Edit tour
Windows
Analysis Report
REQUEST FOR QUOATION AND PRICES.exe
Overview
General Information
| Sample name: | REQUEST FOR QUOATION AND PRICES.exe |
| Analysis ID: | 1567431 |
| MD5: | 143edb6c5c1e1a1e06695965f2b5cb74 |
| SHA1: | b43660357dbe4c3d84d4239b6273817b5eb1ff53 |
| SHA256: | 05814550e1562d4c54710804145c678b6191aab6a07c73e6f7902b1149bb020d |
| Tags: | exeuser-abuse_ch |
| Infos: |  |
 | |
Detection
GuLoader, MassLogger RAT
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected MassLogger RAT
Yara detected Telegram RAT
AI detected suspicious sample
Disable Task Manager(disabletaskmgr)
Disables CMD prompt
Disables the Windows task manager (taskmgr)
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Classification
- System is w10x64
REQUEST FOR QUOATION AND PRICES.exe (PID: 4256 cmdline: "C:\Users\ user\Deskt op\REQUEST FOR QUOAT ION AND PR ICES.exe" MD5: 143EDB6C5C1E1A1E06695965F2B5CB74) - REQUEST FOR QUOATION AND PRICES.exe (PID: 7616 cmdline:
"C:\Users\ user\Deskt op\REQUEST FOR QUOAT ION AND PR ICES.exe" MD5: 143EDB6C5C1E1A1E06695965F2B5CB74)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
{"C2 url": "https://api.telegram.org/bot7876448059:AAFalpFHyU5R24fiMM-B_jN6tgNAqi50gGU/sendMessage"}{"EXfil Mode": "Telegram", "Telegram Token": "7876448059:AAFalpFHyU5R24fiMM-B_jN6tgNAqi50gGU", "Telegram Chatid": "7382809095"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | ||
| Click to see the 2 entries | ||||
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-03T15:23:01.791954+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49830 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:06.396891+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49844 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:10.145994+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49852 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:13.917148+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49863 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:17.893806+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49875 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:21.905465+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49883 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:25.604826+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49894 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:29.303112+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49903 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:32.999234+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49913 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:37.577523+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49925 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:41.186381+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49935 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:44.858088+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49943 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:48.483823+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49951 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:52.010679+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49962 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:55.703363+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49968 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:59.435944+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49978 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:24:05.296567+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49980 | 149.154.167.220 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-03T15:22:51.057369+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.7 | 49802 | 132.226.247.73 | 80 | TCP |
| 2024-12-03T15:22:59.588677+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.7 | 49802 | 132.226.247.73 | 80 | TCP |
| 2024-12-03T15:23:04.323085+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.7 | 49838 | 132.226.247.73 | 80 | TCP |
| 2024-12-03T15:23:08.010701+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.7 | 49850 | 132.226.247.73 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-03T15:22:42.735160+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.7 | 49780 | 172.217.19.174 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | ||
| Source: | Integrated Neural Analysis Model: | ||
Location Tracking | |
|---|
| Source: | DNS query: | ||
| Source: | Code function: | 10_2_36DDB4C0 | |
| Source: | Code function: | 10_2_36DDBCBF | |
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 5_2_00405772 | |
| Source: | Code function: | 5_2_0040622D | |
| Source: | Code function: | 5_2_00402770 | |
| Source: | Code function: | 10_2_00402770 | |
| Source: | Code function: | 10_2_00405772 | |
| Source: | Code function: | 10_2_0040622D | |
| Source: | Code function: | 10_2_0011E6A8 | |
| Source: | Code function: | 10_2_0011EC67 | |
| Source: | Code function: | 10_2_0011EFAF | |
| Source: | Code function: | 10_2_36DDA928 | |
| Source: | Code function: | 10_2_36DDCED8 | |
| Source: | Code function: | 10_2_36DDA4D0 | |
| Source: | Code function: | 10_2_36DDE6F0 | |
| Source: | Code function: | 10_2_36DDCA80 | |
| Source: | Code function: | 10_2_36DDF850 | |
| Source: | Code function: | 10_2_36DDA078 | |
| Source: | Code function: | 10_2_36DDC628 | |
| Source: | Code function: | 10_2_36DD9C20 | |
| Source: | Code function: | 10_2_36DDC1D0 | |
| Source: | Code function: | 10_2_36DD97C8 | |
| Source: | Code function: | 10_2_36DDF3F8 | |
| Source: | Code function: | 10_2_36DDEFA0 | |
| Source: | Code function: | 10_2_36DDEB48 | |
| Source: | Code function: | 10_2_36DDBD78 | |
| Source: | Code function: | 10_2_36DD9370 | |
| Source: | Code function: | 10_2_36DDD330 | |
| Source: | Code function: | 10_2_36DF6130 | |
| Source: | Code function: | 10_2_36DF6130 | |
| Source: | Code function: | 10_2_36DF98D0 | |
| Source: | Code function: | 10_2_36DFA6C7 | |
| Source: | Code function: | 10_2_36DF46F8 | |
| Source: | Code function: | 10_2_36DF563F | |
| Source: | Code function: | 10_2_36DF0498 | |
| Source: | Code function: | 10_2_36DF15F8 | |
| Source: | Code function: | 10_2_36DF3598 | |
| Source: | Code function: | 10_2_36DF42A0 | |
| Source: | Code function: | 10_2_36DF2300 | |
| Source: | Code function: | 10_2_36DF0040 | |
| Source: | Code function: | 10_2_36DF11A0 | |
| Source: | Code function: | 10_2_36DF3140 | |
| Source: | Code function: | 10_2_36DF1EA8 | |
| Source: | Code function: | 10_2_36DF3E48 | |
| Source: | Code function: | 10_2_36DF4FA8 | |
| Source: | Code function: | 10_2_36DF2CE8 | |
| Source: | Code function: | 10_2_36DF0D48 | |
| Source: | Code function: | 10_2_36DF1A50 | |
| Source: | Code function: | 10_2_36DF4B50 | |
| Source: | Code function: | 10_2_36DF08F0 | |
| Source: | Code function: | 10_2_36DF2890 | |
| Source: | Code function: | 10_2_36DF39F0 | |
| Source: | Code function: | 10_2_37E5E600 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 5_2_004052D3 | |
| Source: | Code function: | 5_2_0040335A | |
| Source: | Code function: | 10_2_0040335A | |
| Source: | File created: | Jump to behavior | ||
| Source: | Code function: | 5_2_00404B10 | |
| Source: | Code function: | 5_2_0040653F | |
| Source: | Code function: | 10_2_00404B10 | |
| Source: | Code function: | 10_2_0040653F | |
| Source: | Code function: | 10_2_00114328 | |
| Source: | Code function: | 10_2_0011E6A8 | |
| Source: | Code function: | 10_2_001127B9 | |
| Source: | Code function: | 10_2_00118DA0 | |
| Source: | Code function: | 10_2_00115968 | |
| Source: | Code function: | 10_2_00115F90 | |
| Source: | Code function: | 10_2_0011E6A7 | |
| Source: | Code function: | 10_2_00112DD1 | |
| Source: | Code function: | 10_2_36DD624F | |
| Source: | Code function: | 10_2_36DD1608 | |
| Source: | Code function: | 10_2_36DDD788 | |
| Source: | Code function: | 10_2_36DDAF80 | |
| Source: | Code function: | 10_2_36DDA928 | |
| Source: | Code function: | 10_2_36DD5B28 | |
| Source: | Code function: | 10_2_36DDCED8 | |
| Source: | Code function: | 10_2_36DDCED7 | |
| Source: | Code function: | 10_2_36DDA4D0 | |
| Source: | Code function: | 10_2_36DDA4C0 | |
| Source: | Code function: | 10_2_36DDE6F0 | |
| Source: | Code function: | 10_2_36DDCA80 | |
| Source: | Code function: | 10_2_36DDF850 | |
| Source: | Code function: | 10_2_36DDF84F | |
| Source: | Code function: | 10_2_36DDCA79 | |
| Source: | Code function: | 10_2_36DDA078 | |
| Source: | Code function: | 10_2_36DDA077 | |
| Source: | Code function: | 10_2_36DD9C1F | |
| Source: | Code function: | 10_2_36DDE60F | |
| Source: | Code function: | 10_2_36DD1603 | |
| Source: | Code function: | 10_2_36DDC628 | |
| Source: | Code function: | 10_2_36DDC627 | |
| Source: | Code function: | 10_2_36DD9C20 | |
| Source: | Code function: | 10_2_36DDC1D0 | |
| Source: | Code function: | 10_2_36DDC1C9 | |
| Source: | Code function: | 10_2_36DD97C8 | |
| Source: | Code function: | 10_2_36DDF3F8 | |
| Source: | Code function: | 10_2_36DDF3F7 | |
| Source: | Code function: | 10_2_36DDEF90 | |
| Source: | Code function: | 10_2_36DDD787 | |
| Source: | Code function: | 10_2_36DD5180 | |
| Source: | Code function: | 10_2_36DD97B9 | |
| Source: | Code function: | 10_2_36DDEFA0 | |
| Source: | Code function: | 10_2_36DDEB48 | |
| Source: | Code function: | 10_2_36DDEB47 | |
| Source: | Code function: | 10_2_36DDBD78 | |
| Source: | Code function: | 10_2_36DD9370 | |
| Source: | Code function: | 10_2_36DD5170 | |
| Source: | Code function: | 10_2_36DDAF70 | |
| Source: | Code function: | 10_2_36DD936F | |
| Source: | Code function: | 10_2_36DDBD68 | |
| Source: | Code function: | 10_2_36DD5908 | |
| Source: | Code function: | 10_2_36DDD330 | |
| Source: | Code function: | 10_2_36DDD32F | |
| Source: | Code function: | 10_2_36DDA927 | |
| Source: | Code function: | 10_2_36DF77F0 | |
| Source: | Code function: | 10_2_36DF8490 | |
| Source: | Code function: | 10_2_36DF9572 | |
| Source: | Code function: | 10_2_36DF71A8 | |
| Source: | Code function: | 10_2_36DF6130 | |
| Source: | Code function: | 10_2_36DF7E40 | |
| Source: | Code function: | 10_2_36DF98D0 | |
| Source: | Code function: | 10_2_36DF46F8 | |
| Source: | Code function: | 10_2_36DF46F7 | |
| Source: | Code function: | 10_2_36DF563F | |
| Source: | Code function: | 10_2_36DF77E0 | |
| Source: | Code function: | 10_2_36DF0498 | |
| Source: | Code function: | 10_2_36DF0497 | |
| Source: | Code function: | 10_2_36DF8481 | |
| Source: | Code function: | 10_2_36DF15F8 | |
| Source: | Code function: | 10_2_36DF15F7 | |
| Source: | Code function: | 10_2_36DF3598 | |
| Source: | Code function: | 10_2_36DF3588 | |
| Source: | Code function: | 10_2_36DF22FF | |
| Source: | Code function: | 10_2_36DF429F | |
| Source: | Code function: | 10_2_36DF42A0 | |
| Source: | Code function: | 10_2_36DF2300 | |
| Source: | Code function: | 10_2_36DF0040 | |
| Source: | Code function: | 10_2_36DF003F | |
| Source: | Code function: | 10_2_36DFE030 | |
| Source: | Code function: | 10_2_36DFE020 | |
| Source: | Code function: | 10_2_36DF1190 | |
| Source: | Code function: | 10_2_36DF11A0 | |
| Source: | Code function: | 10_2_36DF3140 | |
| Source: | Code function: | 10_2_36DF313F | |
| Source: | Code function: | 10_2_36DF6125 | |
| Source: | Code function: | 10_2_36DF1EA8 | |
| Source: | Code function: | 10_2_36DF1EA7 | |
| Source: | Code function: | 10_2_36DF3E48 | |
| Source: | Code function: | 10_2_36DF3E38 | |
| Source: | Code function: | 10_2_36DF7E30 | |
| Source: | Code function: | 10_2_36DF4FA8 | |
| Source: | Code function: | 10_2_36DF4FA7 | |
| Source: | Code function: | 10_2_36DF2CD8 | |
| Source: | Code function: | 10_2_36DF2CE8 | |
| Source: | Code function: | 10_2_36DF0D48 | |
| Source: | Code function: | 10_2_36DF0D47 | |
| Source: | Code function: | 10_2_36DF8AD8 | |
| Source: | Code function: | 10_2_36DF8ACA | |
| Source: | Code function: | 10_2_36DF1A50 | |
| Source: | Code function: | 10_2_36DF1A4F | |
| Source: | Code function: | 10_2_36DF4B50 | |
| Source: | Code function: | 10_2_36DF4B40 | |
| Source: | Code function: | 10_2_36DF98C0 | |
| Source: | Code function: | 10_2_36DF08F0 | |
| Source: | Code function: | 10_2_36DF08EF | |
| Source: | Code function: | 10_2_36DF2890 | |
| Source: | Code function: | 10_2_36DF287F | |
| Source: | Code function: | 10_2_36DF39F0 | |
| Source: | Code function: | 10_2_36DF39EF | |
| Source: | Code function: | 10_2_37E5E600 | |
| Source: | Code function: | 10_2_37E5D478 | |
| Source: | Code function: | 10_2_37E573D0 | |
| Source: | Code function: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 5_2_004045CA | |
| Source: | Code function: | 5_2_0040206A | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | Code function: | 5_2_00406254 | |
| Source: | Code function: | 5_2_10002DCE | |
| Source: | File created: | Jump to dropped file | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | API coverage: | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 5_2_00405772 | |
| Source: | Code function: | 5_2_0040622D | |
| Source: | Code function: | 5_2_00402770 | |
| Source: | Code function: | 10_2_00402770 | |
| Source: | Code function: | 10_2_00405772 | |
| Source: | Code function: | 10_2_0040622D | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_5-4798 | ||
| Source: | API call chain: | graph_5-4803 | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Code function: | 10_2_36DD5B28 | |
| Source: | Code function: | 5_2_00406254 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 5_2_00405F0C | |
| Source: | Key value queried: | Jump to behavior | ||
