Edit tour
Windows
Analysis Report
Request for Quotation New collaboration.exe
Overview
General Information
| Sample name: | Request for Quotation New collaboration.exe |
| Analysis ID: | 1571272 |
| MD5: | 1e4847dd3c262a4303261601f0197a42 |
| SHA1: | eaa9a7dbdf8211dbe248b739480e349c0fb56583 |
| SHA256: | cb076958b9db298f34a9eeaafc4796f6d902b19b1696b76179db10612d371608 |
| Tags: | exeGuLoaderuser-adrian__luca |
| Infos: |  |
 | |
Detection
GuLoader, MassLogger RAT
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected MassLogger RAT
Yara detected Telegram RAT
AI detected suspicious sample
Disable Task Manager(disabletaskmgr)
Disables CMD prompt
Disables the Windows task manager (taskmgr)
Initial sample is a PE file and has a suspicious name
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Classification
- System is w10x64
Request for Quotation New collaboration.exe (PID: 2984 cmdline: "C:\Users\ user\Deskt op\Request for Quota tion New c ollaborati on.exe" MD5: 1E4847DD3C262A4303261601F0197A42) - Request for Quotation New collaboration.exe (PID: 2556 cmdline:
"C:\Users\ user\Deskt op\Request for Quota tion New c ollaborati on.exe" MD5: 1E4847DD3C262A4303261601F0197A42)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
{"C2 url": "https://api.telegram.org/bot7234679344:AAGl5nGx0Ytu5pL8H_Rv2nR7Ahy85jEjxEI/sendMessage"}{"EXfil Mode": "Telegram", "Telegram Token": "7234679344:AAGl5nGx0Ytu5pL8H_Rv2nR7Ahy85jEjxEI", "Telegram Chatid": "6897585916"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | ||
| Click to see the 2 entries | ||||
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-09T08:32:53.286833+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49732 | 149.154.167.220 | 443 | TCP |
| 2024-12-09T08:32:56.876763+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49739 | 149.154.167.220 | 443 | TCP |
| 2024-12-09T08:33:00.521871+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49750 | 149.154.167.220 | 443 | TCP |
| 2024-12-09T08:33:04.094949+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49758 | 149.154.167.220 | 443 | TCP |
| 2024-12-09T08:33:07.653342+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49770 | 149.154.167.220 | 443 | TCP |
| 2024-12-09T08:33:11.270293+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49780 | 149.154.167.220 | 443 | TCP |
| 2024-12-09T08:33:14.832911+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49789 | 149.154.167.220 | 443 | TCP |
| 2024-12-09T08:33:18.273066+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49800 | 149.154.167.220 | 443 | TCP |
| 2024-12-09T08:33:21.725921+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49810 | 149.154.167.220 | 443 | TCP |
| 2024-12-09T08:33:25.145721+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49820 | 149.154.167.220 | 443 | TCP |
| 2024-12-09T08:33:28.575097+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49831 | 149.154.167.220 | 443 | TCP |
| 2024-12-09T08:33:32.007339+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49840 | 149.154.167.220 | 443 | TCP |
| 2024-12-09T08:33:35.485405+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49850 | 149.154.167.220 | 443 | TCP |
| 2024-12-09T08:33:38.920720+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49860 | 149.154.167.220 | 443 | TCP |
| 2024-12-09T08:33:42.432226+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49870 | 149.154.167.220 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-09T08:32:43.321758+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.9 | 49714 | 132.226.247.73 | 80 | TCP |
| 2024-12-09T08:32:51.134363+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.9 | 49714 | 132.226.247.73 | 80 | TCP |
| 2024-12-09T08:32:54.931232+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.9 | 49737 | 132.226.247.73 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-09T08:32:34.475462+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.9 | 49711 | 172.217.19.174 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | ||
| Source: | Integrated Neural Analysis Model: | ||
Location Tracking | |
|---|
| Source: | DNS query: | ||
| Source: | Code function: | 5_2_351AB4C0 | |
| Source: | Code function: | 5_2_351ABCB8 | |
