC28895CC |
| SHA1: | D7FC225DE85266FACABF314B166C957FF35EB122 |
| SHA-256: | 032B715FDE24B59BE882D379968C681AF09F0B15E9F42A9C55B8A668D78A36C7 |
| SHA-512: | DA90291D9022BADA837498A501DAC94414EE2B9A59724C7ADC656EDEA6FC8EAA060981B29ACFB92BC4BBFD358CAA6F379EB6C1B89510F2062E53B96A23888656 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 96301 |
| Entropy (8bit): | 7.809129886497833 |
| Encrypted: | false |
| SSDEEP: | 1536:dINDJFcDGljnsSvjgSyRFLcqIqE+yh319vpvKA9Z4CPOSLbnBKoIytnR2kJ7dm:iRcCBbv0SyRFByd3vFKCGSXBKTyLRdm |
| MD5: | E82C623CE1F741A9F4FDE9DC43F23630 |
| SHA1: | C2E84F76BFC81C1789AE7BB6AEE197E186774697 |
| SHA-256: | 05D668F5C491AA51C7DA93862D3E3C5843A27631BBD1C0EF8034B94080D6CE00 |
| SHA-512: | 6B51E4BE629BA85CA583A703700FD2CBFD43734BB29433BA4453CA068B767AB05B1F4084C71B22D6BF11D0B5CA73B9F4FF61A32436BA1A62CA465F1005847109 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 77426 |
| Entropy (8bit): | 7.644517291394499 |
| Encrypted: | false |
| SSDEEP: | 1536:3tRKxIbZjmpsrGj6q+RZFHMqxU9pSKi2RWscqh8Pi7Bs:3tR9bZycVlxzKnv78Pi7a |
| MD5: | 39DC4CE3E509EE530E2EC97E03E227D6 |
| SHA1: | E60B00E89197208BE2D9CF8F3C6C8661FBDEAED1 |
| SHA-256: | 5296290ACDD86B7DABEAFABC26D0EF6FDD1A8DD9EA2914F036B94D0AD115B973 |
| SHA-512: | 39711AE42F87C3E3B0E17A8378EFE05C416BA4D1895FF6F6E718B384D5C7699C318FF36CF420DCD480094EABCD9F07672ECB1FE3F4A3E64E8EF6C6450A010BD8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 132979 |
| Entropy (8bit): | 7.662743912764236 |
| Encrypted: | false |
| SSDEEP: | 3072:viQWV2mUue1Kkp5F8U4rpAzmYDbUabHidS42O9mR:vTWa91dFr4rpwnUTdF2O6 |
| MD5: | F88752DB58C53A82F2DCD5D11F8233AB |
| SHA1: | 6D41999B017AD74783339AD00E03811F48A60E97 |
| SHA-256: | 8B5AD9F2E46D3331989887761AFB6C3C7786BCA8D846444BF2FF234FD4E0E2DD |
| SHA-512: | 86350CC5DB773D092BFBDCB5710E90391ECE9D243E16706CD17E62197683520478FD32C2D4036DF45AF9326F59BF263A7FF7E56C662BEC5AA3960F6328852A00 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 132558 |
| Entropy (8bit): | 7.669771822889911 |
| Encrypted: | false |
| SSDEEP: | 3072:aqP0FOHIgQ/1E8d9ko/te/O+MFgriBmVdQIKgaKKHEZkiIZR1WjA/sBf:3P+Oogc1EyO8t4LMFgri0/3EPnIsEf |
| MD5: | E6497DA72921573C22D29C664B5C1EAA |
| SHA1: | 5D2F7BBC3E94BDCA08B9DABBE47CB4762024FCB8 |
| SHA-256: | 17BB9F3422F532DDFE5D6C9602E9E49BE765E4848ACA1C191CF0484B0092AB59 |
| SHA-512: | 1090C1B1D4005725DF62A20D8D4D68E0B561E7A285104CBD99F42E16A170A1BA8A2452F05162212D05683264104DEE3F504C90CE38033A393E92B62427397562 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 77426 |
| Entropy (8bit): | 7.644517291394499 |
| Encrypted: | false |
| SSDEEP: | 1536:3tRKxIbZjmpsrGj6q+RZFHMqxU9pSKi2RWscqh8Pi7Bs:3tR9bZycVlxzKnv78Pi7a |
| MD5: | 39DC4CE3E509EE530E2EC97E03E227D6 |
| SHA1: | E60B00E89197208BE2D9CF8F3C6C8661FBDEAED1 |
| SHA-256: | 5296290ACDD86B7DABEAFABC26D0EF6FDD1A8DD9EA2914F036B94D0AD115B973 |
| SHA-512: | 39711AE42F87C3E3B0E17A8378EFE05C416BA4D1895FF6F6E718B384D5C7699C318FF36CF420DCD480094EABCD9F07672ECB1FE3F4A3E64E8EF6C6450A010BD8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 56822 |
| Entropy (8bit): | 7.651463699422176 |
| Encrypted: | false |
| SSDEEP: | 768:1ro+zsC5ugrZR+LeBc+m5IShs7ohcTvNg2xhMNdZ/aDIg2fbGw:pugrb+LeGvNukcTlg20V/anS1 |
| MD5: | 1FF0C9489E836499DB1ED7B3417BA478 |
| SHA1: | 750206AB4FBD34B17205ADF33710F91140323915 |
| SHA-256: | 74A96CB715FB81EB958BE3DFB60AF0C716D6CB0EF7DD1F5217CD15594DC3F39E |
| SHA-512: | 7EDE209919E3ECF80C47EBEC43207195AAC41C71F4C8398115AF2807EF07043A984086251C0A683A3F5F60AF51304D3559F9CC5385CE782FF5F6FA28B34F40B2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 543833 |
| Entropy (8bit): | 7.50496335178111 |
| Encrypted: | false |
| SSDEEP: | 6144:9DQ1236dLlSmlgZOw9/+wdM0zOyJromlIK1Z7HsH1GpYMnhdjYnDf67:dx6dLk/xSc+6sV8YIhdkDf67 |
| MD5: | 7D692438B7E70DE932BC386A3D44D319 |
| SHA1: | 5FC91DF8EA79A005A8583DCF44E0D48B7EC5A90F |
| SHA-256: | 05CB2D622DDEED62E052B8BBDB19DBE99B83F44F4447408601823B518D330586 |
| SHA-512: | 1A605B25724B91BE5802104BC8BAA0C4EB0A3638CFD84D8AECFF10FC41B72BFD44DDD8DA34373C1BB8B7C8D4823D222441E0CFAF9696B8F119F8BEA37ED9724D |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 211380 |
| Entropy (8bit): | 7.37236649718158 |
| Encrypted: | false |
| SSDEEP: | 3072:IOT3BfdrN6I+0ZQ/yYLtpAYVZy72KKkhaQ3iBbuRb4yVgwNefQd2Flx4wL0wT:1RFrN6I+02yf2KkJBOb4yVlefQ2FnT |
| MD5: | 5D5EAAC4FAA75CB7478198FEC28895CC |
| SHA1: | D7FC225DE85266FACABF314B166C957FF35EB122 |
| SHA-256: | 032B715FDE24B59BE882D379968C681AF09F0B15E9F42A9C55B8A668D78A36C7 |
| SHA-512: | DA90291D9022BADA837498A501DAC94414EE2B9A59724C7ADC656EDEA6FC8EAA060981B29ACFB92BC4BBFD358CAA6F379EB6C1B89510F2062E53B96A23888656 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 96301 |
| Entropy (8bit): | 7.809129886497833 |
| Encrypted: | false |
| SSDEEP: | 1536:dINDJFcDGljnsSvjgSyRFLcqIqE+yh319vpvKA9Z4CPOSLbnBKoIytnR2kJ7dm:iRcCBbv0SyRFByd3vFKCGSXBKTyLRdm |
| MD5: | E82C623CE1F741A9F4FDE9DC43F23630 |
| SHA1: | C2E84F76BFC81C1789AE7BB6AEE197E186774697 |
| SHA-256: | 05D668F5C491AA51C7DA93862D3E3C5843A27631BBD1C0EF8034B94080D6CE00 |
| SHA-512: | 6B51E4BE629BA85CA583A703700FD2CBFD43734BB29433BA4453CA068B767AB05B1F4084C71B22D6BF11D0B5CA73B9F4FF61A32436BA1A62CA465F1005847109 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 66594 |
| Entropy (8bit): | 7.800838697373916 |
| Encrypted: | false |
| SSDEEP: | 1536:bOqndgG+IQ32TpUJz0DXmKTmg9usUFSZVl:bvQ3216zuXlFZVl |
| MD5: | DE2D8D73F85285535A13F89B0F904847 |
| SHA1: | A4A42EB9FA7F9C8A51CD24560D999163DEE57290 |
| SHA-256: | 306F7E5AFA1685939708DBBDAC6A0DD91DFE7C106BA6F84780BE9E44656B775B |
| SHA-512: | CD1E87D933E8E821769721A1B03E244655D519722329E114388FD5E18F4DA57DAA7D2E769379C4938BA8F958AA71A87FD1DA194967A57EF5B94AA3347ECB8D29 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 59279 |
| Entropy (8bit): | 7.723890349807642 |
| Encrypted: | false |
| SSDEEP: | 1536:WQSDmzHAmdxSMSfXUkfK9H3BpBZYtzWBiAmNHDm:W35mdxS2kfOHR1sqB8g |
| MD5: | A667A4635760A604F5E90455657DF9BA |
| SHA1: | 3ACEABEEDCFF9C6F7922FC954218D42D08B54A1F |
| SHA-256: | 196FD731971B11B3873D52EE13C1EFAC4BF9F0F91D82856CBBE05CA1FB659152 |
| SHA-512: | 3ABCFEC0BC6D820F4317A32B3E027B1CC3D4438825844618AEEF1443C8A0F9A059C1FAF36ACE16F6CD156260D74BC92BDC9EA489BE8F23B1FEA069D795E0B1E3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 44241 |
| Entropy (8bit): | 7.747233988337866 |
| Encrypted: | false |
| SSDEEP: | 768:tZh3JPKW648iSo736Az5jwwcFuyZ3Y1Lnhe5xaLZPTAXogkA1sywv6:thPKz4/7h6fZ3Y1LhqxaB0Xrkosfv6 |
| MD5: | 561A63F0CD4A70F3134143A5E266E58D |
| SHA1: | 18F871AE3532B1F9A030EBF2EEE7AA7A4491D60C |
| SHA-256: | 7C1B0B11EBF37D03AE2F6CF5135593D604BC1D3BF942329A3952DC0CCB770769 |
| SHA-512: | 52F15AE1794120CA3E7E6204A4AEC9364BB8EBF7BF446753C53E8B5232BD7F76114603DABF41562318903EBEBB5390CDC4E651CDB33350AC5F3C0BDEDBBE3594 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 92038 |
| Entropy (8bit): | 7.7200406826946235 |
| Encrypted: | false |
| SSDEEP: | 1536:ca4Jw4jmV7T35O0vMSndbJMZSMSU514ph64P8beNFbWmGINBU0Od:ca2bmh35rkmrU5f4P8beNhhG0rM |
| MD5: | E98226F38153CFBF93BF77744E364434 |
| SHA1: | 6E613678B12144ADAA5ADCC18AA40965EB903101 |
| SHA-256: | 825F3BA18ABDFA2164FBC1D183D8C1C178C9D99C3C4B694AC358D833A755D241 |
| SHA-512: | 228B1334D11F455EC6610DB53E36BCC2D747975EB5E8D650D41C92FD856A34E266ACE5A8A094FCE407E518EF76B6E0B00C983A0CDCE2B930B2222E16A4B6A5CD |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 81816 |
| Entropy (8bit): | 7.707519991934002 |
| Encrypted: | false |
| SSDEEP: | 1536:bsicsYedzR8eO9gKbvL2aiWqAIqwsoxlprW+DWu8UYHI7zoZ8jPy74RSBsZ:7p/dG9Bbz2DWqA1w7jKGWY3oujfRSBsZ |
| MD5: | 4C1F9B5ECF86DC7B839BF5D8F3ADFDC0 |
| SHA1: | CC6D1748BD0FFBB9036C0D871EC894E59B1CD6FC |
| SHA-256: | F2A2A3C04FB8E6E9467A62B408F705D77C9A4269B2ADF5EC1947A871A0D1C4F9 |
| SHA-512: | C49470EBA77A8616E7CE32CFE8DA98010635BDA0046BD8904328D11777162DE9774635F20627A772F24719DA3C7E217CDEB8A8ED41BBD71B04C722D6F0E217AB |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 64537 |
| Entropy (8bit): | 7.783531894467484 |
| Encrypted: | false |
| SSDEEP: | 1536:mY9p0pAuZhUVKdEmHZt/YPBkBbnFeAHiix8qwQ1tTepK:m1EVmT/YpMT8qwQoK |
| MD5: | B877B821FAA0514BE7D67132C026D97B |
| SHA1: | B634758494358A2951799BDCDAA664271DFAD248 |
| SHA-256: | 32BC4297D594164F7BE3753FE2328132B0562C81C5EA18AC97831AE10C707F1B |
| SHA-512: | FD47CD1C73A83DAC589EE449D28BAC8E6AFE4D74BFBC077D670BF57A7BF141B7865BDE1F0C5179A7BC9569917ACD9967C6D173B7967442648E104F420C7A921F |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 76044 |
| Entropy (8bit): | 7.781593198930996 |
| Encrypted: | false |
| SSDEEP: | 1536:9zCUsvuDmEm7KAaAJB2x56SPCwlkmsKpUaYVRMguAIXSA2:9z/s2Vm7KAajfl/sKpUaYVRM8YSf |
| MD5: | FA20A58E0C27D4DED87150AADDBB2556 |
| SHA1: | 74CF094D22A5806FD0DF01701851309CA3D3F263 |
| SHA-256: | A047FE59A6C64A6C17B887934245E64DAB2CDA4925B259456596C2C597740D75 |
| SHA-512: | 3E1C65AD1FB8728724FEFCB8601918BEABCFBF4DC31AE17BC5BAD66BFA32DB184950AC077B0B27AE399A4B3A6B5890AAB325805F4444CDF07C4D216B7FDA4EDD |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 114158 |
| Entropy (8bit): | 7.754245071397085 |
| Encrypted: | false |
| SSDEEP: | 3072:o4KTAq4ntdBWZ4H9fCXCzTP0UuBkZcvqqUnj7K:ITCtzg4dCkgUuM1ju |
| MD5: | 1092617765A52BADA8A812FEA901B137 |
| SHA1: | 31DAA90CFE29AFA8E3FAAA10C049B45834833308 |
| SHA-256: | 88FF0A560A3DA375C323FD0C3761328419A06BA58E373EFB09F8418BC7EFF393 |
| SHA-512: | 37DA07F3DA44D298CED21FA3323B54CADC839F3C19ACE0FC000A614C0D8FAD833ABC06C6239C89D8FFAB465848FADB3E667D365DB8310286935705A118FBF901 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 56223 |
| Entropy (8bit): | 7.675938408908281 |
| Encrypted: | false |
| SSDEEP: | 1536:/+jsHu4IMEuSznazX2TQZwm+WxhM6HMy6Z7:/ppIMEulGTuwmXhMwMB |
| MD5: | 619CA288DE840F0BEC52218DB7F2036C |
| SHA1: | D1D5389AAE91284734F4940BD8319CFA2BC40A0D |
| SHA-256: | C2A6D78B635CA45E316D10936EF7507B1643F4674BAA08B79FE22285EADC3966 |
| SHA-512: | 4FACBC40E37F9801E9177A057D55BF236C5FBCE5397AF973B60B21C027AB258FD1A91B893F93AE3100A6785AD67089FBF623C121B7D4990A987A311E47314E5C |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 595545 |
| Entropy (8bit): | 7.0713050562667386 |
| Encrypted: | false |
| SSDEEP: | 12288:fTBZLFkAEYvIfNLmu2cTbZqSNTuh4kMjBUJ84Ch9ycd8sl:f7LgLF2cbZtNT+sjOJXCrgsl |
| MD5: | 3695D419AA9C7B11C464BE2A58A40530 |
| SHA1: | C73513DF0555DB421EF81EF436136E53CCF4EE11 |
| SHA-256: | 0487C6C64C185AC5BF459A907F302E363E5A162081B651570E691B3EA07818DD |
| SHA-512: | 54883F5E76E2208856F07DC16C9E5BCEA3ACBDA7C4B9CE48BF043CC371AD57F2925DCB6360CA85F5725609FC692906546B6E5BF70D8F839A206E06316C9E2F59 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1142272 |
| Entropy (8bit): | 6.575328533778386 |
| Encrypted: | false |
| SSDEEP: | 24576:JjNy0cphFIlPXI9RTczazoP2l0iS65WQ1jGb8JcBCu98xvtQ/U:JY0MhO+louaizR1jGb8iBCu98xvtQ/U |
| MD5: | 21CF2233F94BF81E22737E2CAE984FD1 |
| SHA1: | 428951E7391B7CFCA62624C11E24B361CAD9D2E0 |
| SHA-256: | FCB2DC122AD93E88AA07B99DB1292CF5B8F04F7F5125C7A9AD98E8790E0F7366 |
| SHA-512: | F033174BB79D1F0E9D23FBE983A5D5849AE7CC99BA52D7CB5480F55F25CDDAE0EADE184FBF7DF970DE39B6FA315A049A13234D8379C72DC5AE2E8DDBABA13772 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | modified |
| Size (bytes): | 3805184 |
| Entropy (8bit): | 6.981118512863489 |
| Encrypted: | false |
| SSDEEP: | 49152:8vEFI1Qof0vYjuVdAHf73Or2+595THLZHePIoIrIk7jsIJq4qXMnF89:8vEFaQjAjuYHf7erx5TNepUJ |
| MD5: | 5F301B2942D42D35402C384009767E5F |
| SHA1: | CF7A22C7C4A3C535B1B76D8B4FD5E17B3166FF44 |
| SHA-256: | 7909A486FB464E8332395296B6D1930B0B2E2B008BBA1E68B696D315BC5B3323 |
| SHA-512: | 9BF15BC5D25853AA66FDD88B1464CAC2D1D58AE556BBD53506FEBA88DF52A775835A4EC7D1AAA1A00414044C87C2299298D1D9DC5CEA91125574C63BD789307B |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1305600 |
| Entropy (8bit): | 6.804982979697153 |
| Encrypted: | false |
| SSDEEP: | 24576:emdh6XRecOlYMksUqYMSMvm+YNqwngZRa5R+joLzydTEfCSoIkNyi220BTpdAd:emdhnc3lgZRa7+jo6YR8eXBT3Ad |
| MD5: | 6330B1294C40518F7C6363F97338A0A9 |
| SHA1: | 350E07281719E55659F74884387FA072C0D53F52 |
| SHA-256: | 4D100667AD119AD52D1172173C97EB9EC30B7C378070DFD2D07A2A04767B4D86 |
| SHA-512: | 97E1D71881663496011E5B3D70E817D62EB39CD484CB091A633D6329BFF2900029B04D0086358A522C3BFDA187FC7AEBEEDACC16003FCD2937DF047A89D4E54F |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 348160 |
| Entropy (8bit): | 6.542655141037356 |
| Encrypted: | false |
| SSDEEP: | 6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E |
| MD5: | 86F1895AE8C5E8B17D99ECE768A70732 |
| SHA1: | D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA |
| SHA-256: | 8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE |
| SHA-512: | 3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1305600 |
| Entropy (8bit): | 6.804982979697153 |
| Encrypted: | false |
| SSDEEP: | 24576:emdh6XRecOlYMksUqYMSMvm+YNqwngZRa5R+joLzydTEfCSoIkNyi220BTpdAd:emdhnc3lgZRa7+jo6YR8eXBT3Ad |
| MD5: | 6330B1294C40518F7C6363F97338A0A9 |
| SHA1: | 350E07281719E55659F74884387FA072C0D53F52 |
| SHA-256: | 4D100667AD119AD52D1172173C97EB9EC30B7C378070DFD2D07A2A04767B4D86 |
| SHA-512: | 97E1D71881663496011E5B3D70E817D62EB39CD484CB091A633D6329BFF2900029B04D0086358A522C3BFDA187FC7AEBEEDACC16003FCD2937DF047A89D4E54F |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1142272 |
| Entropy (8bit): | 6.575328533778386 |
| Encrypted: | false |
| SSDEEP: | 24576:JjNy0cphFIlPXI9RTczazoP2l0iS65WQ1jGb8JcBCu98xvtQ/U:JY0MhO+louaizR1jGb8iBCu98xvtQ/U |
| MD5: | 21CF2233F94BF81E22737E2CAE984FD1 |
| SHA1: | 428951E7391B7CFCA62624C11E24B361CAD9D2E0 |
| SHA-256: | FCB2DC122AD93E88AA07B99DB1292CF5B8F04F7F5125C7A9AD98E8790E0F7366 |
| SHA-512: | F033174BB79D1F0E9D23FBE983A5D5849AE7CC99BA52D7CB5480F55F25CDDAE0EADE184FBF7DF970DE39B6FA315A049A13234D8379C72DC5AE2E8DDBABA13772 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 499712 |
| Entropy (8bit): | 6.414789978441117 |
| Encrypted: | false |
| SSDEEP: | 12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e |
| MD5: | 561FA2ABB31DFA8FAB762145F81667C2 |
| SHA1: | C8CCB04EEDAC821A13FAE314A2435192860C72B8 |
