Edit tour
Windows
Analysis Report
Order NO 000293988494948595850000595995000.exe
Overview
General Information
| Sample name: | Order NO 000293988494948595850000595995000.exe |
| Analysis ID: | 1568069 |
| MD5: | 52131cce80de6868d4eb452ec3bcb91b |
| SHA1: | 4ce48ce0ac577aa4008359cc9178dfb1e9e95f25 |
| SHA256: | 935cbed36f8d1f6e18a988bc200c075039f4dc6ffb1a87e1a72c9f8b393fe4fa |
| Tags: | exeuser-lowmal3 |
| Infos: |  |
 | |
Detection
AgentTesla, GuLoader
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected GuLoader
AI detected suspicious sample
Initial sample is a PE file and has a suspicious name
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Classification
- System is w10x64
Order NO 000293988494948595850000595995000.exe (PID: 6996 cmdline:
"C:\Users\ user\Deskt op\Order N O 00029398 8494948595 8500005959 95000.exe" MD5: 52131CCE80DE6868D4EB452EC3BCB91B) "C:\Users\ user\Deskt op\Order N O 00029398 8494948595 8500005959 95000.exe" MD5: 52131CCE80DE6868D4EB452EC3BCB91B)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| Agent Tesla, AgentTesla | A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel. |
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
{"Exfil Mode": "FTP", "Host": "ftp://ftp.concaribe.com", "Username": "testi@concaribe.com", "Password": "ro}UWgz#!38E"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| Click to see the 1 entries | ||||
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-04T09:23:15.283334+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.7 | 49946 | 109.248.150.252 | 80 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Directory queried: | ||
| Source: | Code function: | 0_2_004069FF | |
| Source: | Code function: | 0_2_00405DAE | |
| Source: | Code function: | 0_2_00402930 | |
| Source: | Code function: | 11_2_00402930 | |
| Source: | Code function: | 11_2_004069FF | |
| Source: | Code function: | 11_2_00405DAE | |
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_00405866 | |
System Summary | |
|---|
| Source: | Static PE information: | ||
| Source: | Process Stats: | ||
| Source: | Code function: | 0_2_00403665 | |
| Source: | Code function: | 11_2_00403665 | |
| Source: | Code function: | 0_2_00406DC0 | |
| Source: | Code function: | 0_2_74331BFF | |
| Source: | Code function: | 11_2_00406DC0 | |
| Source: | Code function: | 11_2_0012B21D | |
| Source: | Code function: | 11_2_0012E360 | |
| Source: | Code function: | 11_2_00124A58 | |
| Source: | Code function: | 11_2_00123E40 | |
| Source: | Code function: | 11_2_0012417D | |
| Source: | Code function: | 11_2_00124188 | |
| Source: | Code function: | 11_2_3820BB90 | |
| Source: | Code function: | 11_2_3820A7DC | |
| Source: | Code function: | 11_2_38213158 | |
| Source: | Code function: | 11_2_3821C240 | |
| Source: | Code function: | 11_2_3821B2F0 | |
| Source: | Code function: | 11_2_382156A0 | |
| Source: | Code function: | 11_2_38210040 | |
| Source: | Code function: | 11_2_38212370 | |
| Source: | Code function: | 11_2_3821E468 | |
| Source: | Code function: | 11_2_38215DB7 | |
| Source: | Code function: | 11_2_38217760 | |
| Source: | Code function: | 11_2_385E2B98 | |
| Source: | Code function: | 11_2_3821001C | |
| Source: | Code function: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_00403665 | |
| Source: | Code function: | 11_2_00403665 | |
| Source: | Code function: | 0_2_00404B12 | |
| Source: | Code function: | 0_2_004021CF | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | File written: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | Code function: | 0_2_74331BFF | |
| Source: | Code function: | 0_2_743330EE | |
| Source: | Code function: | 11_2_00120C52 | |
| Source: | Code function: | 11_2_00120C52 | |
| Source: | Code function: | 11_2_00120C7A | |
| Source: | Code function: | 11_2_38203FD5 | |
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | WMI Queries: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | API coverage: | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Code function: | 0_2_004069FF | |
| Source: | Code function: | 0_2_00405DAE | |
| Source: | Code function: | 0_2_00402930 | |
| Source: | Code function: | 11_2_00402930 | |
| Source: | Code function: | 11_2_004069FF | |
| Source: | Code function: | 11_2_00405DAE | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-4397 | ||
| Source: | API call chain: | graph_0-4400 | ||
| Source: | Code function: | 0_2_74331BFF | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00403665 | |
| Source: | Key value queried: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Directory queried: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 121 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | 2 OS Credential Dumping | 13 File and Directory Discovery | Remote Services | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | 1 Native API | 1 Registry Run Keys / Startup Folder | 1 Access Token Manipulation | 1 Deobfuscate/Decode Files or Information | 1 Credentials in Registry | 226 System Information Discovery | Remote Desktop Protocol | 2 Data from Local System | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 11 Process Injection | 2 Obfuscated Files or Information | Security Account Manager | 311 Security Software Discovery | SMB/Windows Admin Shares | 1 Email Collection | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | NTDS | 141 Virtualization/Sandbox Evasion | Distributed Component Object Model | 1 Clipboard Data | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Masquerading | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 141 Virtualization/Sandbox Evasion | Cached Domain Credentials | 1 System Network Configuration Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Access Token Manipulation | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 11 Process Injection | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 5% | ReversingLabs | |||
| 18% | Virustotal | Browse |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Avira URL Cloud | malware | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| api.ipify.org | 104.26.12.205 | true | false | high | |
| concaribe.com | 192.185.13.234 | true | true | unknown | |
| ftp.concaribe.com | unknown | unknown | true | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 104.26.12.205 | api.ipify.org | United States | 13335 | CLOUDFLARENETUS | false | |
| 192.185.13.234 | concaribe.com | United States | 46606 | UNIFIEDLAYER-AS-1US | true | |
| 109.248.150.252 | unknown | Russian Federation | 52048 | DATACLUBLV | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1568069 |
| Start date and time: | 2024-12-04 09:20:13 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 9m 0s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 15 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Order NO 000293988494948595850000595995000.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/7@2/3 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryDirectoryFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
- Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 04:44:03 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 104.26.12.205 | Get hash | malicious | Targeted Ransomware | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Xmrig | Browse |
| ||
| Get hash | malicious | RDPWrap Tool | Browse |
| ||
| Get hash | malicious | RDPWrap Tool | Browse |
| ||
| Get hash | malicious | RDPWrap Tool | Browse |
| ||
| Get hash | malicious | RDPWrap Tool | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| 192.185.13.234 | Get hash | malicious | AgentTesla, GuLoader | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| api.ipify.org | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla, DarkTortilla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla, DarkTortilla | Browse |
| ||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CLOUDFLARENETUS | Get hash | malicious | Neshta | Browse |
| |
| Get hash | malicious | Neshta | Browse |
| ||
| Get hash | malicious | Amadey, LummaC Stealer, Nymaim, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| DATACLUBLV | Get hash | malicious | Remcos | Browse |
| |
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | FormBook, GuLoader | Browse |
| ||
| Get hash | malicious | FormBook, GuLoader | Browse |
| ||