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_00405772 | |
| Source: | Code function: | 0_2_0040622D | |
| Source: | Code function: | 0_2_00402770 | |
| Source: | Code function: | 5_2_00402770 | |
| Source: | Code function: | 5_2_00405772 | |
| Source: | Code function: | 5_2_0040622D | |
| Source: | Code function: | 5_2_0015E6A8 | |
| Source: | Code function: | 5_2_0015EC58 | |
| Source: | Code function: | 5_2_0015EFAF | |
| Source: | Code function: | 5_2_351AA928 | |
| Source: | Code function: | 5_2_351AD330 | |
| Source: | Code function: | 5_2_351AEB48 | |
| Source: | Code function: | 5_2_351ABD78 | |
| Source: | Code function: | 5_2_351A9370 | |
| Source: | Code function: | 5_2_351AEFA0 | |
| Source: | Code function: | 5_2_351AC1D0 | |
| Source: | Code function: | 5_2_351A97C8 | |
| Source: | Code function: | 5_2_351AF3F8 | |
| Source: | Code function: | 5_2_351AC628 | |
| Source: | Code function: | 5_2_351A9C20 | |
| Source: | Code function: | 5_2_351AF850 | |
| Source: | Code function: | 5_2_351AA078 | |
| Source: | Code function: | 5_2_351ACA80 | |
| Source: | Code function: | 5_2_351ACED8 | |
| Source: | Code function: | 5_2_351AA4D0 | |
| Source: | Code function: | 5_2_351AE6F0 | |
| Source: | Code function: | 5_2_37EE42A0 | |
| Source: | Code function: | 5_2_37EE6130 | |
| Source: | Code function: | 5_2_37EE6130 | |
| Source: | Code function: | 5_2_37EE98D0 | |
| Source: | Code function: | 5_2_37EE46F8 | |
| Source: | Code function: | 5_2_37EEA6C7 | |
| Source: | Code function: | 5_2_37EE5631 | |
| Source: | Code function: | 5_2_37EE15F8 | |
| Source: | Code function: | 5_2_37EE3598 | |
| Source: | Code function: | 5_2_37EE0498 | |
| Source: | Code function: | 5_2_37EE2300 | |
| Source: | Code function: | 5_2_37EE11A0 | |
| Source: | Code function: | 5_2_37EE3140 | |
| Source: | Code function: | 5_2_37EE0040 | |
| Source: | Code function: | 5_2_37EE4FA8 | |
| Source: | Code function: | 5_2_37EE1EA8 | |
| Source: | Code function: | 5_2_37EE3E48 | |
| Source: | Code function: | 5_2_37EE0D48 | |
| Source: | Code function: | 5_2_37EE2CE8 | |
| Source: | Code function: | 5_2_37EE4B50 | |
| Source: | Code function: | 5_2_37EE1A50 | |
| Source: | Code function: | 5_2_37EE39F0 | |
| Source: | Code function: | 5_2_37EE08F0 | |
| Source: | Code function: | 5_2_37EE2890 | |
| Source: | Code function: | 5_2_3845E628 | |
| Source: | Code function: | 5_2_3845F176 | |
| Source: | Code function: | 5_2_3845F438 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_004052D3 | |
System Summary | |
|---|
| Source: | Static PE information: | ||
| Source: | Process Stats: | ||
| Source: | Code function: | 0_2_0040335A | |
| Source: | Code function: | 5_2_0040335A | |
| Source: | File created: | Jump to behavior | ||
| Source: | Code function: | 0_2_00404B10 | |
| Source: | Code function: | 0_2_0040653F | |
| Source: | Code function: | 5_2_00404B10 | |
| Source: | Code function: | 5_2_0040653F | |
| Source: | Code function: | 5_2_00154328 | |
| Source: | Code function: | 5_2_0015E6A8 | |
| Source: | Code function: | 5_2_00158DA0 | |
| Source: | Code function: | 5_2_00155968 | |
| Source: | Code function: | 5_2_00155F90 | |
| Source: | Code function: | 5_2_0015E698 | |
| Source: | Code function: | 5_2_00152DD1 | |
| Source: | Code function: | 5_2_351A5B28 | |
| Source: | Code function: | 5_2_351AA928 | |
| Source: | Code function: | 5_2_351AAF80 | |
| Source: | Code function: | 5_2_351A1608 | |
| Source: | Code function: | 5_2_351AA919 | |
| Source: | Code function: | 5_2_351A5908 | |
| Source: | Code function: | 5_2_351AEB3B | |
| Source: | Code function: | 5_2_351AD330 | |
| Source: | Code function: | 5_2_351AD321 | |
| Source: | Code function: | 5_2_351AEB48 | |
| Source: | Code function: | 5_2_351ABD78 | |
| Source: | Code function: | 5_2_351AD778 | |
| Source: | Code function: | 5_2_351A9370 | |
| Source: | Code function: | 5_2_351ABD68 | |
| Source: | Code function: | 5_2_351A9361 | |
| Source: | Code function: | 5_2_351AEF90 | |
| Source: | Code function: | 5_2_351AD788 | |
| Source: | Code function: | 5_2_351A5180 | |
| Source: | Code function: | 5_2_351A97B9 | |
| Source: | Code function: | 5_2_351AEFA0 | |
| Source: | Code function: | 5_2_351AC1D0 | |