Lowering of HIPS / PFW / Operating System Security Settings | |
|---|
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry key created or modified: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 11 Process Injection | 11 Masquerading | 1 OS Credential Dumping | 211 Security Software Discovery | Remote Services | 1 Email Collection | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 31 Disable or Modify Tools | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | 1 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 41 Virtualization/Sandbox Evasion | Security Account Manager | 41 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | 1 Data from Local System | 1 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Process Injection | NTDS | 1 Application Window Discovery | Distributed Component Object Model | 1 Clipboard Data | 3 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 System Network Configuration Discovery | SSH | Keylogging | 14 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 3 Obfuscated Files or Information | Cached Domain Credentials | 2 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | 215 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 13% | ReversingLabs | |||
| 100% | Avira | HEUR/AGEN.1337946 |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| drive.google.com | 172.217.19.174 | true | false | high | |
| drive.usercontent.google.com | 142.250.181.97 | true | false | high | |
| reallyfreegeoip.org | 104.21.67.152 | true | false | high | |
| api.telegram.org | 149.154.167.220 | true | false | high | |
| checkip.dyndns.com | 132.226.247.73 | true | false | high | |
| checkip.dyndns.org | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
| 104.21.67.152 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false | |
| 172.217.19.174 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
| 142.250.181.97 | drive.usercontent.google.com | United States | 15169 | GOOGLEUS | false | |
| 132.226.247.73 | checkip.dyndns.com | United States | 16989 | UTMEMUS | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1567431 |
| Start date and time: | 2024-12-03 15:20:59 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 7m 22s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 15 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | REQUEST FOR QUOATION AND PRICES.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/8@5/5 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: REQUEST FOR QUOATION AND PRICES.exe
| Time | Type | Description |
|---|---|---|
| 10:37:52 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 149.154.167.220 | Get hash | malicious | GuLoader, MassLogger RAT | Browse | ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | DarkCloud | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Stealerium | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| 104.21.67.152 | Get hash | malicious | GuLoader, MassLogger RAT | Browse | ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger | Browse | |||
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | MassLogger RAT | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | MassLogger RAT | Browse | |||
| Get hash | malicious | MassLogger RAT | Browse | |||
| 132.226.247.73 | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| checkip.dyndns.com | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| reallyfreegeoip.org | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| api.telegram.org | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | DarkCloud | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Stealerium | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| TELEGRAMRU | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | DarkCloud | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Stealerium | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | AgentTesla | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| UTMEMUS | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | AgentTesla | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Quasar | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Quasar | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | DarkCloud | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nsz829B.tmp\System.dll | Get hash | malicious | GuLoader, MassLogger RAT | Browse | ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | Azorult, GuLoader | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| Process: | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1205335 |
| Entropy (8bit): | 3.531689895208813 |
| Encrypted: | false |
| SSDEEP: | 12288:w8rRdu4ubGzwg2ZCjm8EO6x6l64XFltbJNyeWpKJ:HfRu3gWV8Ebi641llupK |
| MD5: | 84703BB2E9BBA641ADD27F6758780928 |
| SHA1: | A14176D85C035EFE574DF2320AEBC9AFBAF74820 |
| SHA-256: | 14616079E42750F701FD299920FD45633EA609080F278C7A8A9386E0C4223E11 |
| SHA-512: | 525D08B61C133D07AAD8CA21FA711F5F42888E5598027FCF9DCB7C3BAEF02F3831C25878E06D740292B08C80265BEEB7316EE7DA14725B6E6B188AD1125254B4 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 11264 |
| Entropy (8bit): | 5.801108840712148 |
| Encrypted: | false |
| SSDEEP: | 192:e/b2HS5ih/7i00eWz9T7PH6yeFcQMI5+Vw+EXWZ77dslFZk:ewSUmWw9T7MmnI5+/F7Kdk |
| MD5: | FC90DFB694D0E17B013D6F818BCE41B0 |
| SHA1: | 3243969886D640AF3BFA442728B9F0DFF9D5F5B0 |
| SHA-256: | 7FE77CA13121A113C59630A3DBA0C8AAA6372E8082393274DA8F8608C4CE4528 |
| SHA-512: | 324F13AA7A33C6408E2A57C3484D1691ECEE7C3C1366DE2BB8978C8DC66B18425D8CAB5A32D1702C13C43703E36148A022263DE7166AFDCE141DA2B01169F1C6 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Reputation: | moderate, very likely benign file |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Kopieringsprogrammet\Coindwelling.Lys
Download File
| Process: | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 298784 |
| Entropy (8bit): | 7.736636534495347 |
| Encrypted: | false |
| SSDEEP: | 6144:M2ljJ7MW6Lv6XHzwgmTtPC8x3Km8EXu16x6l6n4o2F5rmebxnHz:M4ubGzwg2ZCjm8EO6x6l64XFltbJz |
| MD5: | C1035965687C9BDA80A00EFC020863D9 |
| SHA1: | 79C4E5A175290C8DCC548F85FCF9FDF9B2F75096 |
| SHA-256: | A9A729569A3960676154A62623D6722EC46226228C70DB79A53DCB576126C56B |
| SHA-512: | F76E2E406F3A2AE25CF5D2F7675CAF8DD583E7C1361D12E12A1F35EA86177AE4263129BB6BEF25A488FB016B28F3786C7149995670220AA4B90F3A4BECF7DF73 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Kopieringsprogrammet\Emalje.kap
Download File
| Process: | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 161977 |
| Entropy (8bit): | 1.2465706431701635 |
| Encrypted: | false |
| SSDEEP: | 768:j91kr2E4uLB4rAvVSJUxZOKLuPYUIlh6njQqVK+P7T6r6hI4W7lD1jBCgUpo:94irAZug+TLg1cpo |
| MD5: | 818D9B577C6A2CCB8C8D753C89B0AEED |
| SHA1: | 1912E60E75B47E0AC0B0ACDB2B320F0B36D3CE22 |
| SHA-256: | B53DFB245A8D5A0F0FAEEC7E8B4AE273522AC29FD29B33608F9BA7F9ADB90279 |
| SHA-512: | 91993AA2E3E2666A3945886101B2B670CD3B0D76CF3CFFF3684DCB310FE324A1C650FAB5D5D00B8CFA49B5A7713FE2DBBA6DC2D8BB8DAC7A169495E6694CE4C6 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Kopieringsprogrammet\Nidstirrer.Pre
Download File
| Process: | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 28382 |
| Entropy (8bit): | 4.542161038457155 |
| Encrypted: | false |
| SSDEEP: | 384:7B8dlWrSIZBUx6RvCA6yOjeKNk1IOO8n/RFapPWQ1eAEU8CEwffnMfA5XHt:7B8dlWnf5EATcrkgFn8CjnMfA1Ht |
| MD5: | 09F0F33D40E7290D770353F19C7013A2 |
| SHA1: | 757A2718341EAA21285F8F5B879213814DCB7B88 |
| SHA-256: | BE35F7639DDFD3EE887D53F51337859DC721FC3D89F23AE45553235F978E5B98 |
| SHA-512: | 11655A921B0201A5A516FA1360BBE951A4166B8D0207A703E257F5B45244409487452C4A2D7B628F9900F302C1B7159B863897158E1A0D84C00A7F63987A4964 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Kopieringsprogrammet\img2.jpg
Download File
| Process: | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2929 |
| Entropy (8bit): | 7.418910042244289 |
| Encrypted: | false |
| SSDEEP: | 48:j2XBhBOaFxHfEaq1kk1YunCRbvwxhjAxnyHIvR4SnHP7oNLpLR8Fqhr:j2XBv9Fx2kkO7RihjlovpnHPCpaQ1 |
| MD5: | 49DAF4E74443D8502F3229468615185F |
| SHA1: | 9BB41BF5F382EE315893366F559FA26D57A4CD5F |
| SHA-256: | E5EE495A89E55467DB6A396F012EDB6A71D2E762CFC7FC6846FE7259528BF168 |
| SHA-512: | EE9ABC6A19215FED64584BA24736ECBA24139CD03A75530FF351C99A25628410472A28F4EE08E87CE1F75DC79396A2A9C1AC79C399720C320437BC18993B561A |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Kopieringsprogrammet\pinrail.whe
Download File
| Process: | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 461378 |
| Entropy (8bit): | 1.252059381950645 |
| Encrypted: | false |
| SSDEEP: | 1536:s3tr+hilKd11tUzcxZg7SBobbR5FF7b7IvSog:sRVmQc3u9F7b76 |
| MD5: | 3AD2FE4EA13486258EADDD1E5940A6D7 |
| SHA1: | 06D0468A125D754D4534C182D79444DFB7A1CF61 |
| SHA-256: | E4C5F20595C446D20C978CF7B486579BA2FFC17E64B940733B40C89DF4331319 |
| SHA-512: | 82328E01492BDB8B23555CB369279A5352B35E0B51A4A4AC88D9F9285BBDABA627FE01139B4F9669847252D5A59FC512B2463A364EFD5C33B83309D6A8985D59 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Kopieringsprogrammet\unyouthfully.ske
Download File
| Process: | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 225641 |
| Entropy (8bit): | 1.2362366155163755 |
| Encrypted: | false |
| SSDEEP: | 768:HcPiBl7QD/ad4B+etLBBF64vscOIBiMFYnfBc1TS/HVtHlY4bDzZkmNQyFY670Fn:QaxOPt/G9V4yf7P/zZkX00b/h |
| MD5: | 94C4B93474D07658FCBD411A20E68532 |
| SHA1: | 66421117EB902B48D39A1514C88C868394085FCF |
| SHA-256: | 50B1D7356F0CC22F2A9AE93A7CC9738C6BC0907724ACDB85F68F594333B706DC |
| SHA-512: | BC1C40FF5B9FD71590E9B3E71D7B58A46E8AFBE56DFBD22C39F5DC0952ACEDC96F2BC4D8428EA0BCD75D67BD32F2B095585925CD8141063801FB128EA46F7471 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.070078101481484 |
| TrID: |
|
| File name: | REQUEST FOR QUOATION AND PRICES.exe |
| File size: | 734'480 bytes |
| MD5: | 143edb6c5c1e1a1e06695965f2b5cb74 |
| SHA1: | b43660357dbe4c3d84d4239b6273817b5eb1ff53 |
| SHA256: | 05814550e1562d4c54710804145c678b6191aab6a07c73e6f7902b1149bb020d |
| SHA512: | 8656e2e854a66f2901898147303fa5119c691defc06745d38d93ce0ef06ff243d85b8d0d109d0ef18c4bb3b1de29a5c76961b85a77959c0d93b9179546bbe761 |
| SSDEEP: | 12288:xlYZmcRHOohpeGbzpAbzRglY6y/utl97avDAoXPJO2RpXD3j:UmcdOohMyz5Y6yK7arHXPJOyXjj |
| TLSH: | 30F4D01F1B168406EE9415F2B8A3CE53A6F5BFBC206973456D62FF1780B3E70394A189 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.D9u.*ju.*ju.*j..ujw.*ju.+j..*j..wjd.*j!..j..*j..,jt.*jRichu.*j........PE..L.....oS.................`...*......Z3.......p....@ |
 | |
| Icon Hash: | 058cc0e474936126 |
| Entrypoint: | 0x40335a |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x536FD79B [Sun May 11 20:03:39 2014 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | e221f4f7d36469d53810a4b5f9fc8966 |
| Instruction |
|---|
| sub esp, 000002D4h |
| push ebx |
| push ebp |
| push esi |
| push edi |
| push 00000020h |
| xor ebp, ebp |
| pop esi |
| mov dword ptr [esp+14h], ebp |
| mov dword ptr [esp+10h], 00409230h |
| mov dword ptr [esp+1Ch], ebp |
| call dword ptr [00407034h] |
| push 00008001h |
| call dword ptr [004070BCh] |
| push ebp |
| call dword ptr [004072ACh] |
| push 00000008h |
| mov dword ptr [00429298h], eax |
| call 00007FD7CC7C779Ch |
| mov dword ptr [004291E4h], eax |
| push ebp |
| lea eax, dword ptr [esp+34h] |
| push 000002B4h |
| push eax |
| push ebp |
| push 00420690h |
| call dword ptr [0040717Ch] |
| push 0040937Ch |
| push 004281E0h |
| call 00007FD7CC7C7407h |
| call dword ptr [00407134h] |
| mov ebx, 00434000h |
| push eax |
| push ebx |
| call 00007FD7CC7C73F5h |
| push ebp |
| call dword ptr [0040710Ch] |
| cmp word ptr [00434000h], 0022h |
| mov dword ptr [004291E0h], eax |
| mov eax, ebx |
| jne 00007FD7CC7C48EAh |
| push 00000022h |
| mov eax, 00434002h |
| pop esi |
| push esi |
| push eax |
| call 00007FD7CC7C6E46h |
| push eax |
| call dword ptr [00407240h] |
| mov dword ptr [esp+18h], eax |
| jmp 00007FD7CC7C49AEh |
| push 00000020h |
| pop edx |
| cmp cx, dx |
| jne 00007FD7CC7C48E9h |
| inc eax |
| inc eax |
| cmp word ptr [eax], dx |
| je 00007FD7CC7C48DBh |
| add word ptr [eax], 0000h |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x7494 | 0xb4 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5f000 | 0x43188 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x7000 | 0x2b8 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x5e68 | 0x6000 | 2f6554958e1a5093777de617d6e0bffc | False | 0.6566162109375 | data | 6.419811957742583 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x7000 | 0x1354 | 0x1400 | 2222fe44ebbadbc32af32dfc9c88e48e | False | 0.4306640625 | data | 5.037511188789184 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x9000 | 0x202d8 | 0x600 | 9587277f9a9b39e2caf86eae07909d87 | False | 0.4733072916666667 | data | 3.757932017065988 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x2a000 | 0x35000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x5f000 | 0x43188 | 0x43200 | ad79ab7bc0418c21ba04b90eb50d4a0c | False | 0.18500494646182494 | data | 4.605797713668011 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_BITMAP | 0x5f2b0 | 0x368 | Device independent bitmap graphic, 96 x 16 x 4, image size 768 | English | United States | 0.23623853211009174 |
| RT_ICON | 0x5f618 | 0x42028 | Device independent bitmap graphic, 256 x 512 x 32, image size 270336 | English | United States | 0.1810552711779152 |
| RT_DIALOG | 0xa1640 | 0x144 | data | English | United States | 0.5216049382716049 |
| RT_DIALOG | 0xa1788 | 0x13c | data | English | United States | 0.5506329113924051 |
| RT_DIALOG | 0xa18c8 | 0x100 | data | English | United States | 0.5234375 |
| RT_DIALOG | 0xa19c8 | 0x11c | data | English | United States | 0.6091549295774648 |