| Get hash | malicious | NoCry, XWorm | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| UNIFIEDLAYER-AS-1US | Get hash | malicious | Gafgyt, Mirai, Moobot, Okiru | Browse |
| |
| Get hash | malicious | HTMLPhisher, ReCaptcha Phish | Browse |
| ||
| Get hash | malicious | Captcha Phish | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Phisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Amadey, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nszD14F.tmp\System.dll | Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | ||
| Get hash | malicious | PureLog Stealer, zgRAT | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | FormBook, GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | FormBook, GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | FormBook, GuLoader | Browse | |||
| Get hash | malicious | FormBook, GuLoader | Browse |
| Process: | C:\Users\user\Desktop\Order NO 000293988494948595850000595995000.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 41 |
| Entropy (8bit): | 4.159517480745798 |
| Encrypted: | false |
| SSDEEP: | 3:aZxyzAXMD6WG4AQGNy:/sodMy |
| MD5: | 72AA3249175DB3140CA2417E0D3734AF |
| SHA1: | 26C42DF76BAE28052FE718345719D9C63C1D0CE5 |
| SHA-256: | 805937F3343642A10631ED3C4829F25DDFECB4EC9CB240D59C2BC8D57A9BFD83 |
| SHA-512: | 62B7380DB3DDCEB487C74400AE6640E4AECBAFBBFD9B5D30766EB14E04B968220A739D5E951EDC9D40EE649D2AEE7159258095D49A75E62890211FB64BD9FE59 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Order NO 000293988494948595850000595995000.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1252774 |
| Entropy (8bit): | 3.9994449299314123 |
| Encrypted: | false |
| SSDEEP: | 12288:iRo9PXD3Nfhpr5OHb4f5OoGgP33+BwWF2yA1ICOl:CCfBfLr5O |
| MD5: | A0CF69602A5D36796FC390BE81CC1FDD |
| SHA1: | 49AFBDE0DFF80EDB8817BD526996EC50276A5136 |
| SHA-256: | D8E89C18189DDB6B0E56DA881013DA275F5D200241B6ECDB1291FA321DE78CAB |
| SHA-512: | FF2AB542AD463CD8074F3239A47AD34F3EFE0C58304EB617074688851E99239E1B117DB9C1B31200886A753E069F6FD0598E86F1A913A65571B10BEC37F3294D |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Order NO 000293988494948595850000595995000.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 5.804946284177748 |
| Encrypted: | false |
| SSDEEP: | 192:ljHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZqE0QPi:R/Qlt7wiij/lMRv/9V4bfr |
| MD5: | 192639861E3DC2DC5C08BB8F8C7260D5 |
| SHA1: | 58D30E460609E22FA0098BC27D928B689EF9AF78 |
| SHA-256: | 23D618A0293C78CE00F7C6E6DD8B8923621DA7DD1F63A070163EF4C0EC3033D6 |
| SHA-512: | 6E573D8B2EF6ED719E271FD0B2FD9CD451F61FC9A9459330108D6D7A65A0F64016303318CAD787AA1D5334BA670D8F1C7C13074E1BE550B4A316963ECC465CDC |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\Order NO 000293988494948595850000595995000.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 94010 |
| Entropy (8bit): | 1.2383342979277752 |
| Encrypted: | false |
| SSDEEP: | 768:i9qrj3bsBMZsVMzeC+Uo6XHavWZQvXee9rq:xk2hQNrq |
| MD5: | 9F64F450771196B87786BE2512310627 |
| SHA1: | 3A8ED73D8F37B79E1825CECA4E9FAF95CD69C41E |
| SHA-256: | 2B3AEEDC78F7BF296454E5D28457B9B19F081DC637FE0680C748B3D670BA3395 |
| SHA-512: | 1558AFC4DE1058307867C54BDF660422D2117D5FDF47B6C141E68F701F1770048D3D5AB99895AAA4F058304B0BB24EA89BDFCB1381FECD7775D4BF65055B9CB3 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Order NO 000293988494948595850000595995000.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 208846 |
| Entropy (8bit): | 7.495148047115551 |
| Encrypted: | false |
| SSDEEP: | 6144:/BIrdAaw4NDAnFZOKXsD3eOi3k17pcwdpr5O5/1c:89PXD3Nfhpr5OHc |
| MD5: | 07D4918EDABFDD5FE9E58BF1D7F85AB3 |
| SHA1: | 4D730609AC7234EF2A9962D36D9D4E99DBC73868 |
| SHA-256: | 20DC2BE7389F4F1961B60ED70D1AF57C47A9DEEF9ABA2D2101E4CE4AADF11E06 |
| SHA-512: | A8F25E526B581651D9AE3F862AB5D9CD52531BD615C895FC3F84F216A1D2EB97C9B40E10B162308EAAF583F8C70C9605F6291CC09A965CA4FF4545577F64500C |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Order NO 000293988494948595850000595995000.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 446842 |
| Entropy (8bit): | 2.652046629876639 |
| Encrypted: | false |
| SSDEEP: | 1536:2Ocq92oEYvMX/pi98CBDfaCzJ3/m/A9820WYH8Szyt+SoeDYLcFNcChEMQYNcFr9:9NCVJ5m3oGpAbP33+BQLWF2yjE1Ipkp |
| MD5: | 9F5FF2B911941F49BB1E95C9EB879200 |
| SHA1: | 133807F8968B8043ED2EFE92E72CCE953E515804 |
| SHA-256: | BB08A1BA4BED6B267E74796794DA545B748F743B4E4EFBD70661D344819A96BE |
| SHA-512: | E8CF3028D7B468DA197B4FD4AF5B2B88BEAC2349B3991440432CCCB722C521C88430C118DB81483621538D2516AEFECA305D1743EF927D42473BFFF8866B1052 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Order NO 000293988494948595850000595995000.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 480148 |
| Entropy (8bit): | 1.2440412261746137 |
| Encrypted: | false |
| SSDEEP: | 1536:JwEDT97SToCGRVFl5C1SX6/eibc4YMhoEw2T:eQcop5CP/eyYLEtT |
| MD5: | 4593D427554A1F61D609FF98908779B3 |
| SHA1: | F377A88EB1E9BD29DC1A2730EE3E85651D56C6A0 |
| SHA-256: | 2209B57FABE05E4E314D5FE84BC99892BC189F11B7793DD7F658E3D403D5FD3C |
| SHA-512: | 33A2F6E58DFC1AA7B38E4AA1085B8740CFF02E1A42DB09F46C0516C3F9D9526A6D94D8CF9A6204A289BD6D8110FFD59B6A338F0B81EE1612FD8FD7B29EF272C7 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.577193187226755 |
| TrID: |
|
| File name: | Order NO 000293988494948595850000595995000.exe |
| File size: | 615'420 bytes |
| MD5: | 52131cce80de6868d4eb452ec3bcb91b |
| SHA1: | 4ce48ce0ac577aa4008359cc9178dfb1e9e95f25 |
| SHA256: | 935cbed36f8d1f6e18a988bc200c075039f4dc6ffb1a87e1a72c9f8b393fe4fa |
| SHA512: | 88203976f238dc1f93c2bfa7ac255f77755bf0b692f45631d9e7ccc853ef89b8c1d3ddfd0fe86978409bee0f81ac03c81c11757ed2deadb29b3f4b495a1680bc |
| SSDEEP: | 12288:tHadcxTcho0xSH0dgsK4lU7MMJtkbgPtYDoZ:VadhaNUdgPsqJtkIYDoZ |
| TLSH: | B2D4E02126E2D863E38092789162E73D8EA1BD961971C2333BF56D9FB614F357C1C3A1 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN.*_...PN..PO.JPN.*_...PN..s~..PN..VH..PN.Rich.PN.........................PE..L....C.f.................h..."..... |
 | |
| Icon Hash: | 7b7b6a6666766633 |
| Entrypoint: | 0x403665 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x660843F7 [Sat Mar 30 16:55:19 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 9dda1a1d1f8a1d13ae0297b47046b26e |
| Instruction |
|---|
| sub esp, 000003F8h |
| push ebp |
| push esi |
| push edi |
| push 00000020h |
| pop edi |
| xor ebp, ebp |
| push 00008001h |
| mov dword ptr [esp+20h], ebp |
| mov dword ptr [esp+18h], 0040A230h |
| mov dword ptr [esp+14h], ebp |
| call dword ptr [004080A0h] |
| mov esi, dword ptr [004080A4h] |
| lea eax, dword ptr [esp+34h] |
| push eax |
| mov dword ptr [esp+4Ch], ebp |
| mov dword ptr [esp+0000014Ch], ebp |
| mov dword ptr [esp+00000150h], ebp |
| mov dword ptr [esp+38h], 0000011Ch |
| call esi |
| test eax, eax |
| jne 00007FF130BFA6DAh |
| lea eax, dword ptr [esp+34h] |
| mov dword ptr [esp+34h], 00000114h |
| push eax |
| call esi |
| mov ax, word ptr [esp+48h] |
| mov ecx, dword ptr [esp+62h] |
| sub ax, 00000053h |
| add ecx, FFFFFFD0h |
| neg ax |
| sbb eax, eax |
| mov byte ptr [esp+0000014Eh], 00000004h |
| not eax |
| and eax, ecx |
| mov word ptr [esp+00000148h], ax |
| cmp dword ptr [esp+38h], 0Ah |
| jnc 00007FF130BFA6A8h |
| and word ptr [esp+42h], 0000h |
| mov eax, dword ptr [esp+40h] |
| movzx ecx, byte ptr [esp+3Ch] |
| mov dword ptr [00429B18h], eax |
| xor eax, eax |
| mov ah, byte ptr [esp+38h] |
| movzx eax, ax |
| or eax, ecx |
| xor ecx, ecx |
| mov ch, byte ptr [esp+00000148h] |
| movzx ecx, cx |
| shl eax, 10h |
| or eax, ecx |
| movzx ecx, byte ptr [esp+0000004Eh] |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x84fc | 0xa0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x50000 | 0x30ed8 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2a8 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x66d7 | 0x6800 | 4e97e586f167bf2d2eddcdba22e25c0e | False | 0.6615835336538461 | data | 6.441769857560007 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8000 | 0x1358 | 0x1400 | bd82d08a08da8783923a22b467699302 | False | 0.4431640625 | data | 5.103358601944578 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xa000 | 0x1fb78 | 0x600 | e411b225ac3cd03a5dad8143ae82958d | False | 0.5091145833333334 | data | 4.122928093833695 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x2a000 | 0x26000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x50000 | 0x30ed8 | 0x31000 | 31e8deac1d179a39ac604bee10e25c60 | False | 0.4523875956632653 | data | 6.027927468960251 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0x50388 | 0x10a00 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | English | United States | 0.2914121240601504 |