| Source: | Code function: | 5_2_351A97C8 | |
| Source: | Code function: | 5_2_351AC1C0 | |
| Source: | Code function: | 5_2_351A15FB | |
| Source: | Code function: | 5_2_351AF3F8 | |
| Source: | Code function: | 5_2_351AF3EB | |
| Source: | Code function: | 5_2_351AC618 | |
| Source: | Code function: | 5_2_351A8A13 | |
| Source: | Code function: | 5_2_351A9C11 | |
| Source: | Code function: | 5_2_351AE60B | |
| Source: | Code function: | 5_2_351AC628 | |
| Source: | Code function: | 5_2_351A9C20 | |
| Source: | Code function: | 5_2_351AF850 | |
| Source: | Code function: | 5_2_351AF843 | |
| Source: | Code function: | 5_2_351AA078 | |
| Source: | Code function: | 5_2_351ACA70 | |
| Source: | Code function: | 5_2_351AA068 | |
| Source: | Code function: | 5_2_351ACA80 | |
| Source: | Code function: | 5_2_351ACED8 | |
| Source: | Code function: | 5_2_351AA4D0 | |
| Source: | Code function: | 5_2_351ACEC8 | |
| Source: | Code function: | 5_2_351AA4C0 | |
| Source: | Code function: | 5_2_351A60FE | |
| Source: | Code function: | 5_2_351AE6F0 | |
| Source: | Code function: | 5_2_37EE77F0 | |
| Source: | Code function: | 5_2_37EE9568 | |
| Source: | Code function: | 5_2_37EE8490 | |
| Source: | Code function: | 5_2_37EE42A0 | |
| Source: | Code function: | 5_2_37EE71A8 | |
| Source: | Code function: | 5_2_37EE6130 | |
| Source: | Code function: | 5_2_37EE7E40 | |
| Source: | Code function: | 5_2_37EE98D0 | |
| Source: | Code function: | 5_2_37EE77E0 | |
| Source: | Code function: | 5_2_37EE46EE | |
| Source: | Code function: | 5_2_37EE46F8 | |
| Source: | Code function: | 5_2_37EE5631 | |
| Source: | Code function: | 5_2_37EE15E8 | |
| Source: | Code function: | 5_2_37EE15F8 | |
| Source: | Code function: | 5_2_37EE3588 | |
| Source: | Code function: | 5_2_37EE3598 | |
| Source: | Code function: | 5_2_37EE0488 | |
| Source: | Code function: | 5_2_37EE8481 | |
| Source: | Code function: | 5_2_37EE0498 | |
| Source: | Code function: | 5_2_37EE2300 | |
| Source: | Code function: | 5_2_37EE22F3 | |
| Source: | Code function: | 5_2_37EE4299 | |
| Source: | Code function: | 5_2_37EE11A0 | |
| Source: | Code function: | 5_2_37EE1190 | |
| Source: | Code function: | 5_2_37EE3140 | |
| Source: | Code function: | 5_2_37EE6121 | |
| Source: | Code function: | 5_2_37EE3130 | |
| Source: | Code function: | 5_2_37EE0040 | |
| Source: | Code function: | 5_2_37EEE020 | |
| Source: | Code function: | 5_2_37EEE030 | |
| Source: | Code function: | 5_2_37EE001F | |
| Source: | Code function: | 5_2_37EE4FA8 | |
| Source: | Code function: | 5_2_37EE4F99 | |
| Source: | Code function: | 5_2_37EE1EA8 | |
| Source: | Code function: | 5_2_37EE1E98 | |
| Source: | Code function: | 5_2_37EE3E48 | |
| Source: | Code function: | 5_2_37EE3E38 | |
| Source: | Code function: | 5_2_37EE7E30 | |
| Source: | Code function: | 5_2_37EE0D48 | |
| Source: | Code function: | 5_2_37EE0D38 | |
| Source: | Code function: | 5_2_37EE2CE8 | |
| Source: | Code function: | 5_2_37EE2CD8 | |
| Source: | Code function: | 5_2_37EE4B40 | |
| Source: | Code function: | 5_2_37EE4B50 | |
| Source: | Code function: | 5_2_37EE8ACA | |
| Source: | Code function: | 5_2_37EE8AD8 | |
| Source: | Code function: | 5_2_37EE1A43 | |
| Source: | Code function: | 5_2_37EE1A50 | |
| Source: | Code function: | 5_2_37EE39E0 | |
| Source: | Code function: | 5_2_37EE39F0 | |
| Source: | Code function: | 5_2_37EE08E0 | |
| Source: | Code function: | 5_2_37EE08F0 | |
| Source: | Code function: | 5_2_37EE2890 | |
| Source: | Code function: | 5_2_37EE287F | |
| Source: | Code function: | 5_2_3845D478 | |
| Source: | Code function: | 5_2_3845E628 | |
| Source: | Code function: | 5_2_384573D0 | |
| Source: | Code function: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_004045CA | |
| Source: | Code function: | 0_2_0040206A | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | Code function: | 0_2_00406254 | |
| Source: | Code function: | 0_2_10002DCE | |
| Source: | Code function: | 5_3_001949CD | |
| Source: | File created: | Jump to dropped file | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | API coverage: | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 0_2_00405772 | |
| Source: | Code function: | 0_2_0040622D | |