| SHA-256: | DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B |
| SHA-512: | 7D960AA8E3CCE22D63A6723D7F00C195DE7DE83B877ECA126E339E2D8CC9859E813E05C5C0A5671A75BB717243E9295FD13E5E17D8C6660EB59F5BAEE63A7C43 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3805184 |
| Entropy (8bit): | 6.981118354340119 |
| Encrypted: | false |
| SSDEEP: | 49152:XvEFI1Qof0vYjuVdAHf73Or2+595THLZHePIoIrIk7jsIJq4qXMnF89:XvEFaQjAjuYHf7erx5TNepUJ |
| MD5: | 1C53F12FF7CC73F093FF36F4B844A700 |
| SHA1: | F56DC7F25C13D00EC4E787CC4F511FB245251138 |
| SHA-256: | E4D0D42CFAF194CC10B5B75658E6F84F846BE4D97E0A48105BA89FC81A66B65E |
| SHA-512: | 7F9F01658E7ADEE1E8419FB9925CC33D9491A2CBA55FD6111C8BC0D37040BC38956C2A17EB9A1E554FF40B02D2FB4196ED24BF503DAB364318D8486815AC6985 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 15864 |
| Entropy (8bit): | 5.446150628226878 |
| Encrypted: | false |
| SSDEEP: | 384:zVQEjoZ7ooLzDCccymQx/9DSpNAJemtjf0Ncl08:zV1joxLH1SpKJtTF08 |
| MD5: | 43F2BC6828B177477C2F98B8973460E8 |
| SHA1: | F0A3C975346AF66A843E8B49574DC9083CD32E02 |
| SHA-256: | 3B578B15AD0D0747E8A3D958A0E7BF1FF6D5C335B8894FF7A020604DA008D79D |
| SHA-512: | 2449C3D615E5BCECE4C1B773FE629A75061A3E1488F6D3D743D7D209F1D687F26997937AB13B3A1B89B650D122DB030D2188E1E89BC1AB03CF2DF9A29CAA456C |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 499712 |
| Entropy (8bit): | 6.414789978441117 |
| Encrypted: | false |
| SSDEEP: | 12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e |
| MD5: | 561FA2ABB31DFA8FAB762145F81667C2 |
| SHA1: | C8CCB04EEDAC821A13FAE314A2435192860C72B8 |
| SHA-256: | DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B |
| SHA-512: | 7D960AA8E3CCE22D63A6723D7F00C195DE7DE83B877ECA126E339E2D8CC9859E813E05C5C0A5671A75BB717243E9295FD13E5E17D8C6660EB59F5BAEE63A7C43 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 348160 |
| Entropy (8bit): | 6.542655141037356 |
| Encrypted: | false |
| SSDEEP: | 6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E |
| MD5: | 86F1895AE8C5E8B17D99ECE768A70732 |
| SHA1: | D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA |
| SHA-256: | 8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE |
| SHA-512: | 3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2555217 |
| Entropy (8bit): | 6.364161494552352 |
| Encrypted: | false |
| SSDEEP: | 49152:gdrGT9oY0SAQ4+YI1Qb1oWGxblxZa0o8598j:gFGTv1QtGxHZabt |
| MD5: | 0F299B44F450181D8B1B058637377507 |
| SHA1: | 11CE62C7229B835C838167D8E0F2D9F41B54ADAE |
| SHA-256: | 7AC7A7FC3F6092670D8B6AD1AF251EF5D03335D57774E6B084ECCF28BBD680F7 |
| SHA-512: | FA664090B54FE4BBF139A3CCFCF1CB62027A683A8C008161827EDB292BFF252916112E73298A8D9A7176789404B08292ABA539265B98D8F0E130E794EDE49741 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 9185 |
| Entropy (8bit): | 3.8443917078448093 |
| Encrypted: | false |
| SSDEEP: | 192:qd1qWAdpaUXKJ7slwbP4D0mHYSMFzziKud8rc9tI9//7LO7KEyR0lYHl:MUWAeUXKJ7RbPCCG6Hl |
| MD5: | 031F58B9E076FC3CBB33A1FB057A54CC |
| SHA1: | C12451CE573D59851A75B4E4503DAEFF96589098 |
| SHA-256: | FF612CAE135AEA3B3743F350AD382A5E8022496AF4D18E53558E2BEC0C8E4CA8 |
| SHA-512: | F5930FEDE60EBE5EF0F7720638814195DF79358ED306C1C4F1D979D33922F33BFFF92E904D021F5B34FB7A76CC83CADEB9C33B9CAF74738850F10257DB2B8140 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2555217 |
| Entropy (8bit): | 6.364161494552352 |
| Encrypted: | false |
| SSDEEP: | 49152:gdrGT9oY0SAQ4+YI1Qb1oWGxblxZa0o8598j:gFGTv1QtGxHZabt |
| MD5: | 0F299B44F450181D8B1B058637377507 |
| SHA1: | 11CE62C7229B835C838167D8E0F2D9F41B54ADAE |
| SHA-256: | 7AC7A7FC3F6092670D8B6AD1AF251EF5D03335D57774E6B084ECCF28BBD680F7 |
| SHA-512: | FA664090B54FE4BBF139A3CCFCF1CB62027A683A8C008161827EDB292BFF252916112E73298A8D9A7176789404B08292ABA539265B98D8F0E130E794EDE49741 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2560 |
| Entropy (8bit): | 2.8818118453929262 |
| Encrypted: | false |
| SSDEEP: | 24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG |
| MD5: | A69559718AB506675E907FE49DEB71E9 |
| SHA1: | BC8F404FFDB1960B50C12FF9413C893B56F2E36F |
| SHA-256: | 2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC |
| SHA-512: | E52E0AA7FE3F79E36330C455D944653D449BA05B2F9ABEE0914A0910C3452CFA679A40441F9AC696B3CCF9445CBB85095747E86153402FC362BB30AC08249A63 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6144 |
| Entropy (8bit): | 4.720366600008286 |
| Encrypted: | false |
| SSDEEP: | 96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0 |
| MD5: | E4211D6D009757C078A9FAC7FF4F03D4 |
| SHA1: | 019CD56BA687D39D12D4B13991C9A42EA6BA03DA |
| SHA-256: | 388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95 |
| SHA-512: | 17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\i7j22nof2Q.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2532352 |
| Entropy (8bit): | 6.380212187829063 |
| Encrypted: | false |
| SSDEEP: | 49152:IdrGT9oY0SAQ4+YI1Qb1oWGxblxZa0o8598:IFGTv1QtGxHZab |
| MD5: | 438F4076E92D3C839405BAB4652FE2CE |
| SHA1: | 046567CF90B9E87F4B3913030E1ACFC0A4341279 |
| SHA-256: | AD1772BD4F07C11A626DE2F257D2CC44B63FF9150BE9386512840A2381E97B7E |
| SHA-512: | 44985FE1773CC9D1A4EE5ED0E5BCAC058C0CD064D3A1E782D9C424EFEB89185528E19A177ECFAFA173B76B049301D5FF95DAFC0B36715A0847EEC3F6B4E1506B |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| File type: | |
| Entropy (8bit): | 7.952208607288448 |
| TrID: |
|
| File name: | i7j22nof2Q.exe |
| File size: | 6'692'550 bytes |
| MD5: | ad01c8fa6ec2371dfd9f57200f84e13a |
| SHA1: | 0fb1d82d89253d853dcb0e5d66f4b0d2b067b48d |
| SHA256: | 5179029eb225a9937cc7507b084cc8418f4d84e3c99e13b5a2a0cc8fdba75bd3 |
| SHA512: | e46fb5132086fa003b36b0d73e94998e132a402a85ce18d8f02e6911e1a41946b11b77e7f214cb34c959ead6add677cb3842294c45e480580d66646b56b6368a |
| SSDEEP: | 98304:PX4jivxv97/nhks8jVQ9MNa3EgedZ64ymjXA7QjBMh5YwE4zwJozYyazx11:vagxvJPhks8CKaDQemzBBM4wEXoYyaR |
| TLSH: | AF662227B249613EC46E27364673A45058FBB7A8F427BE1677F0C88DCF650C01E3AA65 |
| File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
 | |
| Icon Hash: | 2d2e3797b32b2b99 |
| Entrypoint: | 0x4a7ed0 |
| Entrypoint Section: | .itext |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x5CC41133 [Sat Apr 27 08:22:11 2019 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 6 |
| OS Version Minor: | 0 |
| File Version Major: | 6 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 6 |
| Subsystem Version Minor: | 0 |
| Import Hash: | eb5bc6ff6263b364dfbfb78bdb48ed59 |
| Instruction |
|---|
| push ebp |
| mov ebp, esp |
| add esp, FFFFFFA4h |
| push ebx |
| push esi |
| push edi |
| xor eax, eax |
| mov dword ptr [ebp-3Ch], eax |
| mov dword ptr [ebp-40h], eax |
| mov dword ptr [ebp-5Ch], eax |
| mov dword ptr [ebp-30h], eax |
| mov dword ptr [ebp-38h], eax |
| mov dword ptr [ebp-34h], eax |
| mov dword ptr [ebp-2Ch], eax |
| mov dword ptr [ebp-28h], eax |
| mov dword ptr [ebp-14h], eax |
| mov eax, 004A2BC0h |
| call 00007FE068B51FDDh |
| xor eax, eax |
| push ebp |
| push 004A85C2h |
| push dword ptr fs:[eax] |
| mov dword ptr fs:[eax], esp |
| xor edx, edx |
| push ebp |
| push 004A857Eh |
| push dword ptr fs:[edx] |
| mov dword ptr fs:[edx], esp |
| mov eax, dword ptr [004B0634h] |
| call 00007FE068BE60D7h |
| call 00007FE068BE5C2Eh |
| lea edx, dword ptr [ebp-14h] |
| xor eax, eax |
| call 00007FE068B67608h |
| mov edx, dword ptr [ebp-14h] |
| mov eax, 004B3708h |
| call 00007FE068B4C867h |
| push 00000002h |
| push 00000000h |
| push 00000001h |
| mov ecx, dword ptr [004B3708h] |
| mov dl, 01h |
| mov eax, dword ptr [00423698h] |
| call 00007FE068B6866Fh |
| mov dword ptr [004B370Ch], eax |
| xor edx, edx |
| push ebp |
| push 004A852Ah |
| push dword ptr fs:[edx] |
| mov dword ptr fs:[edx], esp |
| call 00007FE068BE615Fh |
| mov dword ptr [004B3714h], eax |
| mov eax, dword ptr [004B3714h] |
| cmp dword ptr [eax+0Ch], 01h |
| jne 00007FE068BECA1Ah |
| mov eax, dword ptr [004B3714h] |
| mov edx, 00000028h |
| call 00007FE068B68F64h |
| mov edx, dword ptr [004B3714h] |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0xb6000 | 0x9a | .edata |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0xb4000 | 0xf1c | .idata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xb9000 | 0x4600 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0xb8000 | 0x18 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0xb42e0 | 0x240 | .idata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0xb5000 | 0x1a4 | .didata |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0xa50e0 | 0xa5200 | d2d65fadb7b1be676e1248ab404382da | False | 0.3560172809424678 | data | 6.368250598681687 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .itext | 0xa7000 | 0x1668 | 0x1800 | 73e002411a8e0d309143a3e055e89568 | False | 0.5411783854166666 | data | 5.950488815097041 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .data | 0xa9000 | 0x37a4 | 0x3800 | 43e7b93b56ed2b1f2c341832da76e1f0 | False | 0.3604213169642857 | data | 5.027871318308703 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .bss | 0xad000 | 0x676c | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .idata | 0xb4000 | 0xf1c | 0x1000 | daddecfdccd86a491d85012d9e547c63 | False | 0.36474609375 | data | 4.791610915860562 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .didata | 0xb5000 | 0x1a4 | 0x200 | be0581a07bd7d21a29f93f8752d3e826 | False | 0.345703125 | data | 2.7458225536678693 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .edata | 0xb6000 | 0x9a | 0x200 | 57cd71ca96fdc064696777e5b35cf0bb | False | 0.2578125 | data | 1.881069204504408 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .tls | 0xb7000 | 0x18 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rdata | 0xb8000 | 0x5d | 0x200 | 967e84eb6ac477621cd1643650d7bc91 | False | 0.189453125 | data | 1.3697437648744617 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .rsrc | 0xb9000 | 0x4600 | 0x4600 | 0fc551988a38dc612753140907d16278 | False | 0.31986607142857143 | data | 4.433667100169543 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0xb94c8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | Dutch | Netherlands | 0.5675675675675675 |
| RT_ICON | 0xb95f0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 320 | Dutch | Netherlands | 0.4486994219653179 |
| RT_ICON | 0xb9b58 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | Dutch | Netherlands | 0.4637096774193548 |
| RT_ICON | 0xb9e40 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1152 | Dutch | Netherlands | 0.3935018050541516 |
| RT_STRING | 0xba6e8 | 0x360 | data | 0.34375 | ||
| RT_STRING | 0xbaa48 | 0x260 | data | 0.3256578947368421 | ||
| RT_STRING | 0xbaca8 | 0x45c | data | 0.4068100358422939 | ||
| RT_STRING | 0xbb104 | 0x40c | data | 0.3754826254826255 | ||
| RT_STRING | 0xbb510 | 0x2d4 | data | 0.39226519337016574 | ||
| RT_STRING | 0xbb7e4 | 0xb8 | data | 0.6467391304347826 | ||
| RT_STRING | 0xbb89c | 0x9c | data | 0.6410256410256411 | ||
| RT_STRING | 0xbb938 | 0x374 | data | 0.4230769230769231 | ||
| RT_STRING | 0xbbcac | 0x398 | data | 0.3358695652173913 | ||
| RT_STRING | 0xbc044 | 0x368 | data | 0.3795871559633027 | ||
| RT_STRING | 0xbc3ac | 0x2a4 | data | 0.4275147928994083 | ||
| RT_RCDATA | 0xbc650 | 0x10 | data | 1.5 | ||
| RT_RCDATA | 0xbc660 | 0x2c4 | data | 0.6384180790960452 | ||
| RT_RCDATA | 0xbc924 | 0x2c | data | 1.1818181818181819 | ||
| RT_GROUP_ICON | 0xbc950 | 0x3e | data | English | United States | 0.8387096774193549 |
| RT_VERSION | 0xbc990 | 0x584 | data | English | United States | 0.24645892351274787 |
| RT_MANIFEST | 0xbcf14 | 0x62c | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.4240506329113924 |
| DLL | Import |
|---|---|
| kernel32.dll | GetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale |
| comctl32.dll | InitCommonControls |
| version.dll | GetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW |
| user32.dll | CreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW |
| oleaut32.dll | SysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate |
| netapi32.dll | NetWkstaGetInfo, NetApiBufferFree |
| advapi32.dll | RegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW |
| Name | Ordinal | Address |
|---|---|---|
| TMethodImplementationIntercept | 3 | 0x453abc |
| __dbk_fcall_wrapper | 2 | 0x40d3dc |
| dbkFCallWrapperAddr | 1 | 0x4b063c |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| Dutch | Netherlands |  |