| RT_ICON | 0x60d88 | 0x9600 | Device independent bitmap graphic, 96 x 192 x 32, image size 38016 | English | United States | 0.341015625 |
| RT_ICON | 0x6a388 | 0x8000 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.99249267578125 |
| RT_ICON | 0x72388 | 0x5600 | Device independent bitmap graphic, 72 x 144 x 32, image size 21600 | English | United States | 0.36664244186046513 |
| RT_ICON | 0x77988 | 0x4400 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | English | United States | 0.40768612132352944 |
| RT_ICON | 0x7bd88 | 0x2600 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.42948190789473684 |
| RT_ICON | 0x7e388 | 0x1200 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.4815538194444444 |
| RT_ICON | 0x7f588 | 0xa00 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States | 0.55078125 |
| RT_ICON | 0x7ff88 | 0x600 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.4811197916666667 |
| RT_DIALOG | 0x80588 | 0x100 | data | English | United States | 0.5234375 |
| RT_DIALOG | 0x80688 | 0x11c | data | English | United States | 0.6056338028169014 |
| RT_DIALOG | 0x807a8 | 0xc4 | data | English | United States | 0.5918367346938775 |
| RT_DIALOG | 0x80870 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0x808d0 | 0x84 | data | English | United States | 0.6742424242424242 |
| RT_VERSION | 0x80958 | 0x23c | data | English | United States | 0.5314685314685315 |
| RT_MANIFEST | 0x80b98 | 0x33e | XML 1.0 document, ASCII text, with very long lines (830), with no line terminators | English | United States | 0.5542168674698795 |
| DLL | Import |
|---|---|
| ADVAPI32.dll | RegEnumValueW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegOpenKeyExW, RegCreateKeyExW |
| SHELL32.dll | SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW, ShellExecuteExW |
| ole32.dll | CoCreateInstance, OleUninitialize, OleInitialize, IIDFromString, CoTaskMemFree |
| COMCTL32.dll | ImageList_Destroy, ImageList_AddMasked, ImageList_Create |
| USER32.dll | MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, CreatePopupMenu, AppendMenuW, TrackPopupMenu, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, IsWindowEnabled, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CharPrevW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, CharNextA, wsprintfA, DispatchMessageW, CreateWindowExW, PeekMessageW, GetSystemMetrics |
| GDI32.dll | GetDeviceCaps, SetBkColor, SelectObject, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor |
| KERNEL32.dll | RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, WriteFile, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, Sleep, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, MulDiv, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, CopyFileW |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-04T09:23:15.283334+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.7 | 49946 | 109.248.150.252 | 80 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 4, 2024 09:23:13.873097897 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:13.992978096 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:13.993149042 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:13.994492054 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:14.114362955 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.283227921 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.283334017 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.283368111 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.283380985 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.283456087 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.283456087 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.283873081 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.283886909 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.283941031 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.363658905 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.363745928 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.363835096 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.363848925 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.363898039 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.364291906 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.364340067 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.403525114 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.403594971 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.403640032 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.403662920 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.407547951 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.407645941 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.407660007 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.407711983 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.484426022 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.484518051 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.484548092 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.484595060 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.488647938 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.488703012 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.488770008 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.488955975 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.497108936 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.497162104 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.497236013 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.497284889 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.505467892 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.505537033 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.505570889 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.505621910 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.513936043 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.513992071 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.514122963 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.514173031 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.565110922 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.565181017 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.565217018 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.565265894 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.569084883 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.569140911 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.569195986 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.569405079 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.576997042 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.577076912 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.577095032 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.577328920 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.584849119 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.584945917 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.584971905 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.586144924 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.592802048 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.592900038 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.592920065 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.593161106 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.600749969 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.600828886 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.600874901 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.600918055 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.608637094 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.608705997 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.608777046 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.608963013 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.616475105 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.616574049 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.685478926 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.685534000 