| Source: | Code function: | 0_2_00402770 | |
| Source: | Code function: | 5_2_00402770 | |
| Source: | Code function: | 5_2_00405772 | |
| Source: | Code function: | 5_2_0040622D | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-4796 | ||
| Source: | API call chain: | graph_0-4800 | ||
| Source: | Code function: | 0_2_00406254 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00405F0C | |
| Source: | Key value queried: | Jump to behavior | ||
Lowering of HIPS / PFW / Operating System Security Settings | |
|---|
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry key created or modified: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 11 Process Injection | 11 Masquerading | 1 OS Credential Dumping | 21 Security Software Discovery | Remote Services | 1 Email Collection | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 31 Disable or Modify Tools | LSASS Memory | 31 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 31 Virtualization/Sandbox Evasion | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | 1 Data from Local System | 1 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Process Injection | NTDS | 1 System Network Configuration Discovery | Distributed Component Object Model | 1 Clipboard Data | 3 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 2 File and Directory Discovery | SSH | Keylogging | 14 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 3 Obfuscated Files or Information | Cached Domain Credentials | 215 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 53% | ReversingLabs | |||
| 100% | Avira | HEUR/AGEN.1337946 |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| drive.google.com | 172.217.19.174 | true | false | high | |
| drive.usercontent.google.com | 142.250.181.33 | true | false | high | |
| reallyfreegeoip.org | 172.67.177.134 | true | false | high | |
| api.telegram.org | 149.154.167.220 | true | false | high | |
| checkip.dyndns.com | 132.226.247.73 | true | false | high | |
| checkip.dyndns.org | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
| 172.217.19.174 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
| 142.250.181.33 | drive.usercontent.google.com | United States | 15169 | GOOGLEUS | false | |
| 172.67.177.134 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false | |
| 132.226.247.73 | checkip.dyndns.com | United States | 16989 | UTMEMUS | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1571272 |
| Start date and time: | 2024-12-09 08:30:19 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 8m 11s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 8 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Request for Quotation New collaboration.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/8@5/5 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: Request for Quotation New collaboration.exe
| Time | Type | Description |
|---|---|---|
| 02:32:50 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 149.154.167.220 | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | ||
| Get hash | malicious | Blank Grabber | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | RedLine, StormKitty, XWorm | Browse | |||
| Get hash | malicious | NoCry, RedLine, StormKitty, XWorm | Browse | |||
| Get hash | malicious | WhiteSnake Stealer | Browse | |||
| Get hash | malicious | Discord Token Stealer, DotStealer | Browse | |||
| Get hash | malicious | Amadey, Credential Flusher, DarkTortilla, Discord Token Stealer, DotStealer, LummaC Stealer, Stealc | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | Discord Token Stealer, DotStealer | Browse | |||
| 172.67.177.134 | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | ||
| Get hash | malicious | MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | MassLogger RAT | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| 132.226.247.73 | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| checkip.dyndns.com | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| api.telegram.org | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Blank Grabber | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | RedLine, StormKitty, XWorm | Browse |
| ||
| Get hash | malicious | NoCry, RedLine, StormKitty, XWorm | Browse |