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-15T17:25:15.488237+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49710 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:16.517420+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49711 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:19.747761+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49711 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:20.781819+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49713 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:21.829341+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49715 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:22.884065+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49716 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:23.303855+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49716 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:23.720551+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49716 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:24.765774+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49717 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:25.809295+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49718 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:26.918910+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49719 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:28.130423+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49720 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:29.165529+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49721 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:29.578428+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49721 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:30.640804+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49722 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:31.700049+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49723 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:33.703580+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49724 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:34.764778+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49725 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:35.791590+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49726 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:36.209969+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49726 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:37.353042+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49727 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:38.398773+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49728 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:38.819187+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49728 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:39.884726+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49729 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:40.306930+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49729 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:41.060962+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49729 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:42.462478+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49730 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:42.876613+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49730 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:43.925251+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49731 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:44.959529+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49732 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:45.391480+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49732 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:46.443060+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49733 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:47.483529+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49734 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:48.509317+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49735 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:48.919795+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49735 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:50.004223+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49736 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:51.022745+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49737 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:51.435958+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49737 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:52.493124+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49738 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:52.911237+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49738 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:53.950270+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49739 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:54.992378+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49740 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:55.412025+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49740 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:56.446147+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49741 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:57.555761+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49742 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:57.976783+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49742 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:58.405379+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49742 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:25:59.440168+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49743 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:00.475281+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49744 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:01.253247+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49744 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:02.307033+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49745 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:03.346268+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49746 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:04.405876+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49747 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:05.453159+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49748 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:06.517400+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49749 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:07.553501+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49750 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:08.666118+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49751 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:09.093843+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49751 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:10.138651+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49752 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:11.177320+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49753 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:12.224964+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49754 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:12.645092+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49754 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:13.662002+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49755 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:14.714239+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49756 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:15.131551+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49756 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:16.173876+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49757 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:17.224984+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49758 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:18.272171+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49759 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:19.404347+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49760 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:20.440481+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49761 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:21.490160+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49762 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:22.570609+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49763 | 185.208.158.202 | 80 | TCP |
| 2024-11-15T17:26:23.652674+0100 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.9 | 49764 | 185.208.158.202 | 80 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Nov 15, 2024 17:25:14.568697929 CET | 49710 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:14.573887110 CET | 80 | 49710 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:14.577887058 CET | 49710 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:14.578052998 CET | 49710 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:14.582931995 CET | 80 | 49710 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:15.488131046 CET | 80 | 49710 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:15.488236904 CET | 49710 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:15.603357077 CET | 49710 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:15.603804111 CET | 49711 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:15.608799934 CET | 80 | 49711 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:15.608884096 CET | 49711 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:15.608980894 CET | 80 | 49710 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:15.609008074 CET | 49711 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:15.609047890 CET | 49710 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:15.613878965 CET | 80 | 49711 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:16.517292976 CET | 80 | 49711 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:16.517420053 CET | 49711 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:16.518482924 CET | 49712 | 2023 | 192.168.2.9 | 89.105.201.183 |
| Nov 15, 2024 17:25:16.523502111 CET | 2023 | 49712 | 89.105.201.183 | 192.168.2.9 |
| Nov 15, 2024 17:25:16.523613930 CET | 49712 | 2023 | 192.168.2.9 | 89.105.201.183 |
| Nov 15, 2024 17:25:16.523663044 CET | 49712 | 2023 | 192.168.2.9 | 89.105.201.183 |
| Nov 15, 2024 17:25:16.528690100 CET | 2023 | 49712 | 89.105.201.183 | 192.168.2.9 |
| Nov 15, 2024 17:25:16.528774023 CET | 49712 | 2023 | 192.168.2.9 | 89.105.201.183 |
| Nov 15, 2024 17:25:16.533709049 CET | 2023 | 49712 | 89.105.201.183 | 192.168.2.9 |
| Nov 15, 2024 17:25:17.381730080 CET | 2023 | 49712 | 89.105.201.183 | 192.168.2.9 |
| Nov 15, 2024 17:25:17.428164959 CET | 49712 | 2023 | 192.168.2.9 | 89.105.201.183 |
| Nov 15, 2024 17:25:19.403789997 CET | 49711 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:19.409028053 CET | 80 | 49711 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:19.747629881 CET | 80 | 49711 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:19.747761011 CET | 49711 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:19.869307041 CET | 49711 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:19.869745016 CET | 49713 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:19.874771118 CET | 80 | 49713 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:19.874897957 CET | 80 | 49711 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:19.874897003 CET | 49713 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:19.874977112 CET | 49711 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:19.875175953 CET | 49713 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:19.880021095 CET | 80 | 49713 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:20.781738043 CET | 80 | 49713 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:20.781819105 CET | 49713 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:20.782872915 CET | 49714 | 2023 | 192.168.2.9 | 89.105.201.183 |
| Nov 15, 2024 17:25:20.787766933 CET | 2023 | 49714 | 89.105.201.183 | 192.168.2.9 |
| Nov 15, 2024 17:25:20.787849903 CET | 49714 | 2023 | 192.168.2.9 | 89.105.201.183 |
| Nov 15, 2024 17:25:20.787899017 CET | 49714 | 2023 | 192.168.2.9 | 89.105.201.183 |
| Nov 15, 2024 17:25:20.787947893 CET | 49714 | 2023 | 192.168.2.9 | 89.105.201.183 |
| Nov 15, 2024 17:25:20.792773962 CET | 2023 | 49714 | 89.105.201.183 | 192.168.2.9 |
| Nov 15, 2024 17:25:20.835437059 CET | 2023 | 49714 | 89.105.201.183 | 192.168.2.9 |
| Nov 15, 2024 17:25:20.900557995 CET | 49713 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:20.900968075 CET | 49715 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:20.905885935 CET | 80 | 49715 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:20.905994892 CET | 49715 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:20.906079054 CET | 80 | 49713 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:20.906133890 CET | 49713 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:20.906295061 CET | 49715 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:20.911206961 CET | 80 | 49715 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:21.382571936 CET | 2023 | 49714 | 89.105.201.183 | 192.168.2.9 |
| Nov 15, 2024 17:25:21.382740974 CET | 49714 | 2023 | 192.168.2.9 | 89.105.201.183 |