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.685611010 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.685760021 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.689201117 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.689248085 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.690623045 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.690684080 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.690764904 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.690916061 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.698120117 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.698234081 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.698276043 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.698412895 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.705630064 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.705672026 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.705770016 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.705816984 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.713174105 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.713243008 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.713326931 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.713396072 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.720649958 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.720700979 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.720798969 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.720844030 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.727891922 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.727933884 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.728030920 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.728137970 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.734363079 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.734421015 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.734477043 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.734519005 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.740895033 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.740945101 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.741039038 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.741080046 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.746957064 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.747011900 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.766176939 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.766230106 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.766278028 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.766324043 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.768088102 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.768148899 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.768274069 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.768320084 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.771836042 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.771888018 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.773227930 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.773277044 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.773317099 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.773360968 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.777005911 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.777056932 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.777193069 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.777245045 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.780797958 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.780872107 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.780941963 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.780992031 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.784554958 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.784603119 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.784665108 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.784707069 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.788382053 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.788429976 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.788530111 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.788573980 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.792157888 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.792202950 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.792243958 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.792289972 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.795890093 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.795933008 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.796032906 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.796075106 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.799755096 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.799806118 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.799881935 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.799926043 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.803549051 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.803596973 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.803709030 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.803750038 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.807363987 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.807405949 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.902390003 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.902439117 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.902483940 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.902538061 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.904268026 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.904316902 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.904400110 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.904450893 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.908118963 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.908169031 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.908247948 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.908289909 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.911751986 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.911799908 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.911910057 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.911952019 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.915415049 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.915463924 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.915543079 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.915585041 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.919025898 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.919068098 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.919156075 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.919197083 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.922431946 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.922476053 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.922540903 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.922576904 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.925787926 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.925848007 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.925929070 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.925968885 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.929009914 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.929053068 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.929121971 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.929162979 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.932091951 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.932132006 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.932224035 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.932265997 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.935156107 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.935201883 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.935262918 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.935298920 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.938355923 