| ||
| Get hash | malicious | WhiteSnake Stealer | Browse |
| ||
| Get hash | malicious | Discord Token Stealer, DotStealer | Browse |
| ||
| Get hash | malicious | Amadey, Credential Flusher, DarkTortilla, Discord Token Stealer, DotStealer, LummaC Stealer, Stealc | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Discord Token Stealer, DotStealer | Browse |
| ||
| reallyfreegeoip.org | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| TELEGRAMRU | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Blank Grabber | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | RedLine, StormKitty, XWorm | Browse |
| ||
| Get hash | malicious | NoCry, RedLine, StormKitty, XWorm | Browse |
| ||
| Get hash | malicious | WhiteSnake Stealer | Browse |
| ||
| Get hash | malicious | Discord Token Stealer, DotStealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Amadey, Credential Flusher, DarkTortilla, Discord Token Stealer, DotStealer, LummaC Stealer, Stealc | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Amadey, Credential Flusher, DarkVision Rat, LummaC Stealer, Stealc | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Quasar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| UTMEMUS | Get hash | malicious | Mirai | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | PureLog Stealer, Quasar | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Amadey, Credential Flusher, DarkVision Rat, LummaC Stealer, Stealc | Browse |
| |
| Get hash | malicious | DarkVision Rat, Xmrig | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | XenoRAT | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | XenoRAT | Browse |
| ||
| Get hash | malicious | XenoRAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nso7880.tmp\System.dll | Get hash | malicious | GuLoader, MassLogger RAT | Browse | ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | Azorult, GuLoader | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse |
| Process: | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11264 |
| Entropy (8bit): | 5.801108840712148 |
| Encrypted: | false |
| SSDEEP: | 192:e/b2HS5ih/7i00eWz9T7PH6yeFcQMI5+Vw+EXWZ77dslFZk:ewSUmWw9T7MmnI5+/F7Kdk |
| MD5: | FC90DFB694D0E17B013D6F818BCE41B0 |
| SHA1: | 3243969886D640AF3BFA442728B9F0DFF9D5F5B0 |
| SHA-256: | 7FE77CA13121A113C59630A3DBA0C8AAA6372E8082393274DA8F8608C4CE4528 |
| SHA-512: | 324F13AA7A33C6408E2A57C3484D1691ECEE7C3C1366DE2BB8978C8DC66B18425D8CAB5A32D1702C13C43703E36148A022263DE7166AFDCE141DA2B01169F1C6 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1206774 |
| Entropy (8bit): | 3.4406286834243858 |
| Encrypted: | false |
| SSDEEP: | 12288:z8rRdeydfTa+aRU3Pl2onuFBqMKYfMWpKJ:ofjZLngqKpK |
| MD5: | 8CF43A4B246BC533556262F5516B1E7A |
| SHA1: | 64F8C227C7E113DB85E66288341DA20731FBE0FA |
| SHA-256: | D637111F8514E6CE07D7C37400A24BC71163A5647210C9CE79B4C6FB4045A767 |
| SHA-512: | C2F0DA5420C3B1A6AF18351EB71D77165397234921AB2D438E0F5FC329875CBF415991C3C37D5F34FECA930D1532B5C9DFAA327EF28C01A82FFFA1C345F3BB1B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Kopieringsprogrammet\Astrolabe\Housemates.Irr227
Download File
| Process: | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 56360 |
| Entropy (8bit): | 4.627551145757101 |
| Encrypted: | false |
| SSDEEP: | 768:8NH3BldZACKhrgFgJBt1GuZOoLcoutzlEIPDn/zccQDvBZ3:IHRbeBhsFMBvGEY3Pr/zcck3 |
| MD5: | 82571859C65DA2518D77D22FDAC0E8B0 |
| SHA1: | 0DFDEC2B5B9878A9FD66C3054B8AD28B835DD08C |
| SHA-256: | 5FFEBC9CF96F2BD70615553E4039F2D7FB22C352DA278B1E01D428755BC8CDEA |
| SHA-512: | B6FA725E49D024C71DC8C5F71123644B9BC447E21AB3F62458C6BD6995B7B76A9AE48B29B2E8479C1EDA7298CDE0FC53D817641B8BFFC5ABB1A4527A47871295 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Kopieringsprogrammet\Astrolabe\img2.jpg
Download File
| Process: | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2929 |
| Entropy (8bit): | 7.418910042244289 |
| Encrypted: | false |
| SSDEEP: | 48:j2XBhBOaFxHfEaq1kk1YunCRbvwxhjAxnyHIvR4SnHP7oNLpLR8Fqhr:j2XBv9Fx2kkO7RihjlovpnHPCpaQ1 |
| MD5: | 49DAF4E74443D8502F3229468615185F |
| SHA1: | 9BB41BF5F382EE315893366F559FA26D57A4CD5F |
| SHA-256: | E5EE495A89E55467DB6A396F012EDB6A71D2E762CFC7FC6846FE7259528BF168 |