| RT_DIALOG | 0xa1ae8 | 0xc4 | data | English | United States | 0.5918367346938775 |
| RT_DIALOG | 0xa1bb0 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0xa1c10 | 0x14 | data | English | United States | 1.1 |
| RT_VERSION | 0xa1c28 | 0x258 | data | English | United States | 0.5216666666666666 |
| RT_MANIFEST | 0xa1e80 | 0x305 | XML 1.0 document, ASCII text, with very long lines (773), with no line terminators | English | United States | 0.5614489003880984 |
| DLL | Import |
|---|---|
| KERNEL32.dll | CompareFileTime, SearchPathW, SetFileTime, CloseHandle, GetShortPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, GetFullPathNameW, CreateDirectoryW, Sleep, GetTickCount, CreateFileW, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, SetFileAttributesW, ExpandEnvironmentStringsW, SetErrorMode, LoadLibraryW, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, lstrcpyA, lstrcpyW, lstrcatW, GetSystemDirectoryW, GetVersion, GetProcAddress, LoadLibraryA, GetModuleHandleA, GetModuleHandleW, lstrcmpiW, lstrcmpW, WaitForSingleObject, GlobalFree, GlobalAlloc, LoadLibraryExW, GetExitCodeProcess, FreeLibrary, WritePrivateProfileStringW, GetCommandLineW, GetTempPathW, GetPrivateProfileStringW, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, WriteFile, lstrlenA, WideCharToMultiByte |
| USER32.dll | EndDialog, ScreenToClient, GetWindowRect, RegisterClassW, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, wsprintfW, CreateWindowExW, SystemParametersInfoW, AppendMenuW, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, GetDC, SetWindowLongW, LoadImageW, SendMessageTimeoutW, FindWindowExW, EmptyClipboard, OpenClipboard, TrackPopupMenu, EndPaint, ShowWindow, GetDlgItem, IsWindow, SetForegroundWindow |
| GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
| SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW |
| ADVAPI32.dll | RegCloseKey, RegOpenKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
| COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
| ole32.dll | CoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize |
| VERSION.dll | GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-03T15:22:42.735160+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.7 | 49780 | 172.217.19.174 | 443 | TCP |
| 2024-12-03T15:22:51.057369+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.7 | 49802 | 132.226.247.73 | 80 | TCP |
| 2024-12-03T15:22:59.588677+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.7 | 49802 | 132.226.247.73 | 80 | TCP |
| 2024-12-03T15:23:01.791954+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.7 | 49830 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:04.323085+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.7 | 49838 | 132.226.247.73 | 80 | TCP |
| 2024-12-03T15:23:06.396891+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.7 | 49844 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:08.010701+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.7 | 49850 | 132.226.247.73 | 80 | TCP |
| 2024-12-03T15:23:10.145994+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.7 | 49852 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:13.917148+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.7 | 49863 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:17.893806+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.7 | 49875 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:21.905465+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.7 | 49883 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:25.604826+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.7 | 49894 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:29.303112+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.7 | 49903 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:32.999234+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.7 | 49913 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:37.577523+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.7 | 49925 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:41.186381+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.7 | 49935 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:44.858088+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.7 | 49943 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:48.483823+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.7 | 49951 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:52.010679+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.7 | 49962 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:55.703363+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.7 | 49968 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:23:59.435944+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.7 | 49978 | 149.154.167.220 | 443 | TCP |
| 2024-12-03T15:24:05.296567+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.7 | 49980 | 149.154.167.220 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 3, 2024 15:22:40.018177032 CET | 49780 | 443 | 192.168.2.7 | 172.217.19.174 |
| Dec 3, 2024 15:22:40.018229008 CET | 443 | 49780 | 172.217.19.174 | 192.168.2.7 |
| Dec 3, 2024 15:22:40.018384933 CET | 49780 | 443 | 192.168.2.7 | 172.217.19.174 |
| Dec 3, 2024 15:22:40.029048920 CET | 49780 | 443 | 192.168.2.7 | 172.217.19.174 |
| Dec 3, 2024 15:22:40.029062033 CET | 443 | 49780 | 172.217.19.174 | 192.168.2.7 |
| Dec 3, 2024 15:22:41.823081970 CET | 443 | 49780 | 172.217.19.174 | 192.168.2.7 |
| Dec 3, 2024 15:22:41.823190928 CET | 49780 | 443 | 192.168.2.7 | 172.217.19.174 |
| Dec 3, 2024 15:22:41.823931932 CET | 443 | 49780 | 172.217.19.174 | 192.168.2.7 |
| Dec 3, 2024 15:22:41.823990107 CET | 49780 | 443 | 192.168.2.7 | 172.217.19.174 |
| Dec 3, 2024 15:22:41.889066935 CET | 49780 | 443 | 192.168.2.7 | 172.217.19.174 |
| Dec 3, 2024 15:22:41.889097929 CET | 443 | 49780 | 172.217.19.174 | 192.168.2.7 |
| Dec 3, 2024 15:22:41.889385939 CET | 443 | 49780 | 172.217.19.174 | 192.168.2.7 |
| Dec 3, 2024 15:22:41.889437914 CET | 49780 | 443 | 192.168.2.7 | 172.217.19.174 |
| Dec 3, 2024 15:22:41.894035101 CET | 49780 | 443 | 192.168.2.7 | 172.217.19.174 |
| Dec 3, 2024 15:22:41.935331106 CET | 443 | 49780 | 172.217.19.174 | 192.168.2.7 |
| Dec 3, 2024 15:22:42.735156059 CET | 443 | 49780 | 172.217.19.174 | 192.168.2.7 |
| Dec 3, 2024 15:22:42.735268116 CET | 49780 | 443 | 192.168.2.7 | 172.217.19.174 |
| Dec 3, 2024 15:22:42.735300064 CET | 443 | 49780 | 172.217.19.174 | 192.168.2.7 |
| Dec 3, 2024 15:22:42.735354900 CET | 49780 | 443 | 192.168.2.7 | 172.217.19.174 |
| Dec 3, 2024 15:22:42.735547066 CET | 49780 | 443 | 192.168.2.7 | 172.217.19.174 |
| Dec 3, 2024 15:22:42.735593081 CET | 443 | 49780 | 172.217.19.174 | 192.168.2.7 |
| Dec 3, 2024 15:22:42.735645056 CET | 49780 | 443 | 192.168.2.7 | 172.217.19.174 |
| Dec 3, 2024 15:22:42.888720989 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:42.888747931 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:42.888824940 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:42.889153004 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:42.889163971 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:44.638675928 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:44.638784885 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:44.652261019 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:44.652295113 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:44.652631044 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:44.652802944 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:44.653234959 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:44.699327946 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:47.999346972 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:47.999427080 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.016175032 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.016258955 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.029124022 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.029202938 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.111013889 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.111195087 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.111217976 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.111265898 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.192044020 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.192154884 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.195756912 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.195816994 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.195936918 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.195981026 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.203753948 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.203813076 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.206793070 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.206851959 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.210711956 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.210772038 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.218498945 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.218584061 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.219882011 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.219932079 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.227725029 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.227782965 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.229199886 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.229247093 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.236979961 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.237040997 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.239118099 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.239166975 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.244702101 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.244760990 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.253360987 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.253408909 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.255877972 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.255920887 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.270976067 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.271025896 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.273488045 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.273533106 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.279474974 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.279527903 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.281083107 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.281126022 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.293178082 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.293227911 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.295834064 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.295882940 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.306715965 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.306767941 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.312074900 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.312119007 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.320061922 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.320107937 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.346259117 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.346304893 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.346359968 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.346395016 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.392915010 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.392973900 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.393152952 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.393198013 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.395417929 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.395541906 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.400250912 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.400321960 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.400372028 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.400408030 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.405169964 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.405214071 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.405316114 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.405358076 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.409802914 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.409862995 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.409991980 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.410034895 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.410043955 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.410079002 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.414254904 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.414294004 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.414426088 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.414463043 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.419805050 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.419855118 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.419976950 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.420013905 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.429100990 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.429150105 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.429280996 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.429431915 