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.938405991 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.938481092 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.938519955 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.941226006 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.941266060 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.941407919 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.941468000 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.944319963 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.944361925 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.944456100 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.944493055 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.947305918 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.947348118 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:15.947381973 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:15.947416067 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.003950119 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.004033089 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.004080057 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.004126072 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.005443096 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.005486965 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.005564928 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.005604029 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.010890007 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.010904074 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.010946989 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.013020039 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.013066053 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.013155937 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.013202906 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.015254974 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.015307903 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.015397072 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.015449047 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.017606020 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.017652035 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.017738104 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.017781019 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.020673990 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.020716906 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.020781994 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.020823002 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.023834944 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.023876905 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.024054050 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.024100065 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.026746988 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.026806116 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.026869059 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.026913881 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.029757977 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.029808998 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.029885054 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.030042887 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.032778025 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.032845974 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.032912016 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.032954931 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.035789967 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.035851002 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.035947084 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.035996914 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.038892031 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.038947105 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.039017916 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.039064884 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.041914940 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.041990042 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.042069912 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.042118073 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.044961929 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.045011044 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.045068979 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.045114994 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.047996998 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.048048019 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.048118114 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.048162937 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.050996065 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.051047087 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.051129103 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.051172972 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.053993940 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.054044008 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.054160118 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.054208040 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.057126999 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.057179928 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.057332039 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.057375908 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.060127020 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.060182095 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.060275078 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.060319901 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.063143969 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.063205957 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.063277960 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.063330889 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.066170931 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.066237926 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.066282988 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.066338062 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.069205999 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.069262028 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.069336891 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.069379091 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.072189093 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.072271109 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.072364092 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.072407961 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.124799967 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.124890089 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.124916077 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.124979019 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.125721931 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.125781059 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.125850916 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.125900984 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.128768921 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.128829956 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.128910065 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.128966093 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.132009983 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.132071972 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.132200956 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.132251024 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.134869099 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.134928942 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.135014057 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.135072947 