| SHA-512: | EE9ABC6A19215FED64584BA24736ECBA24139CD03A75530FF351C99A25628410472A28F4EE08E87CE1F75DC79396A2A9C1AC79C399720C320437BC18993B561A |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Kopieringsprogrammet\Astrolabe\pinrail.whe
Download File
| Process: | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 461378 |
| Entropy (8bit): | 1.252059381950645 |
| Encrypted: | false |
| SSDEEP: | 1536:s3tr+hilKd11tUzcxZg7SBobbR5FF7b7IvSog:sRVmQc3u9F7b76 |
| MD5: | 3AD2FE4EA13486258EADDD1E5940A6D7 |
| SHA1: | 06D0468A125D754D4534C182D79444DFB7A1CF61 |
| SHA-256: | E4C5F20595C446D20C978CF7B486579BA2FFC17E64B940733B40C89DF4331319 |
| SHA-512: | 82328E01492BDB8B23555CB369279A5352B35E0B51A4A4AC88D9F9285BBDABA627FE01139B4F9669847252D5A59FC512B2463A364EFD5C33B83309D6A8985D59 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Kopieringsprogrammet\Astrolabe\unyouthfully.ske
Download File
| Process: | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 225641 |
| Entropy (8bit): | 1.2362366155163755 |
| Encrypted: | false |
| SSDEEP: | 768:HcPiBl7QD/ad4B+etLBBF64vscOIBiMFYnfBc1TS/HVtHlY4bDzZkmNQyFY670Fn:QaxOPt/G9V4yf7P/zZkX00b/h |
| MD5: | 94C4B93474D07658FCBD411A20E68532 |
| SHA1: | 66421117EB902B48D39A1514C88C868394085FCF |
| SHA-256: | 50B1D7356F0CC22F2A9AE93A7CC9738C6BC0907724ACDB85F68F594333B706DC |
| SHA-512: | BC1C40FF5B9FD71590E9B3E71D7B58A46E8AFBE56DFBD22C39F5DC0952ACEDC96F2BC4D8428EA0BCD75D67BD32F2B095585925CD8141063801FB128EA46F7471 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Kopieringsprogrammet\Genoprettendes\Emalje.kap
Download File
| Process: | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 161977 |
| Entropy (8bit): | 1.2465706431701635 |
| Encrypted: | false |
| SSDEEP: | 768:j91kr2E4uLB4rAvVSJUxZOKLuPYUIlh6njQqVK+P7T6r6hI4W7lD1jBCgUpo:94irAZug+TLg1cpo |
| MD5: | 818D9B577C6A2CCB8C8D753C89B0AEED |
| SHA1: | 1912E60E75B47E0AC0B0ACDB2B320F0B36D3CE22 |
| SHA-256: | B53DFB245A8D5A0F0FAEEC7E8B4AE273522AC29FD29B33608F9BA7F9ADB90279 |
| SHA-512: | 91993AA2E3E2666A3945886101B2B670CD3B0D76CF3CFFF3684DCB310FE324A1C650FAB5D5D00B8CFA49B5A7713FE2DBBA6DC2D8BB8DAC7A169495E6694CE4C6 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Kopieringsprogrammet\Woolwheel.Non
Download File
| Process: | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 272109 |
| Entropy (8bit): | 7.784373707745681 |
| Encrypted: | false |
| SSDEEP: | 6144:kNydfTa+6Dxh9XUVhPW4KzP5Vcu6pUZ3BqMHazBC:GydfTa+aRU3Pl2onuFBqMKA |
| MD5: | AA6D4524C5DBEC71E84D6AA704AECDD4 |
| SHA1: | E6C70157685CA6FFB2CC4CB6847663A18A61A238 |
| SHA-256: | 9DE8C350DD334BEA379A5235DDDA7C325EE1ABAD472F197D4CB6410371C921EB |
| SHA-512: | 98E9CAED8A5C47CA953D1681CD0A441538EEB02930C6EB901A8F412A245D04CC820B6323CC8E58D2FD04CBD41B5403D5255E9622362C71A317B44BE2FFCC6118 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.059027947424247 |
| TrID: |
|
| File name: | Request for Quotation New collaboration.exe |
| File size: | 727'801 bytes |
| MD5: | 1e4847dd3c262a4303261601f0197a42 |
| SHA1: | eaa9a7dbdf8211dbe248b739480e349c0fb56583 |
| SHA256: | cb076958b9db298f34a9eeaafc4796f6d902b19b1696b76179db10612d371608 |
| SHA512: | 76620c6decf9b5ae48ddf5eda391081d568a0de7e6d87c814040614000d9b1f989466ec8a8ea9395dd45ea927a77c2f3bc848bf8910ad578bef31299801b312d |
| SSDEEP: | 12288:xlYZmcRHOAXnPlX1V6loPrHA8P4xq0xnVBTjJ:UmcdOA3PlXularHbP4xfxPJ |
| TLSH: | 89F4D01F1B069446EF9415F2B8A3DE8351F5BEBC217933456DA2FE1780B6F703A4A488 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.D9u.*ju.*ju.*j..ujw.*ju.+j..*j..wjd.*j!..j..*j..,jt.*jRichu.*j........PE..L.....oS.................`...*......Z3.......p....@ |
 | |
| Icon Hash: | 058cc0e474936126 |
| Entrypoint: | 0x40335a |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x536FD79B [Sun May 11 20:03:39 2014 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | e221f4f7d36469d53810a4b5f9fc8966 |
| Instruction |
|---|
| sub esp, 000002D4h |
| push ebx |
| push ebp |
| push esi |
| push edi |
| push 00000020h |
| xor ebp, ebp |
| pop esi |
| mov dword ptr [esp+14h], ebp |
| mov dword ptr [esp+10h], 00409230h |
| mov dword ptr [esp+1Ch], ebp |
| call dword ptr [00407034h] |
| push 00008001h |
| call dword ptr [004070BCh] |
| push ebp |
| call dword ptr [004072ACh] |
| push 00000008h |