| Nov 15, 2024 17:25:21.829226971 CET | 80 | 49715 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:21.829340935 CET | 49715 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:21.963030100 CET | 49715 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:21.963449955 CET | 49716 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:21.968374968 CET | 80 | 49716 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:21.968465090 CET | 80 | 49715 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:21.968492985 CET | 49716 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:21.968530893 CET | 49715 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:21.968828917 CET | 49716 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:21.973596096 CET | 80 | 49716 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:22.883795023 CET | 80 | 49716 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:22.884064913 CET | 49716 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:22.994412899 CET | 49716 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:22.999540091 CET | 80 | 49716 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:23.303735018 CET | 80 | 49716 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:23.303854942 CET | 49716 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:23.416208982 CET | 49716 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:23.421402931 CET | 80 | 49716 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:23.720272064 CET | 80 | 49716 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:23.720551014 CET | 49716 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:23.853769064 CET | 49716 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:23.854126930 CET | 49717 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:23.859139919 CET | 80 | 49717 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:23.859236002 CET | 49717 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:23.859348059 CET | 49717 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:23.859817982 CET | 80 | 49716 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:23.859864950 CET | 49716 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:23.864341021 CET | 80 | 49717 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:24.765685081 CET | 80 | 49717 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:24.765774012 CET | 49717 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:24.884776115 CET | 49717 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:24.885207891 CET | 49718 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:24.890094042 CET | 80 | 49718 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:24.890176058 CET | 49718 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:24.890450001 CET | 80 | 49717 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:24.890496969 CET | 49717 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:24.890739918 CET | 49718 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:24.895585060 CET | 80 | 49718 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:25.809119940 CET | 80 | 49718 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:25.809294939 CET | 49718 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:25.931655884 CET | 49718 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:25.931943893 CET | 49719 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:25.937177896 CET | 80 | 49719 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:25.937313080 CET | 49719 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:25.937517881 CET | 49719 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:25.937623024 CET | 80 | 49718 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:25.937689066 CET | 49718 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:25.942440033 CET | 80 | 49719 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:26.918790102 CET | 80 | 49719 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:26.918910027 CET | 49719 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:27.188724041 CET | 49719 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:27.195497990 CET | 80 | 49719 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:27.195627928 CET | 49719 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:27.195943117 CET | 49720 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:27.201597929 CET | 80 | 49720 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:27.201678038 CET | 49720 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:27.207644939 CET | 49720 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:27.212626934 CET | 80 | 49720 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:28.130254984 CET | 80 | 49720 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:28.130423069 CET | 49720 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:28.244203091 CET | 49720 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:28.244604111 CET | 49721 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:28.249708891 CET | 80 | 49720 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:28.249797106 CET | 80 | 49721 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:28.249830961 CET | 49720 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:28.249876976 CET | 49721 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:28.250087023 CET | 49721 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:28.255007029 CET | 80 | 49721 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:29.165357113 CET | 80 | 49721 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:29.165529013 CET | 49721 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:29.275408030 CET | 49721 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:29.280761003 CET | 80 | 49721 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:29.578353882 CET | 80 | 49721 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:29.578428030 CET | 49721 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:29.699053049 CET | 49721 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:29.699532032 CET | 49722 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:29.704696894 CET | 80 | 49721 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:29.704735041 CET | 80 | 49722 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:29.704787016 CET | 49721 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:29.704848051 CET | 49722 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:29.709969044 CET | 49722 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:29.714807987 CET | 80 | 49722 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:30.640737057 CET | 80 | 49722 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:30.640804052 CET | 49722 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:30.759845972 CET | 49722 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:30.760220051 CET | 49723 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:30.765300035 CET | 80 | 49723 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:30.765594006 CET | 80 | 49722 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:30.765690088 CET | 49722 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:30.765702009 CET | 49723 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:30.765855074 CET | 49723 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:30.770662069 CET | 80 | 49723 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:31.699965000 CET | 80 | 49723 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:31.700048923 CET | 49723 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:31.822784901 CET | 49723 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:31.823232889 CET | 49724 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:31.828222990 CET | 80 | 49723 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:31.828322887 CET | 80 | 49724 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:31.828454018 CET | 49723 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:31.828509092 CET | 49724 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:31.828744888 CET | 49724 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:31.833631039 CET | 80 | 49724 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:33.703417063 CET | 80 | 49724 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:33.703579903 CET | 49724 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:33.703677893 CET | 80 | 49724 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:33.703727961 CET | 49724 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:33.703985929 CET | 80 | 49724 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:33.704026937 CET | 49724 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:33.704207897 CET | 80 | 49724 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:33.704247952 CET | 49724 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:33.829272032 CET | 49724 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:33.829685926 CET | 49725 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:33.834650040 CET | 80 | 49725 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:33.834708929 CET | 80 | 49724 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:33.834784985 CET | 49725 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:33.834835052 CET | 49724 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:33.835067987 CET | 49725 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:33.839891911 CET | 80 | 49725 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:34.764664888 CET | 80 | 49725 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:34.764777899 CET | 49725 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:34.884886980 CET | 49725 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:34.885271072 CET | 49726 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:34.890301943 CET | 80 | 49725 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:34.890319109 CET | 80 | 49726 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:34.890424967 CET | 49725 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:34.890491009 CET | 49726 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:34.890702963 CET | 49726 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:34.895529032 CET | 80 | 49726 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:35.791491985 CET | 80 | 49726 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:35.791589975 CET | 49726 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:35.905647993 CET | 49726 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:35.910727024 CET | 80 | 49726 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:36.209738970 CET | 80 | 49726 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:36.209969044 CET | 49726 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:36.398942947 CET | 49726 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:36.399333954 CET | 49727 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:36.404304981 CET | 80 | 49727 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:36.404382944 CET | 49727 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:36.404515028 CET | 80 | 49726 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:36.404573917 CET | 49726 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:36.412832022 CET | 49727 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:36.418015957 CET | 80 | 49727 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:37.352880001 CET | 80 | 49727 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:37.353041887 CET | 49727 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:37.478480101 CET | 49727 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:37.478813887 CET | 49728 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:37.483779907 CET | 80 | 49728 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:37.483871937 CET | 49728 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:37.483980894 CET | 49728 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:37.484002113 CET | 80 | 49727 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:37.484056950 CET | 49727 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:37.488791943 CET | 80 | 49728 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:38.398708105 CET | 80 | 49728 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:38.398772955 CET | 49728 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:38.518008947 CET | 49728 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:38.523696899 CET | 80 | 49728 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:38.819068909 CET | 80 | 49728 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:38.819186926 CET | 49728 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:38.947268009 CET | 49728 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:38.947556019 CET | 49729 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:38.954622984 CET | 80 | 49729 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:38.954721928 CET | 49729 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:38.954758883 CET | 80 | 49728 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:38.954817057 CET | 49728 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:38.954912901 CET | 49729 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:38.960385084 CET | 80 | 49729 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:39.884511948 CET | 80 | 49729 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:39.884726048 CET | 49729 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:39.996216059 CET | 49729 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:40.001240969 CET | 80 | 49729 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:40.306827068 CET | 80 | 49729 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:40.306930065 CET | 49729 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:40.415600061 CET | 49729 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:40.420651913 CET | 80 | 49729 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:41.060801983 CET | 80 | 49729 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:41.060961962 CET | 49729 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:41.193089962 CET | 49729 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:41.193476915 CET | 49730 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:41.198369980 CET | 80 | 49730 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:41.198432922 CET | 49730 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:41.198472977 CET | 80 | 49729 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:41.198520899 CET | 49729 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:41.198662043 CET | 49730 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:41.203411102 CET | 80 | 49730 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:42.462327003 CET | 80 | 49730 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:42.462477922 CET | 49730 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:42.576180935 CET | 49730 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:42.581056118 CET | 80 | 49730 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:42.876506090 CET | 80 | 49730 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:42.876612902 CET | 49730 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:42.994530916 CET | 49730 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:42.995419025 CET | 49731 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:42.999869108 CET | 80 | 49730 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:42.999941111 CET | 49730 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:43.000371933 CET | 80 | 49731 