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.137891054 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.137948990 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.138005018 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.138052940 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.140903950 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.140958071 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.141047001 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.141093016 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.143953085 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.144006014 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.144089937 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.144139051 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.147020102 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.147072077 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.147238970 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.147285938 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.150013924 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.150090933 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.150170088 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.150222063 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.153064013 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.153176069 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.153211117 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.153254986 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.156068087 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.156183958 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.156218052 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.156266928 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.157974005 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.158071041 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.158111095 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.158163071 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.159810066 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.159883022 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.160012960 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.160060883 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.161662102 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.161753893 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.161788940 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.161839008 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.163589001 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.163649082 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.163685083 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.163738012 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.165359974 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.165422916 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.165510893 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.165563107 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.167268991 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.167330027 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.167395115 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.167442083 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.169056892 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.169115067 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.169215918 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.169269085 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.170911074 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.170998096 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.171030045 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.171077967 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.172789097 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.172815084 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:23:16.172867060 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:16.172897100 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:23:17.421111107 CET | 49954 | 443 | 192.168.2.7 | 104.26.12.205 |
| Dec 4, 2024 09:23:17.421179056 CET | 443 | 49954 | 104.26.12.205 | 192.168.2.7 |
| Dec 4, 2024 09:23:17.421247959 CET | 49954 | 443 | 192.168.2.7 | 104.26.12.205 |
| Dec 4, 2024 09:23:17.468791962 CET | 49954 | 443 | 192.168.2.7 | 104.26.12.205 |
| Dec 4, 2024 09:23:17.468828917 CET | 443 | 49954 | 104.26.12.205 | 192.168.2.7 |
| Dec 4, 2024 09:23:18.736737967 CET | 443 | 49954 | 104.26.12.205 | 192.168.2.7 |
| Dec 4, 2024 09:23:18.737013102 CET | 49954 | 443 | 192.168.2.7 | 104.26.12.205 |
| Dec 4, 2024 09:23:18.738925934 CET | 49954 | 443 | 192.168.2.7 | 104.26.12.205 |
| Dec 4, 2024 09:23:18.738945961 CET | 443 | 49954 | 104.26.12.205 | 192.168.2.7 |
| Dec 4, 2024 09:23:18.739207983 CET | 443 | 49954 | 104.26.12.205 | 192.168.2.7 |
| Dec 4, 2024 09:23:18.781276941 CET | 49954 | 443 | 192.168.2.7 | 104.26.12.205 |
| Dec 4, 2024 09:23:19.151343107 CET | 49954 | 443 | 192.168.2.7 | 104.26.12.205 |
| Dec 4, 2024 09:23:19.199332952 CET | 443 | 49954 | 104.26.12.205 | 192.168.2.7 |
| Dec 4, 2024 09:23:19.485344887 CET | 443 | 49954 | 104.26.12.205 | 192.168.2.7 |
| Dec 4, 2024 09:23:19.485409021 CET | 443 | 49954 | 104.26.12.205 | 192.168.2.7 |
| Dec 4, 2024 09:23:19.485454082 CET | 49954 | 443 | 192.168.2.7 | 104.26.12.205 |
| Dec 4, 2024 09:23:19.491343021 CET | 49954 | 443 | 192.168.2.7 | 104.26.12.205 |
| Dec 4, 2024 09:23:21.884433031 CET | 49963 | 21 | 192.168.2.7 | 192.185.13.234 |
| Dec 4, 2024 09:23:22.004422903 CET | 21 | 49963 | 192.185.13.234 | 192.168.2.7 |
| Dec 4, 2024 09:23:22.004565954 CET | 49963 | 21 | 192.168.2.7 | 192.185.13.234 |
| Dec 4, 2024 09:23:22.008858919 CET | 49963 | 21 | 192.168.2.7 | 192.185.13.234 |
| Dec 4, 2024 09:23:22.128967047 CET | 21 | 49963 | 192.185.13.234 | 192.168.2.7 |
| Dec 4, 2024 09:23:22.129054070 CET | 49963 | 21 | 192.168.2.7 | 192.185.13.234 |
| Dec 4, 2024 09:25:03.870249033 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Dec 4, 2024 09:25:03.990768909 CET | 80 | 49946 | 109.248.150.252 | 192.168.2.7 |
| Dec 4, 2024 09:25:03.990896940 CET | 49946 | 80 | 192.168.2.7 | 109.248.150.252 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 4, 2024 09:23:17.265150070 CET | 51496 | 53 | 192.168.2.7 | 1.1.1.1 |
| Dec 4, 2024 09:23:17.404616117 CET | 53 | 51496 | 1.1.1.1 | 192.168.2.7 |
| Dec 4, 2024 09:23:21.143016100 CET | 55448 | 53 | 192.168.2.7 | 1.1.1.1 |
| Dec 4, 2024 09:23:21.883215904 CET | 53 | 55448 | 1.1.1.1 | 192.168.2.7 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Dec 4, 2024 09:23:17.265150070 CET | 192.168.2.7 | 1.1.1.1 | 0xbc6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 4, 2024 09:23:21.143016100 CET | 192.168.2.7 | 1.1.1.1 | 0xec9f | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Dec 4, 2024 09:23:17.404616117 CET | 1.1.1.1 | 192.168.2.7 | 0xbc6 | No error (0) | 104.26.12.205 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2024 09:23:17.404616117 CET | 1.1.1.1 | 192.168.2.7 | 0xbc6 | No error (0) | 172.67.74.152 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2024 09:23:17.404616117 CET | 1.1.1.1 | 192.168.2.7 | 0xbc6 | No error (0) | 104.26.13.205 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2024 09:23:21.883215904 CET | 1.1.1.1 | 192.168.2.7 | 0xec9f | No error (0) | concaribe.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Dec 4, 2024 09:23:21.883215904 CET | 1.1.1.1 | 192.168.2.7 | 0xec9f | No error (0) | 192.185.13.234 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.7 | 49946 | 109.248.150.252 | 80 | 7972 | C:\Users\user\Desktop\Order NO 000293988494948595850000595995000.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 4, 2024 09:23:13.994492054 CET | 186 | OUT | |
| Dec 4, 2024 09:23:15.283227921 CET | 1236 | IN | |
| Dec 4, 2024 09:23:15.283368111 CET | 1236 | IN | |
| Dec 4, 2024 09:23:15.283380985 CET | 1236 | IN | |
| Dec 4, 2024 09:23:15.283873081 CET | 1236 | IN | |
| Dec 4, 2024 09:23:15.283886909 CET | 896 | IN | |
| Dec 4, 2024 09:23:15.363658905 CET | 1236 | IN | |
| Dec 4, 2024 09:23:15.363835096 CET | 1236 | IN | |
| Dec 4, 2024 09:23:15.363848925 CET | 1236 | IN | |
| Dec 4, 2024 09:23:15.364291906 CET | 672 | IN | |