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.440629959 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.440694094 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.440951109 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.440992117 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.451652050 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.451704025 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.451766014 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.451809883 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.462986946 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.463040113 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.463118076 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.463160038 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.473304987 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.473371983 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.473468065 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.473507881 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.484536886 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.484586000 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.484647036 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.484848022 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.504359961 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.504442930 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.504466057 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.504501104 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.519287109 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.519349098 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.519447088 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.519489050 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.523375988 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.523423910 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.523497105 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.523540020 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.525468111 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.525511980 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.525612116 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.525649071 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.525660038 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.525698900 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.527544022 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.527616024 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.527669907 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.527715921 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.527717113 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.527724981 CET | 443 | 49789 | 142.250.181.97 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.527739048 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.527746916 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.527759075 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:48.527759075 CET | 49789 | 443 | 192.168.2.7 | 142.250.181.97 |
| Dec 3, 2024 15:22:49.032968044 CET | 49802 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:22:49.153645992 CET | 80 | 49802 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:22:49.153736115 CET | 49802 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:22:49.154123068 CET | 49802 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:22:49.274327993 CET | 80 | 49802 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:22:50.551172018 CET | 80 | 49802 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:22:50.555913925 CET | 49802 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:22:50.675990105 CET | 80 | 49802 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:22:51.015388012 CET | 80 | 49802 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:22:51.057368994 CET | 49802 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:22:51.407484055 CET | 49809 | 443 | 192.168.2.7 | 104.21.67.152 |
| Dec 3, 2024 15:22:51.407547951 CET | 443 | 49809 | 104.21.67.152 | 192.168.2.7 |
| Dec 3, 2024 15:22:51.407757998 CET | 49809 | 443 | 192.168.2.7 | 104.21.67.152 |
| Dec 3, 2024 15:22:51.410389900 CET | 49809 | 443 | 192.168.2.7 | 104.21.67.152 |
| Dec 3, 2024 15:22:51.410407066 CET | 443 | 49809 | 104.21.67.152 | 192.168.2.7 |
| Dec 3, 2024 15:22:52.723846912 CET | 443 | 49809 | 104.21.67.152 | 192.168.2.7 |
| Dec 3, 2024 15:22:52.723963976 CET | 49809 | 443 | 192.168.2.7 | 104.21.67.152 |
| Dec 3, 2024 15:22:52.728813887 CET | 49809 | 443 | 192.168.2.7 | 104.21.67.152 |
| Dec 3, 2024 15:22:52.728823900 CET | 443 | 49809 | 104.21.67.152 | 192.168.2.7 |
| Dec 3, 2024 15:22:52.729111910 CET | 443 | 49809 | 104.21.67.152 | 192.168.2.7 |
| Dec 3, 2024 15:22:52.734111071 CET | 49809 | 443 | 192.168.2.7 | 104.21.67.152 |
| Dec 3, 2024 15:22:52.775332928 CET | 443 | 49809 | 104.21.67.152 | 192.168.2.7 |
| Dec 3, 2024 15:22:53.194545031 CET | 443 | 49809 | 104.21.67.152 | 192.168.2.7 |
| Dec 3, 2024 15:22:53.194622993 CET | 443 | 49809 | 104.21.67.152 | 192.168.2.7 |
| Dec 3, 2024 15:22:53.194885969 CET | 49809 | 443 | 192.168.2.7 | 104.21.67.152 |
| Dec 3, 2024 15:22:53.201574087 CET | 49809 | 443 | 192.168.2.7 | 104.21.67.152 |
| Dec 3, 2024 15:22:59.094218969 CET | 49802 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:22:59.214165926 CET | 80 | 49802 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:22:59.545706034 CET | 80 | 49802 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:22:59.588676929 CET | 49802 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:22:59.691011906 CET | 49830 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:22:59.691063881 CET | 443 | 49830 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:22:59.691137075 CET | 49830 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:22:59.691638947 CET | 49830 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:22:59.691653967 CET | 443 | 49830 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:01.104878902 CET | 443 | 49830 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:01.104980946 CET | 49830 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:01.106849909 CET | 49830 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:01.106863022 CET | 443 | 49830 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:01.107161999 CET | 443 | 49830 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:01.109021902 CET | 49830 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:01.151336908 CET | 443 | 49830 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:01.151406050 CET | 49830 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:01.151426077 CET | 443 | 49830 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:01.792031050 CET | 443 | 49830 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:01.792119026 CET | 443 | 49830 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:01.792331934 CET | 49830 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:01.802897930 CET | 49830 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:02.633502007 CET | 49802 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:02.646265030 CET | 49838 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:02.754165888 CET | 80 | 49802 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:02.754234076 CET | 49802 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:02.766283989 CET | 80 | 49838 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:02.766411066 CET | 49838 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:02.797209978 CET | 49838 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:02.917531013 CET | 80 | 49838 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:04.279830933 CET | 80 | 49838 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:04.281546116 CET | 49844 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:04.281599045 CET | 443 | 49844 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:04.281672001 CET | 49844 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:04.282352924 CET | 49844 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:04.282370090 CET | 443 | 49844 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:04.323085070 CET | 49838 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:05.712460041 CET | 443 | 49844 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:05.738630056 CET | 49844 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:05.738653898 CET | 443 | 49844 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:05.738708973 CET | 49844 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:05.738718033 CET | 443 | 49844 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:06.396949053 CET | 443 | 49844 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:06.397043943 CET | 443 | 49844 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:06.397090912 CET | 49844 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:06.397605896 CET | 49844 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:06.401859045 CET | 49838 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:06.403207064 CET | 49850 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:06.523053885 CET | 80 | 49838 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:06.523184061 CET | 49838 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:06.523267031 CET | 80 | 49850 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:06.523371935 CET | 49850 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:06.543308020 CET | 49850 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:06.663300991 CET | 80 | 49850 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:07.970480919 CET | 80 | 49850 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:07.972215891 CET | 49852 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:07.972268105 CET | 443 | 49852 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:07.972362995 CET | 49852 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:07.972883940 CET | 49852 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:07.972907066 CET | 443 | 49852 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:08.010700941 CET | 49850 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:09.381624937 CET | 443 | 49852 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:09.406418085 CET | 49852 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:09.406445026 CET | 443 | 49852 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:09.406491995 CET | 49852 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:09.406500101 CET | 443 | 49852 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:10.146020889 CET | 443 | 49852 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:10.147479057 CET | 443 | 49852 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:10.150407076 CET | 49852 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:10.150747061 CET | 49852 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:10.155972004 CET | 49858 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:10.276159048 CET | 80 | 49858 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:10.276249886 CET | 49858 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:10.276627064 CET | 49858 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:10.397252083 CET | 80 | 49858 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:11.840050936 CET | 80 | 49858 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:11.841901064 CET | 49863 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:11.841942072 CET | 443 | 49863 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:11.842012882 CET | 49863 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:11.842472076 CET | 49863 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:11.842483044 CET | 443 | 49863 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:11.885591984 CET | 49858 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:13.262501955 CET | 443 | 49863 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:13.264586926 CET | 49863 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:13.264604092 CET | 443 | 49863 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:13.264678955 CET | 49863 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:13.264688969 CET | 443 | 49863 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:13.917196989 CET | 443 | 49863 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:13.917285919 CET | 443 | 49863 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:13.917367935 CET | 49863 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:13.917957067 CET | 49863 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:13.921253920 CET | 49858 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:13.922532082 CET | 49869 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:14.042160988 CET | 80 | 49858 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:14.042227030 CET | 49858 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:14.043237925 CET | 80 | 49869 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:14.043320894 CET | 49869 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:14.043550968 CET | 49869 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:14.163631916 CET | 80 | 49869 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:15.348351002 CET | 80 | 49869 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:15.350035906 CET | 49875 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:15.350097895 