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:43.000462055 CET | 49731 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:43.000627041 CET | 49731 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:43.005505085 CET | 80 | 49731 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:43.925168991 CET | 80 | 49731 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:43.925251007 CET | 49731 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:44.040714025 CET | 49731 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:44.041023016 CET | 49732 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:44.046823978 CET | 80 | 49731 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:44.046888113 CET | 49731 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:44.047070026 CET | 80 | 49732 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:44.047138929 CET | 49732 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:44.047250032 CET | 49732 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:44.053836107 CET | 80 | 49732 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:44.959342957 CET | 80 | 49732 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:44.959528923 CET | 49732 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:45.079432011 CET | 49732 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:45.084311008 CET | 80 | 49732 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:45.391027927 CET | 80 | 49732 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:45.391479969 CET | 49732 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:45.509926081 CET | 49732 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:45.510154009 CET | 49733 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:45.515022993 CET | 80 | 49733 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:45.515084028 CET | 49733 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:45.515230894 CET | 80 | 49732 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:45.515312910 CET | 49732 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:45.515428066 CET | 49733 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:45.520205021 CET | 80 | 49733 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:46.442795992 CET | 80 | 49733 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:46.443059921 CET | 49733 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:46.556648016 CET | 49733 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:46.557163000 CET | 49734 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:46.562103987 CET | 80 | 49734 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:46.562189102 CET | 49734 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:46.562336922 CET | 49734 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:46.563009977 CET | 80 | 49733 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:46.563064098 CET | 49733 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:46.567209959 CET | 80 | 49734 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:47.483452082 CET | 80 | 49734 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:47.483529091 CET | 49734 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:47.602993965 CET | 49734 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:47.603406906 CET | 49735 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:47.608370066 CET | 80 | 49735 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:47.608470917 CET | 49735 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:47.608572006 CET | 49735 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:47.608992100 CET | 80 | 49734 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:47.609050989 CET | 49734 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:47.613657951 CET | 80 | 49735 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:48.509156942 CET | 80 | 49735 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:48.509316921 CET | 49735 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:48.619919062 CET | 49735 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:48.624789000 CET | 80 | 49735 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:48.919589043 CET | 80 | 49735 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:48.919795036 CET | 49735 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:49.048185110 CET | 49735 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:49.048528910 CET | 49736 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:49.053554058 CET | 80 | 49736 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:49.053612947 CET | 49736 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:49.053745031 CET | 80 | 49735 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:49.053750038 CET | 49736 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:49.053788900 CET | 49735 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:49.059227943 CET | 80 | 49736 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:50.003989935 CET | 80 | 49736 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:50.004223108 CET | 49736 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:50.119434118 CET | 49736 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:50.119843960 CET | 49737 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:50.124839067 CET | 80 | 49736 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:50.125025034 CET | 49736 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:50.125284910 CET | 80 | 49737 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:50.125416040 CET | 49737 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:50.125956059 CET | 49737 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:50.130846024 CET | 80 | 49737 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:51.022595882 CET | 80 | 49737 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:51.022744894 CET | 49737 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:51.134629011 CET | 49737 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:51.140176058 CET | 80 | 49737 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:51.435843945 CET | 80 | 49737 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:51.435957909 CET | 49737 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:51.556740046 CET | 49737 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:51.557147026 CET | 49738 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:51.562211990 CET | 80 | 49738 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:51.562457085 CET | 49738 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:51.562465906 CET | 80 | 49737 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:51.562521935 CET | 49737 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:51.562647104 CET | 49738 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:51.568397999 CET | 80 | 49738 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:52.493071079 CET | 80 | 49738 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:52.493124008 CET | 49738 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:52.603682041 CET | 49738 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:52.608644962 CET | 80 | 49738 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:52.911053896 CET | 80 | 49738 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:52.911237001 CET | 49738 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:53.025659084 CET | 49738 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:53.025886059 CET | 49739 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:53.030822992 CET | 80 | 49739 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:53.030924082 CET | 49739 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:53.031117916 CET | 49739 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:53.031267881 CET | 80 | 49738 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:53.031326056 CET | 49738 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:53.035873890 CET | 80 | 49739 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:53.950145960 CET | 80 | 49739 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:53.950269938 CET | 49739 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:54.079140902 CET | 49739 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:54.079540968 CET | 49740 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:54.084533930 CET | 80 | 49740 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:54.084630966 CET | 49740 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:54.084857941 CET | 49740 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:54.089668036 CET | 80 | 49740 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:54.090595007 CET | 80 | 49739 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:54.090651035 CET | 49739 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:54.992309093 CET | 80 | 49740 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:54.992377996 CET | 49740 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:55.103746891 CET | 49740 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:55.109267950 CET | 80 | 49740 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:55.411870003 CET | 80 | 49740 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:55.412024975 CET | 49740 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:55.525629044 CET | 49740 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:55.526020050 CET | 49741 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:55.531259060 CET | 80 | 49741 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:55.531383991 CET | 49741 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:55.531505108 CET | 49741 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:55.531927109 CET | 80 | 49740 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:55.531975031 CET | 49740 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:55.536552906 CET | 80 | 49741 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:56.446052074 CET | 80 | 49741 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:56.446146965 CET | 49741 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:56.619940996 CET | 49741 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:56.620470047 CET | 49742 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:56.625510931 CET | 80 | 49741 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:56.625533104 CET | 80 | 49742 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:56.625607014 CET | 49741 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:56.625638962 CET | 49742 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:56.625824928 CET | 49742 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:56.630892992 CET | 80 | 49742 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:57.555640936 CET | 80 | 49742 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:57.555761099 CET | 49742 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:57.665997982 CET | 49742 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:57.671144962 CET | 80 | 49742 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:57.976516008 CET | 80 | 49742 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:57.976783037 CET | 49742 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:58.088257074 CET | 49742 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:58.093214989 CET | 80 | 49742 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:58.405245066 CET | 80 | 49742 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:58.405379057 CET | 49742 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:58.525392056 CET | 49742 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:58.525799990 CET | 49743 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:58.530715942 CET | 80 | 49743 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:58.530826092 CET | 49743 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:58.530966043 CET | 80 | 49742 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:58.531011105 CET | 49742 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:58.531132936 CET | 49743 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:58.537106037 CET | 80 | 49743 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:59.440038919 CET | 80 | 49743 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:59.440167904 CET | 49743 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:59.565263987 CET | 49743 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:59.569000006 CET | 49744 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:59.570420980 CET | 80 | 49743 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:59.570502996 CET | 49743 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:59.573887110 CET | 80 | 49744 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:25:59.573946953 CET | 49744 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:59.576061010 CET | 49744 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:25:59.580882072 CET | 80 | 49744 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:00.474960089 CET | 80 | 49744 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:00.475281000 CET | 49744 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:00.590584040 CET | 49744 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:00.595851898 CET | 80 | 49744 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:01.253109932 CET | 80 | 49744 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:01.253247023 CET | 49744 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:01.380275011 CET | 49744 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:01.380815983 CET | 49745 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:01.385829926 CET | 80 | 49745 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:01.385905027 CET | 80 | 49744 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:01.385912895 CET | 49745 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:01.385951042 