| Dec 4, 2024 09:23:15.403525114 CET | 1236 | IN | |
| Dec 4, 2024 09:23:15.403594971 CET | 1236 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.7 | 49954 | 104.26.12.205 | 443 | 7972 | C:\Users\user\Desktop\Order NO 000293988494948595850000595995000.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-04 08:23:19 UTC | 155 | OUT | |
| 2024-12-04 08:23:19 UTC | 424 | IN | |
| 2024-12-04 08:23:19 UTC | 12 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 03:21:09 |
| Start date: | 04/12/2024 |
| Path: | C:\Users\user\Desktop\Order NO 000293988494948595850000595995000.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 615'420 bytes |
| MD5 hash: | 52131CCE80DE6868D4EB452EC3BCB91B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 11 |
| Start time: | 04:43:50 |
| Start date: | 04/12/2024 |
| Path: | C:\Users\user\Desktop\Order NO 000293988494948595850000595995000.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 615'420 bytes |
| MD5 hash: | 52131CCE80DE6868D4EB452EC3BCB91B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 16.4% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 16% |
| Total number of Nodes: | 1602 |
| Total number of Limit Nodes: | 36 |
Graph
Function 00403665 Relevance: 88.0, APIs: 32, Strings: 18, Instructions: 464stringfilecomCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 74331BFF Relevance: 20.1, APIs: 13, Instructions: 597stringlibrarymemoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405DAE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406DC0 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403D74 Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004030F5 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 204memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004066DF Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 204stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401794 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402711 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406A26 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004024AF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004071F5 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004073F6 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040710C Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406C11 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040705F Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040717D Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004070C9 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040349E Relevance: 4.6, APIs: 3, Instructions: 101COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004020FD Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401BC0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403396 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405BF6 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406192 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405C50 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 74332B98 Relevance: 1.6, APIs: 1, Instructions: 143memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004028B6 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004023D7 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406244 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406215 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 74332A7F Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040361D Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405866 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404B12 Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402930 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040508E Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 489windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404122 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004047E0 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 204windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004062E8 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404688 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 74332480 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 135memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404FDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402FB8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 74332655 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404ECE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 74331979 Relevance: 7.7, APIs: 5, Instructions: 194COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401DA6 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401E73 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 743316BD Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401C68 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F71 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 743310E1 Relevance: 6.4, APIs: 5, Instructions: 145memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402663 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406079 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040569B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406570 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405FBD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004060F7 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 7.6% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 0% |
| Total number of Nodes: | 81 |
| Total number of Limit Nodes: | 9 |
Graph
Function 38213158 Relevance: 9.3, Strings: 7, Instructions: 545COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38212370 Relevance: 3.5, Strings: 2, Instructions: 1040COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0012B21D Relevance: 3.0, Instructions: 3023COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0012E360 Relevance: 2.8, Strings: 2, Instructions: 337COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00124A58 Relevance: 2.8, Strings: 2, Instructions: 266COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00123E40 Relevance: 2.7, Strings: 2, Instructions: 238COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3821C240 Relevance: .6, Instructions: 632COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 382156A0 Relevance: .6, Instructions: 589COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3821B2F0 Relevance: .6, Instructions: 567COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3821B718 Relevance: 10.5, Strings: 8, Instructions: 463COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38203202 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 135threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38203210 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38214C68 Relevance: 6.4, Strings: 5, Instructions: 186COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38214C59 Relevance: 3.9, Strings: 3, Instructions: 143COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001287B9 Relevance: 3.1, Strings: 2, Instructions: 552COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00124A4D Relevance: 2.8, Strings: 2, Instructions: 260COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00123E34 Relevance: 2.7, Strings: 2, Instructions: 235COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38219200 Relevance: 2.7, Strings: 2, Instructions: 186COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001247D0 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001247C4 Relevance: 2.7, Strings: 2, Instructions: 178COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00126CA8 Relevance: 2.6, Strings: 2, Instructions: 132COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00126CA3 Relevance: 2.6, Strings: 2, Instructions: 130COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0012F2C6 Relevance: 1.5, Strings: 1, Instructions: 233COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 382146B8 Relevance: 1.5, Strings: 1, Instructions: 222COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 382146D0 Relevance: 1.5, Strings: 1, Instructions: 210COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00127CA0 Relevance: 1.4, Strings: 1, Instructions: 179COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00126E9B Relevance: 1.4, Strings: 1, Instructions: 176COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0012E7F9 Relevance: 1.4, Strings: 1, Instructions: 133COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3821DB7D Relevance: 1.4, Strings: 1, Instructions: 121COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0012F480 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 382121F8 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00127D58 Relevance: 1.4, Strings: 1, Instructions: 101COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0012269C Relevance: 1.3, Strings: 1, Instructions: 91COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001226A8 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00126B60 Relevance: 1.3, Strings: 1, Instructions: 73COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0012E298 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0012E2A8 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38213970 Relevance: 1.3, Strings: 1, Instructions: 55COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38213978 Relevance: 1.3, Strings: 1, Instructions: 52COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38218390 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0012DE58 Relevance: .3, Instructions: 256COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0012A26C Relevance: .2, Instructions: 249COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 382162C0 Relevance: .2, Instructions: 229COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38214399 Relevance: .2, Instructions: 225COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0012A750 Relevance: .2, Instructions: 217COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3821FC68 Relevance: .2, Instructions: 177COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3821FA18 Relevance: .2, Instructions: 167COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3821FA28 Relevance: .2, Instructions: 163COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0012A590 Relevance: .1, Instructions: 144COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00121108 Relevance: .1, Instructions: 141COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38215511 Relevance: .1, Instructions: 133COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0012EF10 Relevance: .1, Instructions: 120COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0012E998 Relevance: .1, Instructions: 112COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0012E988 Relevance: .1, Instructions: 107COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0012A58B Relevance: .1, Instructions: 104COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00121138 Relevance: .1, Instructions: 100COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00121343 Relevance: .1, Instructions: 100COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0012081E Relevance: .1, Instructions: 97COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00121780 Relevance: .1, Instructions: 90COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00121660 Relevance: .1, Instructions: 87COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00127E71 Relevance: .1, Instructions: 86COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0012A100 Relevance: .1, Instructions: 84COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38213B98 Relevance: .1, Instructions: 81COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38213BA8 Relevance: .1, Instructions: 78COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0012A110 Relevance: .1, Instructions: 78COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00124F48 Relevance: .1, Instructions: 76COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0012A000 Relevance: .1, Instructions: 73COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD030 Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0012A010 Relevance: .1, Instructions: 70COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00121848 Relevance: .1, Instructions: 70COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00121670 Relevance: .1, Instructions: 69COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00121839 Relevance: .1, Instructions: 68COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00124F58 Relevance: .1, Instructions: 68COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001207F9 Relevance: .1, Instructions: 67COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00120848 Relevance: .1, Instructions: 62COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3821EF0F Relevance: .1, Instructions: 60COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38213CB8 Relevance: .1, Instructions: 59COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3821EE51 Relevance: .1, Instructions: 57COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 382142F8 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00121453 Relevance: .1, Instructions: 55COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38213CA8 Relevance: .1, Instructions: 54COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD02B Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00121458 Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38214308 Relevance: .1, Instructions: 51COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3821EE60 Relevance: .0, Instructions: 49COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3821A3D8 Relevance: .0, Instructions: 46COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0012F208 Relevance: .0, Instructions: 43COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0012F210 Relevance: .0, Instructions: 41COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38216540 Relevance: .0, Instructions: 28COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0012E7D0 Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403665 Relevance: 74.0, APIs: 32, Strings: 10, Instructions: 464stringfilecomCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405DAE Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 148filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38217760 Relevance: 14.2, Strings: 11, Instructions: 468COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406DC0 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405866 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040508E Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404122 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403D74 Relevance: 38.7, APIs: 13, Strings: 9, Instructions: 215stringregistryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004047E0 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004062E8 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404B12 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004030F5 Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 204memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004066DF Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 204stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404688 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402711 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404FDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402FB8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3821AA00 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404ECE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406A26 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38217160 Relevance: 7.9, Strings: 6, Instructions: 405COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401DA6 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401E73 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401C68 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406079 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040569B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38218498 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004071F5 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004073F6 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040710C Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406C11 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040705F Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040717D Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004070C9 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 382188B0 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3821AD88 Relevance: 5.2, Strings: 4, Instructions: 167COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004060F7 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|