CET | 443 | 49875 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:15.350202084 CET | 49875 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:15.350527048 CET | 49875 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:15.350542068 CET | 443 | 49875 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:15.401201963 CET | 49869 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:17.110857010 CET | 443 | 49875 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:17.114381075 CET | 49875 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:17.114418983 CET | 443 | 49875 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:17.114624023 CET | 49875 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:17.114630938 CET | 443 | 49875 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:17.893846035 CET | 443 | 49875 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:17.894123077 CET | 443 | 49875 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:17.894233942 CET | 49875 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:17.894640923 CET | 49875 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:17.898015976 CET | 49869 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:17.899375916 CET | 49881 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:18.018541098 CET | 80 | 49869 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:18.018662930 CET | 49869 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:18.019599915 CET | 80 | 49881 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:18.019686937 CET | 49881 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:18.019983053 CET | 49881 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:18.141983986 CET | 80 | 49881 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:19.711443901 CET | 80 | 49881 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:19.713152885 CET | 49883 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:19.713196993 CET | 443 | 49883 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:19.713289022 CET | 49883 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:19.713778973 CET | 49883 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:19.713792086 CET | 443 | 49883 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:19.760796070 CET | 49881 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:21.258518934 CET | 443 | 49883 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:21.260555029 CET | 49883 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:21.260586977 CET | 443 | 49883 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:21.260689020 CET | 49883 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:21.260700941 CET | 443 | 49883 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:21.905534983 CET | 443 | 49883 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:21.905631065 CET | 443 | 49883 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:21.905716896 CET | 49883 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:21.906379938 CET | 49883 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:21.909940958 CET | 49881 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:21.911187887 CET | 49888 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:22.030195951 CET | 80 | 49881 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:22.030363083 CET | 49881 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:22.031197071 CET | 80 | 49888 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:22.031280994 CET | 49888 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:22.031601906 CET | 49888 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:22.151690960 CET | 80 | 49888 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:23.410410881 CET | 80 | 49888 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:23.411920071 CET | 49894 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:23.411968946 CET | 443 | 49894 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:23.412041903 CET | 49894 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:23.412373066 CET | 49894 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:23.412394047 CET | 443 | 49894 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:23.463773012 CET | 49888 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:24.894797087 CET | 443 | 49894 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:24.896927118 CET | 49894 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:24.896940947 CET | 443 | 49894 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:24.896995068 CET | 49894 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:24.897002935 CET | 443 | 49894 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:25.604897022 CET | 443 | 49894 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:25.604993105 CET | 443 | 49894 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:25.605061054 CET | 49894 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:25.605722904 CET | 49894 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:25.609353065 CET | 49888 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:25.610675097 CET | 49900 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:25.730094910 CET | 80 | 49888 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:25.730154991 CET | 49888 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:25.730593920 CET | 80 | 49900 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:25.730664968 CET | 49900 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:25.730920076 CET | 49900 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:25.851079941 CET | 80 | 49900 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:27.034535885 CET | 80 | 49900 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:27.036371946 CET | 49903 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:27.036416054 CET | 443 | 49903 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:27.036487103 CET | 49903 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:27.036803007 CET | 49903 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:27.036815882 CET | 443 | 49903 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:27.088763952 CET | 49900 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:28.566736937 CET | 443 | 49903 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:28.582169056 CET | 49903 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:28.582190990 CET | 443 | 49903 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:28.582252026 CET | 49903 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:28.582262039 CET | 443 | 49903 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:29.303159952 CET | 443 | 49903 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:29.303237915 CET | 443 | 49903 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:29.303324938 CET | 49903 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:29.316051960 CET | 49903 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:29.354928017 CET | 49900 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:29.359453917 CET | 49908 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:29.475199938 CET | 80 | 49900 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:29.475337982 CET | 49900 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:29.479443073 CET | 80 | 49908 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:29.479530096 CET | 49908 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:29.479759932 CET | 49908 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:29.599695921 CET | 80 | 49908 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:30.923572063 CET | 80 | 49908 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:30.924959898 CET | 49913 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:30.925005913 CET | 443 | 49913 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:30.925067902 CET | 49913 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:30.925365925 CET | 49913 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:30.925379992 CET | 443 | 49913 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:30.963809013 CET | 49908 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:32.334507942 CET | 443 | 49913 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:32.346354961 CET | 49913 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:32.346384048 CET | 443 | 49913 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:32.346436977 CET | 49913 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:32.346445084 CET | 443 | 49913 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:32.999257088 CET | 443 | 49913 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:32.999425888 CET | 443 | 49913 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:32.999509096 CET | 49913 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:33.005228996 CET | 49913 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:33.009569883 CET | 49908 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:33.011101007 CET | 49919 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:33.131138086 CET | 80 | 49919 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:33.131279945 CET | 49919 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:33.133579016 CET | 80 | 49908 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:33.133644104 CET | 49908 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:34.010796070 CET | 49919 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:34.131445885 CET | 80 | 49919 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:34.131675959 CET | 49919 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:34.131933928 CET | 49919 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:34.251898050 CET | 80 | 49919 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:35.436189890 CET | 80 | 49919 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:35.451158047 CET | 49925 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:35.451210976 CET | 443 | 49925 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:35.451293945 CET | 49925 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:35.451741934 CET | 49925 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:35.451752901 CET | 443 | 49925 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:35.479427099 CET | 49919 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:36.859810114 CET | 443 | 49925 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:36.861763000 CET | 49925 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:36.861777067 CET | 443 | 49925 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:36.861833096 CET | 49925 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:36.861836910 CET | 443 | 49925 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:37.577528954 CET | 443 | 49925 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:37.577692032 CET | 443 | 49925 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:37.577750921 CET | 49925 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:37.578233004 CET | 49925 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:37.581573963 CET | 49919 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:37.583679914 CET | 49931 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:37.702444077 CET | 80 | 49919 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:37.702605963 CET | 49919 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:37.704066992 CET | 80 | 49931 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:37.704164982 CET | 49931 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:37.704580069 CET | 49931 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:37.824500084 CET | 80 | 49931 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:39.064112902 CET | 80 | 49931 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:39.065753937 CET | 49935 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:39.065798044 CET | 443 | 49935 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:39.065866947 CET | 49935 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:39.066184044 CET | 49935 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:39.066201925 CET | 443 | 49935 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:39.104516983 CET | 49931 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:40.489152908 CET | 443 | 49935 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:40.541989088 CET | 49935 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:40.601248980 CET | 49935 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:40.601274014 CET | 443 | 49935 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:40.635381937 CET | 49935 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:40.635411978 CET | 443 | 49935 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:41.186564922 CET | 443 | 49935 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:41.186785936 CET | 443 | 49935 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:41.186840057 CET | 49935 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:41.187458992 CET | 49935 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:41.199634075 CET | 49931 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:41.201176882 CET | 49939 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:41.320470095 CET | 80 | 49931 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:41.320523024 CET | 49931 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:41.321182966 CET | 80 | 49939 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:41.321254969 