CET | 49744 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:01.386132956 CET | 49745 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:01.391094923 CET | 80 | 49745 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:02.306951046 CET | 80 | 49745 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:02.307033062 CET | 49745 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:02.433578968 CET | 49745 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:02.433959007 CET | 49746 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:02.439027071 CET | 80 | 49746 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:02.439125061 CET | 49746 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:02.439238071 CET | 49746 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:02.439654112 CET | 80 | 49745 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:02.439718962 CET | 49745 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:02.444114923 CET | 80 | 49746 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:03.346044064 CET | 80 | 49746 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:03.346267939 CET | 49746 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:03.464257956 CET | 49746 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:03.464689970 CET | 49747 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:03.469568968 CET | 80 | 49746 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:03.469599962 CET | 80 | 49747 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:03.469634056 CET | 49746 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:03.469676018 CET | 49747 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:03.474989891 CET | 49747 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:03.479891062 CET | 80 | 49747 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:04.405653000 CET | 80 | 49747 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:04.405875921 CET | 49747 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:04.525727987 CET | 49747 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:04.526091099 CET | 49748 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:04.530978918 CET | 80 | 49747 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:04.531002045 CET | 80 | 49748 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:04.531054020 CET | 49747 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:04.531107903 CET | 49748 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:04.604070902 CET | 49748 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:04.609146118 CET | 80 | 49748 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:05.452861071 CET | 80 | 49748 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:05.453159094 CET | 49748 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:05.574347019 CET | 49748 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:05.574975014 CET | 49749 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:05.580300093 CET | 80 | 49748 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:05.580391884 CET | 49748 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:05.580663919 CET | 80 | 49749 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:05.580744028 CET | 49749 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:05.580996037 CET | 49749 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:05.585985899 CET | 80 | 49749 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:06.517332077 CET | 80 | 49749 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:06.517400026 CET | 49749 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:06.634784937 CET | 49749 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:06.635205984 CET | 49750 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:06.640233040 CET | 80 | 49750 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:06.640408993 CET | 49750 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:06.640608072 CET | 49750 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:06.643028021 CET | 80 | 49749 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:06.643102884 CET | 49749 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:06.647803068 CET | 80 | 49750 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:07.553356886 CET | 80 | 49750 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:07.553500891 CET | 49750 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:07.752471924 CET | 49750 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:07.756081104 CET | 49751 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:07.758336067 CET | 80 | 49750 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:07.758423090 CET | 49750 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:07.761056900 CET | 80 | 49751 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:07.761117935 CET | 49751 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:07.763627052 CET | 49751 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:07.768682003 CET | 80 | 49751 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:08.665937901 CET | 80 | 49751 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:08.666117907 CET | 49751 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:08.776092052 CET | 49751 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:08.781444073 CET | 80 | 49751 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:09.090004921 CET | 80 | 49751 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:09.093842983 CET | 49751 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:09.212845087 CET | 49751 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:09.213305950 CET | 49752 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:09.218292952 CET | 80 | 49752 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:09.218360901 CET | 80 | 49751 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:09.218384027 CET | 49752 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:09.218415022 CET | 49751 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:09.218560934 CET | 49752 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:09.223584890 CET | 80 | 49752 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:10.138307095 CET | 80 | 49752 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:10.138650894 CET | 49752 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:10.260082960 CET | 49752 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:10.260324955 CET | 49753 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:10.266319036 CET | 80 | 49752 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:10.266407013 CET | 49752 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:10.266434908 CET | 80 | 49753 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:10.266503096 CET | 49753 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:10.266657114 CET | 49753 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:10.271487951 CET | 80 | 49753 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:11.177228928 CET | 80 | 49753 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:11.177320004 CET | 49753 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:11.293904066 CET | 49753 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:11.294353962 CET | 49754 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:11.299431086 CET | 80 | 49754 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:11.299571991 CET | 49754 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:11.299715042 CET | 49754 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:11.300278902 CET | 80 | 49753 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:11.300334930 CET | 49753 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:11.304694891 CET | 80 | 49754 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:12.224812984 CET | 80 | 49754 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:12.224963903 CET | 49754 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:12.338037014 CET | 49754 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:12.343425035 CET | 80 | 49754 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:12.645009995 CET | 80 | 49754 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:12.645092010 CET | 49754 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:12.759870052 CET | 49754 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:12.760235071 CET | 49755 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:12.765103102 CET | 80 | 49755 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:12.765202999 CET | 80 | 49754 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:12.765208006 CET | 49755 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:12.765250921 CET | 49754 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:12.765455008 CET | 49755 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:12.770260096 CET | 80 | 49755 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:13.661818027 CET | 80 | 49755 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:13.662002087 CET | 49755 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:13.775960922 CET | 49755 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:13.776294947 CET | 49756 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:13.781092882 CET | 80 | 49756 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:13.781173944 CET | 49756 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:13.781445980 CET | 80 | 49755 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:13.781491995 CET | 49755 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:13.784981012 CET | 49756 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:13.789936066 CET | 80 | 49756 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:14.713978052 CET | 80 | 49756 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:14.714238882 CET | 49756 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:14.823463917 CET | 49756 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:14.828392029 CET | 80 | 49756 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:15.131406069 CET | 80 | 49756 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:15.131551027 CET | 49756 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:15.264238119 CET | 49756 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:15.264619112 CET | 49757 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:15.269459963 CET | 80 | 49757 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:15.269505978 CET | 80 | 49756 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:15.269547939 CET | 49757 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:15.269572973 CET | 49756 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:15.269809008 CET | 49757 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:15.274635077 CET | 80 | 49757 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:16.173733950 CET | 80 | 49757 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:16.173876047 CET | 49757 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:16.291282892 CET | 49757 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:16.291659117 CET | 49758 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:16.296688080 CET | 80 | 49758 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:16.296808958 CET | 49758 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:16.296870947 CET | 80 | 49757 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:16.296924114 CET | 49757 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:16.297059059 CET | 49758 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:16.301959038 CET | 80 | 49758 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:17.224796057 CET | 80 | 49758 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:17.224983931 CET | 49758 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:17.346271992 CET | 49758 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:17.347184896 CET | 49759 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:17.351751089 CET | 80 | 49758 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:17.351866007 CET | 49758 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:17.352207899 CET | 80 | 49759 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:17.352344036 CET | 49759 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:17.352478027 CET | 49759 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:17.357388020 CET | 80 | 49759 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:18.272103071 CET | 80 | 49759 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:18.272171021 CET | 49759 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:18.474235058 CET | 49759 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:18.474577904 CET | 49760 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:18.483563900 CET | 80 | 49760 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:18.483722925 CET | 49760 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:18.483884096 CET | 49760 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:18.486407042 CET | 80 | 49759 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:18.486485004 CET | 49759 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:18.491213083 CET | 80 | 49760 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:19.404278040 CET | 80 | 49760 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:19.404346943 CET | 49760 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:19.528191090 CET | 49760 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:19.528604984 CET | 49761 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:19.533633947 CET | 80 | 49761 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:19.533706903 CET | 49761 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:19.533870935 CET | 49761 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:19.534456968 CET | 80 | 49760 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:19.534523964 CET | 49760 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:19.538772106 CET | 80 | 49761 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:20.440432072 CET | 80 | 49761 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:20.440480947 CET | 49761 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:20.558901072 CET | 49761 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:20.559258938 CET | 49762 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:20.564097881 CET | 80 | 49761 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:20.564119101 CET | 80 | 49762 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:20.564187050 CET | 49761 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:20.564282894 CET | 49762 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:20.567076921 CET | 49762 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:20.572227001 CET | 80 | 49762 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:21.489876986 CET | 80 | 49762 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:21.490159988 CET | 49762 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:21.637898922 CET | 49762 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:21.638258934 CET | 49763 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:21.643520117 CET | 80 | 49762 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:21.643582106 CET | 49762 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:21.643642902 CET | 80 | 49763 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:21.643702030 CET | 49763 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:21.644222975 CET | 49763 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:21.649163961 CET | 80 | 49763 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:22.570523977 CET | 80 | 49763 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:22.570609093 CET | 49763 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:22.729538918 CET | 49763 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:22.729537964 CET | 49764 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:22.734621048 CET | 80 | 49764 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:22.734719992 CET | 49764 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:22.734956026 CET | 49764 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:22.735160112 CET | 80 | 49763 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:22.735306025 CET | 49763 | 80 | 192.168.2.9 | 185.208.158.202 |
| Nov 15, 2024 17:26:22.741660118 CET | 80 | 49764 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:23.652510881 CET | 80 | 49764 | 185.208.158.202 | 192.168.2.9 |
| Nov 15, 2024 17:26:23.652673960 CET | 49764 | 80 | 192.168.2.9 | 185.208.158.202 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Nov 15, 2024 17:25:14.014375925 CET | 60405 | 53 | 192.168.2.9 | 91.211.247.248 |
| Nov 15, 2024 17:25:14.048444986 CET | 53 | 60405 | 91.211.247.248 | 192.168.2.9 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Nov 15, 2024 17:25:14.014375925 CET | 192.168.2.9 | 91.211.247.248 | 0xfed6 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Nov 15, 2024 17:25:14.048444986 CET | 91.211.247.248 | 192.168.2.9 | 0xfed6 | No error (0) | 185.208.158.202 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.9 | 49710 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:14.578052998 CET | 314 | OUT | |
| Nov 15, 2024 17:25:15.488131046 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.9 | 49711 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:15.609008074 CET | 314 | OUT | |
| Nov 15, 2024 17:25:16.517292976 CET | 970 | IN | |
| Nov 15, 2024 17:25:19.403789997 CET | 320 | OUT | |
| Nov 15, 2024 17:25:19.747629881 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.9 | 49713 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:19.875175953 CET | 320 | OUT | |
| Nov 15, 2024 17:25:20.781738043 CET | 826 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.9 | 49715 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:20.906295061 CET | 320 | OUT | |
| Nov 15, 2024 17:25:21.829226971 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.9 | 49716 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:21.968828917 CET | 320 | OUT | |
| Nov 15, 2024 17:25:22.883795023 CET | 220 | IN | |
| Nov 15, 2024 17:25:22.994412899 CET | 320 | OUT | |
| Nov 15, 2024 17:25:23.303735018 CET | 220 | IN | |
| Nov 15, 2024 17:25:23.416208982 CET | 320 | OUT | |
| Nov 15, 2024 17:25:23.720272064 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.9 | 49717 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:23.859348059 CET | 320 | OUT | |
| Nov 15, 2024 17:25:24.765685081 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.9 | 49718 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:24.890739918 CET | 320 | OUT | |
| Nov 15, 2024 17:25:25.809119940 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.9 | 49719 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:25.937517881 CET | 320 | OUT | |
| Nov 15, 2024 17:25:26.918790102 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.9 | 49720 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:27.207644939 CET | 320 | OUT | |
| Nov 15, 2024 17:25:28.130254984 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.9 | 49721 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:28.250087023 CET | 320 | OUT | |
| Nov 15, 2024 17:25:29.165357113 CET | 220 | IN | |
| Nov 15, 2024 17:25:29.275408030 CET | 320 | OUT | |
| Nov 15, 2024 17:25:29.578353882 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.9 | 49722 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:29.709969044 CET | 320 | OUT | |
| Nov 15, 2024 17:25:30.640737057 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.9 | 49723 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:30.765855074 CET | 320 | OUT | |
| Nov 15, 2024 17:25:31.699965000 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.9 | 49724 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:31.828744888 CET | 320 | OUT | |
| Nov 15, 2024 17:25:33.703417063 CET | 220 | IN | |
| Nov 15, 2024 17:25:33.703677893 CET | 220 | IN | |
| Nov 15, 2024 17:25:33.703985929 CET | 220 | IN | |
| Nov 15, 2024 17:25:33.704207897 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.9 | 49725 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:33.835067987 CET | 320 | OUT | |
| Nov 15, 2024 17:25:34.764664888 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.9 | 49726 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:34.890702963 CET | 320 | OUT | |
| Nov 15, 2024 17:25:35.791491985 CET | 220 | IN | |
| Nov 15, 2024 17:25:35.905647993 CET | 320 | OUT | |
| Nov 15, 2024 17:25:36.209738970 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.9 | 49727 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:36.412832022 CET | 320 | OUT | |
| Nov 15, 2024 17:25:37.352880001 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.9 | 49728 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:37.483980894 CET | 320 | OUT | |
| Nov 15, 2024 17:25:38.398708105 CET | 220 | IN | |
| Nov 15, 2024 17:25:38.518008947 CET | 320 | OUT | |
| Nov 15, 2024 17:25:38.819068909 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 17 | 192.168.2.9 | 49729 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:38.954912901 CET | 320 | OUT | |
| Nov 15, 2024 17:25:39.884511948 CET | 220 | IN | |
| Nov 15, 2024 17:25:39.996216059 CET | 320 | OUT | |
| Nov 15, 2024 17:25:40.306827068 CET | 220 | IN | |
| Nov 15, 2024 17:25:40.415600061 CET | 320 | OUT | |
| Nov 15, 2024 17:25:41.060801983 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 18 | 192.168.2.9 | 49730 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:41.198662043 CET | 320 | OUT | |
| Nov 15, 2024 17:25:42.462327003 CET | 220 | IN | |
| Nov 15, 2024 17:25:42.576180935 CET | 320 | OUT | |
| Nov 15, 2024 17:25:42.876506090 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 19 | 192.168.2.9 | 49731 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:43.000627041 CET | 320 | OUT | |
| Nov 15, 2024 17:25:43.925168991 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 20 | 192.168.2.9 | 49732 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:44.047250032 CET | 320 | OUT | |
| Nov 15, 2024 17:25:44.959342957 CET | 220 | IN | |
| Nov 15, 2024 17:25:45.079432011 CET | 320 | OUT | |
| Nov 15, 2024 17:25:45.391027927 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 21 | 192.168.2.9 | 49733 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:45.515428066 CET | 320 | OUT | |
| Nov 15, 2024 17:25:46.442795992 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 22 | 192.168.2.9 | 49734 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:46.562336922 CET | 320 | OUT | |
| Nov 15, 2024 17:25:47.483452082 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 23 | 192.168.2.9 | 49735 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:47.608572006 CET | 320 | OUT | |
| Nov 15, 2024 17:25:48.509156942 CET | 220 | IN | |
| Nov 15, 2024 17:25:48.619919062 CET | 320 | OUT | |
| Nov 15, 2024 17:25:48.919589043 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 24 | 192.168.2.9 | 49736 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:49.053750038 CET | 320 | OUT | |
| Nov 15, 2024 17:25:50.003989935 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 25 | 192.168.2.9 | 49737 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:50.125956059 CET | 320 | OUT | |
| Nov 15, 2024 17:25:51.022595882 CET | 220 | IN | |
| Nov 15, 2024 17:25:51.134629011 CET | 320 | OUT | |
| Nov 15, 2024 17:25:51.435843945 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 26 | 192.168.2.9 | 49738 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:51.562647104 CET | 320 | OUT | |
| Nov 15, 2024 17:25:52.493071079 CET | 220 | IN | |
| Nov 15, 2024 17:25:52.603682041 CET | 320 | OUT | |
| Nov 15, 2024 17:25:52.911053896 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 27 | 192.168.2.9 | 49739 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:53.031117916 CET | 320 | OUT | |
| Nov 15, 2024 17:25:53.950145960 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 28 | 192.168.2.9 | 49740 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:54.084857941 CET | 320 | OUT | |
| Nov 15, 2024 17:25:54.992309093 CET | 220 | IN | |
| Nov 15, 2024 17:25:55.103746891 CET | 320 | OUT | |
| Nov 15, 2024 17:25:55.411870003 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 29 | 192.168.2.9 | 49741 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:55.531505108 CET | 320 | OUT | |
| Nov 15, 2024 17:25:56.446052074 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 30 | 192.168.2.9 | 49742 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:56.625824928 CET | 320 | OUT | |
| Nov 15, 2024 17:25:57.555640936 CET | 220 | IN | |
| Nov 15, 2024 17:25:57.665997982 CET | 320 | OUT | |
| Nov 15, 2024 17:25:57.976516008 CET | 220 | IN | |
| Nov 15, 2024 17:25:58.088257074 CET | 320 | OUT | |
| Nov 15, 2024 17:25:58.405245066 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 31 | 192.168.2.9 | 49743 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:58.531132936 CET | 320 | OUT | |
| Nov 15, 2024 17:25:59.440038919 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 32 | 192.168.2.9 | 49744 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:25:59.576061010 CET | 320 | OUT | |
| Nov 15, 2024 17:26:00.474960089 CET | 220 | IN | |
| Nov 15, 2024 17:26:00.590584040 CET | 320 | OUT | |
| Nov 15, 2024 17:26:01.253109932 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 33 | 192.168.2.9 | 49745 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:26:01.386132956 CET | 320 | OUT | |
| Nov 15, 2024 17:26:02.306951046 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 34 | 192.168.2.9 | 49746 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:26:02.439238071 CET | 320 | OUT | |
| Nov 15, 2024 17:26:03.346044064 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 35 | 192.168.2.9 | 49747 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:26:03.474989891 CET | 320 | OUT | |
| Nov 15, 2024 17:26:04.405653000 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 36 | 192.168.2.9 | 49748 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:26:04.604070902 CET | 320 | OUT | |
| Nov 15, 2024 17:26:05.452861071 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 37 | 192.168.2.9 | 49749 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:26:05.580996037 CET | 320 | OUT | |
| Nov 15, 2024 17:26:06.517332077 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 38 | 192.168.2.9 | 49750 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:26:06.640608072 CET | 320 | OUT | |
| Nov 15, 2024 17:26:07.553356886 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 39 | 192.168.2.9 | 49751 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:26:07.763627052 CET | 320 | OUT | |
| Nov 15, 2024 17:26:08.665937901 CET | 220 | IN | |
| Nov 15, 2024 17:26:08.776092052 CET | 320 | OUT | |
| Nov 15, 2024 17:26:09.090004921 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 40 | 192.168.2.9 | 49752 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:26:09.218560934 CET | 320 | OUT | |
| Nov 15, 2024 17:26:10.138307095 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 41 | 192.168.2.9 | 49753 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:26:10.266657114 CET | 320 | OUT | |
| Nov 15, 2024 17:26:11.177228928 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 42 | 192.168.2.9 | 49754 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:26:11.299715042 CET | 320 | OUT | |
| Nov 15, 2024 17:26:12.224812984 CET | 220 | IN | |
| Nov 15, 2024 17:26:12.338037014 CET | 320 | OUT | |
| Nov 15, 2024 17:26:12.645009995 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 43 | 192.168.2.9 | 49755 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:26:12.765455008 CET | 320 | OUT | |