CET | 49939 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:41.321688890 CET | 49939 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:41.441559076 CET | 80 | 49939 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:42.626117945 CET | 80 | 49939 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:42.627862930 CET | 49943 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:42.627899885 CET | 443 | 49943 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:42.627979040 CET | 49943 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:42.628282070 CET | 49943 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:42.628298044 CET | 443 | 49943 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:42.667047024 CET | 49939 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:44.088567972 CET | 443 | 49943 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:44.135726929 CET | 49943 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:44.244146109 CET | 49943 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:44.244169950 CET | 443 | 49943 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:44.244242907 CET | 49943 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:44.244259119 CET | 443 | 49943 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:44.858158112 CET | 443 | 49943 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:44.858254910 CET | 443 | 49943 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:44.858345032 CET | 49943 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:44.858938932 CET | 49943 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:44.862606049 CET | 49939 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:44.864384890 CET | 49948 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:44.983459949 CET | 80 | 49939 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:44.983772993 CET | 49939 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:44.984407902 CET | 80 | 49948 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:44.984545946 CET | 49948 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:44.984883070 CET | 49948 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:45.104984999 CET | 80 | 49948 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:46.335513115 CET | 80 | 49948 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:46.336869001 CET | 49951 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:46.336927891 CET | 443 | 49951 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:46.336983919 CET | 49951 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:46.337333918 CET | 49951 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:46.337361097 CET | 443 | 49951 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:46.378781080 CET | 49948 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:47.705626011 CET | 443 | 49951 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:47.709760904 CET | 49951 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:47.709794044 CET | 443 | 49951 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:47.709881067 CET | 49951 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:47.709891081 CET | 443 | 49951 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:48.483834982 CET | 443 | 49951 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:48.484046936 CET | 443 | 49951 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:48.484093904 CET | 49951 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:48.484513998 CET | 49951 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:48.487934113 CET | 49948 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:48.489293098 CET | 49956 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:48.608664989 CET | 80 | 49948 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:48.609155893 CET | 49948 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:48.609340906 CET | 80 | 49956 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:48.609437943 CET | 49956 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:48.609688997 CET | 49956 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:48.729612112 CET | 80 | 49956 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:50.005939960 CET | 80 | 49956 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:50.007353067 CET | 49962 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:50.007392883 CET | 443 | 49962 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:50.007469893 CET | 49962 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:50.007735014 CET | 49962 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:50.007749081 CET | 443 | 49962 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:50.057595015 CET | 49956 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:51.373985052 CET | 443 | 49962 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:51.375797033 CET | 49962 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:51.375819921 CET | 443 | 49962 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:51.375890970 CET | 49962 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:51.375900984 CET | 443 | 49962 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:52.010777950 CET | 443 | 49962 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:52.010894060 CET | 443 | 49962 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:52.010962963 CET | 49962 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:52.011574030 CET | 49962 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:52.039417028 CET | 49956 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:52.040663004 CET | 49966 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:52.160046101 CET | 80 | 49956 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:52.160144091 CET | 49956 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:52.160557985 CET | 80 | 49966 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:52.160644054 CET | 49966 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:52.160885096 CET | 49966 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:52.280826092 CET | 80 | 49966 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:53.559438944 CET | 80 | 49966 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:53.562375069 CET | 49968 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:53.562423944 CET | 443 | 49968 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:53.562603951 CET | 49968 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:53.563122988 CET | 49968 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:53.563136101 CET | 443 | 49968 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:53.604574919 CET | 49966 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:54.976423979 CET | 443 | 49968 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:54.978204012 CET | 49968 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:54.978221893 CET | 443 | 49968 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:54.978281975 CET | 49968 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:54.978292942 CET | 443 | 49968 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:55.703536987 CET | 443 | 49968 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:55.703721046 CET | 443 | 49968 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:55.703779936 CET | 49968 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:55.704108953 CET | 49968 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:55.708126068 CET | 49966 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:55.709693909 CET | 49973 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:55.829436064 CET | 80 | 49966 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:55.829504967 CET | 49966 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:55.829602003 CET | 80 | 49973 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:55.829669952 CET | 49973 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:55.829879045 CET | 49973 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:55.950133085 CET | 80 | 49973 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:57.136209011 CET | 80 | 49973 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:57.137563944 CET | 49978 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:57.137628078 CET | 443 | 49978 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:57.137701035 CET | 49978 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:57.138012886 CET | 49978 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:57.138026953 CET | 443 | 49978 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:57.182645082 CET | 49973 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:58.590523005 CET | 443 | 49978 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:58.593733072 CET | 49978 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:58.593750954 CET | 443 | 49978 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:58.593794107 CET | 49978 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:58.593800068 CET | 443 | 49978 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:59.435950041 CET | 443 | 49978 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:59.436079025 CET | 443 | 49978 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:23:59.436139107 CET | 49978 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:59.436557055 CET | 49978 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:23:59.440505981 CET | 49973 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:59.441287994 CET | 49979 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:59.560894966 CET | 80 | 49973 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:59.560957909 CET | 49973 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:59.561254025 CET | 80 | 49979 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:23:59.561331987 CET | 49979 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:59.561739922 CET | 49979 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:23:59.681790113 CET | 80 | 49979 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:24:00.913367987 CET | 80 | 49979 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:24:00.919672966 CET | 49980 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:24:00.919739008 CET | 443 | 49980 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:24:00.919821024 CET | 49980 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:24:00.920192957 CET | 49980 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:24:00.920218945 CET | 443 | 49980 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:24:00.963943005 CET | 49979 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:24:02.287229061 CET | 443 | 49980 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:24:02.338901043 CET | 49980 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:24:04.712009907 CET | 49980 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:24:04.712044954 CET | 443 | 49980 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:24:04.712114096 CET | 49980 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:24:04.712121010 CET | 443 | 49980 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:24:05.296610117 CET | 443 | 49980 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:24:05.296691895 CET | 443 | 49980 | 149.154.167.220 | 192.168.2.7 |
| Dec 3, 2024 15:24:05.296972990 CET | 49980 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:24:05.297314882 CET | 49980 | 443 | 192.168.2.7 | 149.154.167.220 |
| Dec 3, 2024 15:24:05.300239086 CET | 49979 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:24:05.301417112 CET | 49981 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:24:05.421333075 CET | 80 | 49979 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:24:05.421427965 CET | 80 | 49981 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:24:05.423446894 CET | 49979 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:24:05.423635960 CET | 49981 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:24:05.423635960 CET | 49981 | 80 | 192.168.2.7 | 132.226.247.73 |
| Dec 3, 2024 15:24:05.543690920 CET | 80 | 49981 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:24:06.803620100 CET | 80 | 49981 | 132.226.247.73 | 192.168.2.7 |
| Dec 3, 2024 15:24:06.854551077 CET | 49981 | 80 | 192.168.2.7 | 132.226.247.73 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 3, 2024 15:22:39.869385004 CET | 59249 | 53 | 192.168.2.7 | 1.1.1.1 |
| Dec 3, 2024 15:22:40.007324934 CET | 53 | 59249 | 1.1.1.1 | 192.168.2.7 |
| Dec 3, 2024 15:22:42.750113964 CET | 52580 | 53 | 192.168.2.7 | 1.1.1.1 |
| Dec 3, 2024 15:22:42.887569904 CET | 53 | 52580 | 1.1.1.1 | 192.168.2.7 |
| Dec 3, 2024 15:22:48.890260935 CET | 49635 | 53 | 192.168.2.7 | 1.1.1.1 |
| Dec 3, 2024 15:22:49.027896881 CET | 53 | 49635 | 1.1.1.1 | 192.168.2.7 |
| Dec 3, 2024 15:22:51.267581940 CET | 59780 | 53 | 192.168.2.7 | 1.1.1.1 |
| Dec 3, 2024 15:22:51.406538963 CET | 53 | 59780 | 1.1.1.1 | 192.168.2.7 |
| Dec 3, 2024 15:22:59.551228046 CET | 59023 | 53 | 192.168.2.7 | 1.1.1.1 |
| Dec 3, 2024 15:22:59.690095901 CET | 53 | 59023 | 1.1.1.1 | 192.168.2.7 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Dec 3, 2024 15:22:39.869385004 CET | 192.168.2.7 | 1.1.1.1 | 0x9d4c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 3, 2024 15:22:42.750113964 CET | 192.168.2.7 | 1.1.1.1 | 0x8159 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 3, 2024 15:22:48.890260935 CET | 192.168.2.7 | 1.1.1.1 | 0x640e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 3, 2024 15:22:51.267581940 CET | 192.168.2.7 | 1.1.1.1 | 0xba39 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 3, 2024 15:22:59.551228046 CET | 192.168.2.7 | 1.1.1.1 | 0x9bef | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Dec 3, 2024 15:22:40.007324934 CET | 1.1.1.1 | 192.168.2.7 | 0x9d4c | No error (0) | 172.217.19.174 | A (IP address) | IN (0x0001) | false | ||
| Dec 3, 2024 15:22:42.887569904 CET | 1.1.1.1 | 192.168.2.7 | 0x8159 | No error (0) | 142.250.181.97 | A (IP address) | IN (0x0001) | false | ||
| Dec 3, 2024 15:22:49.027896881 CET | 1.1.1.1 | 192.168.2.7 | 0x640e | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Dec 3, 2024 15:22:49.027896881 CET | 1.1.1.1 | 192.168.2.7 | 0x640e | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Dec 3, 2024 15:22:49.027896881 CET | 1.1.1.1 | 192.168.2.7 | 0x640e | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Dec 3, 2024 15:22:49.027896881 CET | 1.1.1.1 | 192.168.2.7 | 0x640e | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
| Dec 3, 2024 15:22:49.027896881 CET | 1.1.1.1 | 192.168.2.7 | 0x640e | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Dec 3, 2024 15:22:49.027896881 CET | 1.1.1.1 | 192.168.2.7 | 0x640e | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
| Dec 3, 2024 15:22:51.406538963 CET | 1.1.1.1 | 192.168.2.7 | 0xba39 | No error (0) | 104.21.67.152 | A (IP address) | IN (0x0001) | false | ||
| Dec 3, 2024 15:22:51.406538963 CET | 1.1.1.1 | 192.168.2.7 | 0xba39 | No error (0) | 172.67.177.134 | A (IP address) | IN (0x0001) | false | ||
| Dec 3, 2024 15:22:59.690095901 CET | 1.1.1.1 | 192.168.2.7 | 0x9bef | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.7 | 49802 | 132.226.247.73 | 80 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 3, 2024 15:22:49.154123068 CET | 151 | OUT | |
| Dec 3, 2024 15:22:50.551172018 CET | 321 | IN | |
| Dec 3, 2024 15:22:50.555913925 CET | 127 | OUT | |
| Dec 3, 2024 15:22:51.015388012 CET | 321 | IN | |
| Dec 3, 2024 15:22:59.094218969 CET | 127 | OUT | |
| Dec 3, 2024 15:22:59.545706034 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.7 | 49838 | 132.226.247.73 | 80 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 3, 2024 15:23:02.797209978 CET | 127 | OUT | |
| Dec 3, 2024 15:23:04.279830933 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.7 | 49850 | 132.226.247.73 | 80 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 3, 2024 15:23:06.543308020 CET | 127 | OUT | |
| Dec 3, 2024 15:23:07.970480919 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.7 | 49858 | 132.226.247.73 | 80 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 3, 2024 15:23:10.276627064 CET | 151 | OUT | |
| Dec 3, 2024 15:23:11.840050936 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.7 | 49869 | 132.226.247.73 | 80 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 3, 2024 15:23:14.043550968 CET | 151 | OUT | |
| Dec 3, 2024 15:23:15.348351002 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.7 | 49881 | 132.226.247.73 | 80 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 3, 2024 15:23:18.019983053 CET | 151 | OUT | |
| Dec 3, 2024 15:23:19.711443901 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.7 | 49888 | 132.226.247.73 | 80 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 3, 2024 15:23:22.031601906 CET | 151 | OUT | |
| Dec 3, 2024 15:23:23.410410881 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.7 | 49900 | 132.226.247.73 | 80 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 3, 2024 15:23:25.730920076 CET | 151 | OUT | |
| Dec 3, 2024 15:23:27.034535885 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.7 | 49908 | 132.226.247.73 | 80 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 3, 2024 15:23:29.479759932 CET | 151 | OUT | |
| Dec 3, 2024 15:23:30.923572063 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.7 | 49919 | 132.226.247.73 | 80 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 3, 2024 15:23:34.131933928 CET | 151 | OUT | |
| Dec 3, 2024 15:23:35.436189890 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.7 | 49931 | 132.226.247.73 | 80 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 3, 2024 15:23:37.704580069 CET | 151 | OUT | |
| Dec 3, 2024 15:23:39.064112902 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.7 | 49939 | 132.226.247.73 | 80 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 3, 2024 15:23:41.321688890 CET | 151 | OUT | |
| Dec 3, 2024 15:23:42.626117945 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.7 | 49948 | 132.226.247.73 | 80 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 3, 2024 15:23:44.984883070 CET | 151 | OUT | |
| Dec 3, 2024 15:23:46.335513115 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.7 | 49956 | 132.226.247.73 | 80 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 3, 2024 15:23:48.609688997 CET | 151 | OUT | |
| Dec 3, 2024 15:23:50.005939960 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.7 | 49966 | 132.226.247.73 | 80 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 3, 2024 15:23:52.160885096 CET | 151 | OUT | |
| Dec 3, 2024 15:23:53.559438944 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.7 | 49973 | 132.226.247.73 | 80 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 3, 2024 15:23:55.829879045 CET | 151 | OUT | |
| Dec 3, 2024 15:23:57.136209011 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.7 | 49979 | 132.226.247.73 | 80 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 3, 2024 15:23:59.561739922 CET | 151 | OUT | |
| Dec 3, 2024 15:24:00.913367987 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 17 | 192.168.2.7 | 49981 | 132.226.247.73 | 80 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 3, 2024 15:24:05.423635960 CET | 151 | OUT | |
| Dec 3, 2024 15:24:06.803620100 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.7 | 49780 | 172.217.19.174 | 443 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-03 14:22:41 UTC | 216 | OUT | |
| 2024-12-03 14:22:42 UTC | 1920 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.7 | 49789 | 142.250.181.97 | 443 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-03 14:22:44 UTC | 258 | OUT | |
| 2024-12-03 14:22:47 UTC | 4914 | IN | |
| 2024-12-03 14:22:48 UTC | 4914 | IN | |
| 2024-12-03 14:22:48 UTC | 4871 | IN | |
| 2024-12-03 14:22:48 UTC | 1321 | IN | |
| 2024-12-03 14:22:48 UTC | 1390 | IN | |
| 2024-12-03 14:22:48 UTC | 1390 | IN | |
| 2024-12-03 14:22:48 UTC | 1390 | IN | |
| 2024-12-03 14:22:48 UTC | 1390 | IN | |
| 2024-12-03 14:22:48 UTC | 1390 | IN | |
| 2024-12-03 14:22:48 UTC | 1390 | IN | |
| 2024-12-03 14:22:48 UTC | 1390 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.7 | 49809 | 104.21.67.152 | 443 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-03 14:22:52 UTC | 85 | OUT | |
| 2024-12-03 14:22:53 UTC | 878 | IN | |
| 2024-12-03 14:22:53 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.7 | 49830 | 149.154.167.220 | 443 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-03 14:23:01 UTC | 299 | OUT | |
| 2024-12-03 14:23:01 UTC | 1090 | OUT | |
| 2024-12-03 14:23:01 UTC | 388 | IN | |
| 2024-12-03 14:23:01 UTC | 544 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.7 | 49844 | 149.154.167.220 | 443 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-03 14:23:05 UTC | 299 | OUT | |
| 2024-12-03 14:23:05 UTC | 1090 | OUT | |
| 2024-12-03 14:23:06 UTC | 388 | IN | |
| 2024-12-03 14:23:06 UTC | 545 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.7 | 49852 | 149.154.167.220 | 443 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-03 14:23:09 UTC | 275 | OUT | |
| 2024-12-03 14:23:09 UTC | 1090 | OUT | |
| 2024-12-03 14:23:10 UTC | 388 | IN | |
| 2024-12-03 14:23:10 UTC | 544 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.7 | 49863 | 149.154.167.220 | 443 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-03 14:23:13 UTC | 275 | OUT | |
| 2024-12-03 14:23:13 UTC | 1090 | OUT | |
| 2024-12-03 14:23:13 UTC | 388 | IN | |
| 2024-12-03 14:23:13 UTC | 544 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.7 | 49875 | 149.154.167.220 | 443 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-03 14:23:17 UTC | 275 | OUT | |
| 2024-12-03 14:23:17 UTC | 1090 | OUT | |
| 2024-12-03 14:23:17 UTC | 388 | IN | |
| 2024-12-03 14:23:17 UTC | 544 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.7 | 49883 | 149.154.167.220 | 443 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-03 14:23:21 UTC | 275 | OUT | |
| 2024-12-03 14:23:21 UTC | 1090 | OUT | |
| 2024-12-03 14:23:21 UTC | 388 | IN | |
| 2024-12-03 14:23:21 UTC | 544 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.7 | 49894 | 149.154.167.220 | 443 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-03 14:23:24 UTC | 275 | OUT | |
| 2024-12-03 14:23:24 UTC | 1090 | OUT | |
| 2024-12-03 14:23:25 UTC | 388 | IN | |
| 2024-12-03 14:23:25 UTC | 544 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.7 | 49903 | 149.154.167.220 | 443 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-03 14:23:28 UTC | 275 | OUT | |
| 2024-12-03 14:23:28 UTC | 1090 | OUT | |
| 2024-12-03 14:23:29 UTC | 388 | IN | |
| 2024-12-03 14:23:29 UTC | 544 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.7 | 49913 | 149.154.167.220 | 443 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-03 14:23:32 UTC | 299 | OUT | |
| 2024-12-03 14:23:32 UTC | 1090 | OUT | |
| 2024-12-03 14:23:32 UTC | 388 | IN | |
| 2024-12-03 14:23:32 UTC | 544 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.7 | 49925 | 149.154.167.220 | 443 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-03 14:23:36 UTC | 275 | OUT | |
| 2024-12-03 14:23:36 UTC | 1090 | OUT | |
| 2024-12-03 14:23:37 UTC | 388 | IN | |
| 2024-12-03 14:23:37 UTC | 544 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.7 | 49935 | 149.154.167.220 | 443 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-03 14:23:40 UTC | 275 | OUT | |
| 2024-12-03 14:23:40 UTC | 1090 | OUT | |
| 2024-12-03 14:23:41 UTC | 388 | IN | |
| 2024-12-03 14:23:41 UTC | 544 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.7 | 49943 | 149.154.167.220 | 443 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-03 14:23:44 UTC | 275 | OUT | |
| 2024-12-03 14:23:44 UTC | 1090 | OUT | |
| 2024-12-03 14:23:44 UTC | 388 | IN | |
| 2024-12-03 14:23:44 UTC | 544 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.7 | 49951 | 149.154.167.220 | 443 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-03 14:23:47 UTC | 275 | OUT | |
| 2024-12-03 14:23:47 UTC | 1090 | OUT | |
| 2024-12-03 14:23:48 UTC | 388 | IN | |
| 2024-12-03 14:23:48 UTC | 544 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.7 | 49962 | 149.154.167.220 | 443 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-03 14:23:51 UTC | 299 | OUT | |
| 2024-12-03 14:23:51 UTC | 1090 | OUT | |
| 2024-12-03 14:23:52 UTC | 388 | IN | |
| 2024-12-03 14:23:52 UTC | 544 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 17 | 192.168.2.7 | 49968 | 149.154.167.220 | 443 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-03 14:23:54 UTC | 299 | OUT | |
| 2024-12-03 14:23:54 UTC | 1090 | OUT | |
| 2024-12-03 14:23:55 UTC | 388 | IN | |
| 2024-12-03 14:23:55 UTC | 544 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 18 | 192.168.2.7 | 49978 | 149.154.167.220 | 443 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-03 14:23:58 UTC | 299 | OUT | |
| 2024-12-03 14:23:58 UTC | 1090 | OUT | |
| 2024-12-03 14:23:59 UTC | 388 | IN | |
| 2024-12-03 14:23:59 UTC | 544 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 19 | 192.168.2.7 | 49980 | 149.154.167.220 | 443 | 7616 | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-03 14:24:04 UTC | 299 | OUT | |
| 2024-12-03 14:24:04 UTC | 1090 | OUT | |
| 2024-12-03 14:24:05 UTC | 388 | IN | |
| 2024-12-03 14:24:05 UTC | 544 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 5 |
| Start time: | 09:21:55 |
| Start date: | 03/12/2024 |
| Path: | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 734'480 bytes |
| MD5 hash: | 143EDB6C5C1E1A1E06695965F2B5CB74 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 10 |
| Start time: | 10:37:25 |
| Start date: | 03/12/2024 |
| Path: | C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 734'480 bytes |
| MD5 hash: | 143EDB6C5C1E1A1E06695965F2B5CB74 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 20.1% |
| Dynamic/Decrypted Code Coverage: | 15.2% |
| Signature Coverage: | 18.9% |
| Total number of Nodes: | 1510 |
| Total number of Limit Nodes: | 45 |
Graph