| Nov 15, 2024 17:26:13.661818027 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 44 | 192.168.2.9 | 49756 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:26:13.784981012 CET | 320 | OUT | |
| Nov 15, 2024 17:26:14.713978052 CET | 220 | IN | |
| Nov 15, 2024 17:26:14.823463917 CET | 320 | OUT | |
| Nov 15, 2024 17:26:15.131406069 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 45 | 192.168.2.9 | 49757 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:26:15.269809008 CET | 320 | OUT | |
| Nov 15, 2024 17:26:16.173733950 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 46 | 192.168.2.9 | 49758 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:26:16.297059059 CET | 320 | OUT | |
| Nov 15, 2024 17:26:17.224796057 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 47 | 192.168.2.9 | 49759 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:26:17.352478027 CET | 320 | OUT | |
| Nov 15, 2024 17:26:18.272103071 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 48 | 192.168.2.9 | 49760 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:26:18.483884096 CET | 320 | OUT | |
| Nov 15, 2024 17:26:19.404278040 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 49 | 192.168.2.9 | 49761 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:26:19.533870935 CET | 320 | OUT | |
| Nov 15, 2024 17:26:20.440432072 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 50 | 192.168.2.9 | 49762 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:26:20.567076921 CET | 320 | OUT | |
| Nov 15, 2024 17:26:21.489876986 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 51 | 192.168.2.9 | 49763 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:26:21.644222975 CET | 320 | OUT | |
| Nov 15, 2024 17:26:22.570523977 CET | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 52 | 192.168.2.9 | 49764 | 185.208.158.202 | 80 | 7624 | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 15, 2024 17:26:22.734956026 CET | 320 | OUT | |
| Nov 15, 2024 17:26:23.652510881 CET | 220 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 11:24:17 |
| Start date: | 15/11/2024 |
| Path: | C:\Users\user\Desktop\i7j22nof2Q.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 6'692'550 bytes |
| MD5 hash: | AD01C8FA6EC2371DFD9F57200F84E13A |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | Borland Delphi |
| Reputation: | low |
| Has exited: | false |
| Target ID: | 2 |
| Start time: | 11:24:17 |
| Start date: | 15/11/2024 |
| Path: | C:\Users\user\AppData\Local\Temp\is-C5FIO.tmp\i7j22nof2Q.tmp |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 2'532'352 bytes |
| MD5 hash: | 438F4076E92D3C839405BAB4652FE2CE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | Borland Delphi |
| Antivirus matches: |
|
| Reputation: | low |
| Has exited: | false |
| Target ID: | 3 |
| Start time: | 11:24:20 |
| Start date: | 15/11/2024 |
| Path: | C:\Windows\SysWOW64\net.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xe30000 |
| File size: | 47'104 bytes |
| MD5 hash: | 31890A7DE89936F922D44D677F681A7F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 11:24:20 |
| Start date: | 15/11/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff70f010000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 5 |
| Start time: | 11:24:20 |
| Start date: | 15/11/2024 |
| Path: | C:\Windows\SysWOW64\net1.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xdb0000 |
| File size: | 139'776 bytes |
| MD5 hash: | 2EFE6ED4C294AB8A39EB59C80813FEC1 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 6 |
| Start time: | 11:24:20 |
| Start date: | 15/11/2024 |
| Path: | C:\Users\user\AppData\Local\Avidenta 2.8.8\avidenta32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 3'805'184 bytes |
| MD5 hash: | 5F301B2942D42D35402C384009767E5F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Antivirus matches: |
|
| Reputation: | low |
| Has exited: | false |
Function 10001130 Relevance: .1, Instructions: 55COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 10001000 Relevance: .0, Instructions: 2COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 9.7% |
| Dynamic/Decrypted Code Coverage: | 83.7% |
| Signature Coverage: | 4.9% |
| Total number of Nodes: | 2000 |
| Total number of Limit Nodes: | 41 |
Graph
Function 02CA72AB Relevance: 95.2, APIs: 41, Strings: 13, Instructions: 659networksleepfileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA648B Relevance: 82.5, APIs: 42, Strings: 5, Instructions: 228memorysleeplibraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00401B4B Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 74libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02CAF9B2 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 87libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CAF8AE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 100fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02CA1CF8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 105synchronizationCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA4D86 Relevance: 16.8, APIs: 11, Instructions: 256COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA7BB1 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83sleepCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA7B9B Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 62sleepCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA26DB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92timeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA2B95 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 132networkCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA29EE Relevance: 7.6, APIs: 5, Instructions: 79networkCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA1BA7 Relevance: 7.6, APIs: 5, Instructions: 75COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00403220 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02CA2EDD Relevance: 6.0, APIs: 4, Instructions: 49networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA2DB5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA2AC7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA353E Relevance: 4.6, APIs: 3, Instructions: 127COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA369A Relevance: 4.6, APIs: 3, Instructions: 60COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CB2100 Relevance: 4.5, APIs: 3, Instructions: 42threadCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA1AA9 Relevance: 4.5, APIs: 3, Instructions: 18networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02CA4BED Relevance: 3.1, APIs: 2, Instructions: 137COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02CA2D39 Relevance: 3.0, APIs: 2, Instructions: 50networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA83F5 Relevance: 3.0, APIs: 2, Instructions: 32networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00404364 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02CA5119 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CDFAC5 Relevance: 1.6, APIs: 1, Instructions: 90fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02CAE9CC Relevance: 1.6, APIs: 1, Instructions: 75COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CDF9E6 Relevance: 1.6, APIs: 1, Instructions: 62fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02CA33B2 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CDFB30 Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02D28D68 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02CDFA44 Relevance: 1.5, APIs: 1, Instructions: 42fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02CDF872 Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02CAE55C Relevance: 1.5, APIs: 1, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004029ED Relevance: 1.5, APIs: 1, Instructions: 28libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02CA6241 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004025C8 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02CAE33B Relevance: 1.5, APIs: 1, Instructions: 20COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA61F5 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02CE5C7E Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004021F4 Relevance: 1.5, APIs: 1, Instructions: 7registryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402BCC Relevance: 1.5, APIs: 1, Instructions: 5COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040D256 Relevance: 1.5, APIs: 1, Instructions: 3fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040D94A Relevance: 1.5, APIs: 1, Instructions: 2registryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040D06A Relevance: 1.3, APIs: 1, Instructions: 54sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402785 Relevance: 1.3, APIs: 1, Instructions: 52COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02CB2170 Relevance: 1.3, APIs: 1, Instructions: 43COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004022FE Relevance: 1.3, APIs: 1, Instructions: 43sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004029B4 Relevance: 1.3, APIs: 1, Instructions: 26sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040272A Relevance: 1.3, APIs: 1, Instructions: 18stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402142 Relevance: 1.3, APIs: 1, Instructions: 10sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004027E1 Relevance: 1.3, APIs: 1, Instructions: 9memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406FB7 Relevance: 26.7, Strings: 21, Instructions: 417COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02CB08D0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 179windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CAF866 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040D1C8 Relevance: 1.5, APIs: 1, Instructions: 30timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402232 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402BAD Relevance: 1.5, APIs: 1, Instructions: 7serviceCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401051 Relevance: .8, Instructions: 774COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02CAF085 Relevance: .6, Instructions: 634COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CBE675 Relevance: .3, Instructions: 331COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CBE25D Relevance: .3, Instructions: 323COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00401C26 Relevance: .3, Instructions: 263COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02CDB4E5 Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02CA24E1 Relevance: 21.2, APIs: 14, Instructions: 173COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004023B3 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 75registrysynchronizationthreadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA3423 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 94libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004068E8 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406BC7 Relevance: 13.7, APIs: 9, Instructions: 177COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004045CD Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100fileCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403F12 Relevance: 12.1, APIs: 8, Instructions: 132COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02CB1620 Relevance: 10.6, APIs: 7, Instructions: 132COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA2081 Relevance: 10.6, APIs: 7, Instructions: 116timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CB1732 Relevance: 10.6, APIs: 7, Instructions: 107synchronizationCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CB5DA4 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CB34D1 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CB35A6 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00406A7E Relevance: 9.1, APIs: 6, Instructions: 117COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02CA1C91 Relevance: 9.0, APIs: 6, Instructions: 39synchronizationthreadinjectionCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02CB1940 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 66COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA4030 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00404044 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA207C Relevance: 7.6, APIs: 5, Instructions: 100timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CAE103 Relevance: 7.6, APIs: 5, Instructions: 92COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA21D5 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA2298 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA2420 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA1EC7 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00402991 Relevance: 7.5, APIs: 1, Strings: 4, Instructions: 15memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA30AE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CB3B5C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004034CA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404F8C Relevance: 6.4, APIs: 5, Instructions: 102memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CB37BD Relevance: 6.1, APIs: 4, Instructions: 136COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA3D7E Relevance: 6.1, APIs: 4, Instructions: 57networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA239D Relevance: 6.1, APIs: 4, Instructions: 52COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA247D Relevance: 6.0, APIs: 4, Instructions: 38COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA2004 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA1E26 Relevance: 6.0, APIs: 4, Instructions: 30COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02CA9674 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CA19C2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00404DE0 Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|