Function 0040335A Relevance: 75.6, APIs: 27, Strings: 16, Instructions: 335stringfilecomCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404B10 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F0C Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 207stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405772 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040653F Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004038B4 Relevance: 49.2, APIs: 15, Strings: 13, Instructions: 216stringregistrylibraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402DBC Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401752 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402573 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040317D Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402331 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405108 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405665 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406974 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406B75 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040688B Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406390 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004067DE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004068FC Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406848 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401F98 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401B22 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 10002868 Relevance: 3.2, APIs: 2, Instructions: 156COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401DC7 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405B56 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004026F9 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402253 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401718 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405BD9 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 1000278D Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404164 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040330F Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 1000121B Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004052D3 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004045CA Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 269stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402770 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004042CC Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 207windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405C08 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 136stringmemoryfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100022EB Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 134memorystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004024EE Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 54filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404196 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404A5E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402C7F Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 1000248D Relevance: 9.1, APIs: 6, Instructions: 108COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100018C1 Relevance: 7.7, APIs: 5, Instructions: 190COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 10001617 Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401CE5 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D41 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404978 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401BCA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405DB7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405935 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401F08 Relevance: 6.1, APIs: 4, Instructions: 55memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405981 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405ABB Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 11.3% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 7.6% |
| Total number of Nodes: | 278 |
| Total number of Limit Nodes: | 27 |
Graph
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37E5E600 Relevance: 3.3, Strings: 2, Instructions: 764COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF98D0 Relevance: 3.3, Strings: 2, Instructions: 758COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF6130 Relevance: .7, Instructions: 709COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DDA928 Relevance: .3, Instructions: 296COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0011E6A8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0011EC67 Relevance: .2, Instructions: 220COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF7E40 Relevance: .2, Instructions: 219COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF77F0 Relevance: .2, Instructions: 219COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF8490 Relevance: .2, Instructions: 218COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF71A8 Relevance: .2, Instructions: 218COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0011EFAF Relevance: .2, Instructions: 202COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF9572 Relevance: .2, Instructions: 192COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF6125 Relevance: .2, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF8481 Relevance: .2, Instructions: 167COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF77E0 Relevance: .1, Instructions: 111COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF7E30 Relevance: .1, Instructions: 108COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37E505F9 Relevance: 6.1, APIs: 4, Instructions: 133threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37E50608 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DFB028 Relevance: 3.9, Strings: 3, Instructions: 148COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0011FD8C Relevance: 1.6, APIs: 1, Instructions: 119COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0011FD98 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37E514E4 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37E5C420 Relevance: 1.6, APIs: 1, Instructions: 75comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37E50849 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DD5F0C Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37E50850 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37E5E538 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37E5C4BC Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37E5C410 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37E5D258 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37E51CB9 Relevance: 1.5, APIs: 1, Instructions: 46timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37E51CC0 Relevance: 1.5, APIs: 1, Instructions: 44timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF9C55 Relevance: .3, Instructions: 322COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF9C53 Relevance: .3, Instructions: 319COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DFF0F0 Relevance: .2, Instructions: 243COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DFE9B0 Relevance: .2, Instructions: 189COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF9FAF Relevance: .2, Instructions: 155COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF5400 Relevance: .1, Instructions: 147COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DFA709 Relevance: .1, Instructions: 143COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DFF0E1 Relevance: .1, Instructions: 128COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DFDED8 Relevance: .1, Instructions: 110COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DFEF52 Relevance: .1, Instructions: 98COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DFAA48 Relevance: .1, Instructions: 88COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DFE99F Relevance: .1, Instructions: 86COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DFAA39 Relevance: .1, Instructions: 78COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF53F0 Relevance: .1, Instructions: 76COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0009D3F0 Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD030 Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF6EC8 Relevance: .1, Instructions: 60COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF9498 Relevance: .1, Instructions: 60COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0009D3EB Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF94A8 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD02B Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DFDF91 Relevance: .0, Instructions: 50COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DFDAE4 Relevance: .0, Instructions: 50COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DFA931 Relevance: .0, Instructions: 47COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF70C8 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DFA940 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF70E8 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DFAFA8 Relevance: .0, Instructions: 34COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DFFEF8 Relevance: .0, Instructions: 27COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DFAA10 Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DFAB75 Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF70B8 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF9828 Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF6F94 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404B10 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040335A Relevance: 63.3, APIs: 27, Strings: 9, Instructions: 335stringfilecomCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405772 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 148filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF8AD8 Relevance: 11.7, Strings: 9, Instructions: 461COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF8ACA Relevance: 11.6, Strings: 9, Instructions: 366COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040653F Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF563F Relevance: .6, Instructions: 596COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DDCED8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DDA4D0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DDE6F0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DDCA80 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DDF850 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DDA078 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DDC628 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DD9C20 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DDC1D0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DD97C8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DDF3F8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DDEFA0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DDEB48 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DDBD78 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DD9370 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DDD330 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF46F8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF1EA8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF3E48 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF4FA8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF2CE8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF0498 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF15F8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF3598 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF0D48 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF42A0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF1A50 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF4B50 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF2300 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF08F0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF2890 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF0040 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF39F0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF11A0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DF3140 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36DFA6C7 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004052D3 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004038B4 Relevance: 40.5, APIs: 15, Strings: 8, Instructions: 216stringregistrylibraryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004042CC Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 207windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405C08 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 136stringmemoryfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004045CA Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 269stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402DBC Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 203memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F0C Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 207stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404196 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402573 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404A5E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402C7F Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040317D Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004024EE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54filestringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401CE5 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D41 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404978 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401BCA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004015B9 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401F08 Relevance: 6.1, APIs: 4, Instructions: 55memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405108 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405665 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406974 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406B75 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040688B Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406390 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004067DE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004068FC Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406848 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405ABB Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|