| mov dword ptr [00429298h], eax |
| call 00007FAC6891B14Ch |
| mov dword ptr [004291E4h], eax |
| push ebp |
| lea eax, dword ptr [esp+34h] |
| push 000002B4h |
| push eax |
| push ebp |
| push 00420690h |
| call dword ptr [0040717Ch] |
| push 0040937Ch |
| push 004281E0h |
| call 00007FAC6891ADB7h |
| call dword ptr [00407134h] |
| mov ebx, 00434000h |
| push eax |
| push ebx |
| call 00007FAC6891ADA5h |
| push ebp |
| call dword ptr [0040710Ch] |
| cmp word ptr [00434000h], 0022h |
| mov dword ptr [004291E0h], eax |
| mov eax, ebx |
| jne 00007FAC6891829Ah |
| push 00000022h |
| mov eax, 00434002h |
| pop esi |
| push esi |
| push eax |
| call 00007FAC6891A7F6h |
| push eax |
| call dword ptr [00407240h] |
| mov dword ptr [esp+18h], eax |
| jmp 00007FAC6891835Eh |
| push 00000020h |
| pop edx |
| cmp cx, dx |
| jne 00007FAC68918299h |
| inc eax |
| inc eax |
| cmp word ptr [eax], dx |
| je 00007FAC6891828Bh |
| add word ptr [eax], 0000h |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x7494 | 0xb4 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5f000 | 0x43188 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x7000 | 0x2b8 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x5e68 | 0x6000 | 2f6554958e1a5093777de617d6e0bffc | False | 0.6566162109375 | data | 6.419811957742583 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x7000 | 0x1354 | 0x1400 | 2222fe44ebbadbc32af32dfc9c88e48e | False | 0.4306640625 | data | 5.037511188789184 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x9000 | 0x202d8 | 0x600 | 9587277f9a9b39e2caf86eae07909d87 | False | 0.4733072916666667 | data | 3.757932017065988 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x2a000 | 0x35000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x5f000 | 0x43188 | 0x43200 | ad79ab7bc0418c21ba04b90eb50d4a0c | False | 0.18500494646182494 | data | 4.605797713668011 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_BITMAP | 0x5f2b0 | 0x368 | Device independent bitmap graphic, 96 x 16 x 4, image size 768 | English | United States | 0.23623853211009174 |
| RT_ICON | 0x5f618 | 0x42028 | Device independent bitmap graphic, 256 x 512 x 32, image size 270336 | English | United States | 0.1810552711779152 |
| RT_DIALOG | 0xa1640 | 0x144 | data | English | United States | 0.5216049382716049 |
| RT_DIALOG | 0xa1788 | 0x13c | data | English | United States | 0.5506329113924051 |
| RT_DIALOG | 0xa18c8 | 0x100 | data | English | United States | 0.5234375 |
| RT_DIALOG | 0xa19c8 | 0x11c | data | English | United States | 0.6091549295774648 |
| RT_DIALOG | 0xa1ae8 | 0xc4 | data | English | United States | 0.5918367346938775 |
| RT_DIALOG | 0xa1bb0 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0xa1c10 | 0x14 | data | English | United States | 1.1 |
| RT_VERSION | 0xa1c28 | 0x258 | data | English | United States | 0.5216666666666666 |
| RT_MANIFEST | 0xa1e80 | 0x305 | XML 1.0 document, ASCII text, with very long lines (773), with no line terminators | English | United States | 0.5614489003880984 |
| DLL | Import |
|---|---|
| KERNEL32.dll | CompareFileTime, SearchPathW, SetFileTime, CloseHandle, GetShortPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, GetFullPathNameW, CreateDirectoryW, Sleep, GetTickCount, CreateFileW, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, SetFileAttributesW, ExpandEnvironmentStringsW, SetErrorMode, LoadLibraryW, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, lstrcpyA, lstrcpyW, lstrcatW, GetSystemDirectoryW, GetVersion, GetProcAddress, LoadLibraryA, GetModuleHandleA, GetModuleHandleW, lstrcmpiW, lstrcmpW, WaitForSingleObject, GlobalFree, GlobalAlloc, LoadLibraryExW, GetExitCodeProcess, FreeLibrary, WritePrivateProfileStringW, GetCommandLineW, GetTempPathW, GetPrivateProfileStringW, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, WriteFile, lstrlenA, WideCharToMultiByte |
| USER32.dll | EndDialog, ScreenToClient, GetWindowRect, RegisterClassW, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, wsprintfW, CreateWindowExW, SystemParametersInfoW, AppendMenuW, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, GetDC, SetWindowLongW, LoadImageW, SendMessageTimeoutW, FindWindowExW, EmptyClipboard, OpenClipboard, TrackPopupMenu, EndPaint, ShowWindow, GetDlgItem, IsWindow, SetForegroundWindow |
| GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
| SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW |
| ADVAPI32.dll | RegCloseKey, RegOpenKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
| COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
| ole32.dll | CoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize |
| VERSION.dll | GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-09T08:32:34.475462+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.9 | 49711 | 172.217.19.174 | 443 | TCP |
| 2024-12-09T08:32:43.321758+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.9 | 49714 | 132.226.247.73 | 80 | TCP |
| 2024-12-09T08:32:51.134363+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.9 | 49714 | 132.226.247.73 | 80 | TCP |
| 2024-12-09T08:32:53.286833+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49732 | 149.154.167.220 | 443 | TCP |
| 2024-12-09T08:32:54.931232+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.9 | 49737 | 132.226.247.73 | 80 | TCP |
| 2024-12-09T08:32:56.876763+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49739 | 149.154.167.220 | 443 | TCP |
| 2024-12-09T08:33:00.521871+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49750 | 149.154.167.220 | 443 | TCP |
| 2024-12-09T08:33:04.094949+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49758 | 149.154.167.220 | 443 | TCP |
| 2024-12-09T08:33:07.653342+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49770 | 149.154.167.220 | 443 | TCP |
| 2024-12-09T08:33:11.270293+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49780 | 149.154.167.220 | 443 | TCP |
| 2024-12-09T08:33:14.832911+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49789 | 149.154.167.220 | 443 | TCP |
| 2024-12-09T08:33:18.273066+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49800 | 149.154.167.220 | 443 | TCP |
| 2024-12-09T08:33:21.725921+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49810 | 149.154.167.220 | 443 | TCP |
| 2024-12-09T08:33:25.145721+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49820 | 149.154.167.220 | 443 | TCP |
| 2024-12-09T08:33:28.575097+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49831 | 149.154.167.220 | 443 | TCP |
| 2024-12-09T08:33:32.007339+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49840 | 149.154.167.220 | 443 | TCP |
| 2024-12-09T08:33:35.485405+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49850 | 149.154.167.220 | 443 | TCP |
| 2024-12-09T08:33:38.920720+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49860 | 149.154.167.220 | 443 | TCP |
| 2024-12-09T08:33:42.432226+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49870 | 149.154.167.220 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 9, 2024 08:32:31.847513914 CET | 49711 | 443 | 192.168.2.9 | 172.217.19.174 |
| Dec 9, 2024 08:32:31.847558975 CET | 443 | 49711 | 172.217.19.174 | 192.168.2.9 |
| Dec 9, 2024 08:32:31.847686052 CET | 49711 | 443 | 192.168.2.9 | 172.217.19.174 |
| Dec 9, 2024 08:32:31.884860039 CET | 49711 | 443 | 192.168.2.9 | 172.217.19.174 |
| Dec 9, 2024 08:32:31.884882927 CET | 443 | 49711 | 172.217.19.174 | 192.168.2.9 |
| Dec 9, 2024 08:32:33.583551884 CET | 443 | 49711 | 172.217.19.174 | 192.168.2.9 |
| Dec 9, 2024 08:32:33.583631039 CET | 49711 | 443 | 192.168.2.9 | 172.217.19.174 |
| Dec 9, 2024 08:32:33.584357977 CET | 443 | 49711 | 172.217.19.174 | 192.168.2.9 |
| Dec 9, 2024 08:32:33.584425926 CET | 49711 | 443 | 192.168.2.9 | 172.217.19.174 |
| Dec 9, 2024 08:32:33.645111084 CET | 49711 | 443 | 192.168.2.9 | 172.217.19.174 |
| Dec 9, 2024 08:32:33.645154953 CET | 443 | 49711 | 172.217.19.174 | 192.168.2.9 |
| Dec 9, 2024 08:32:33.645544052 CET | 443 | 49711 | 172.217.19.174 | 192.168.2.9 |
| Dec 9, 2024 08:32:33.645608902 CET | 49711 | 443 | 192.168.2.9 | 172.217.19.174 |
| Dec 9, 2024 08:32:33.649291039 CET | 49711 | 443 | 192.168.2.9 | 172.217.19.174 |
| Dec 9, 2024 08:32:33.691337109 CET | 443 | 49711 | 172.217.19.174 | 192.168.2.9 |
| Dec 9, 2024 08:32:34.475440025 CET | 443 | 49711 | 172.217.19.174 | 192.168.2.9 |
| Dec 9, 2024 08:32:34.476150036 CET | 443 | 49711 | 172.217.19.174 | 192.168.2.9 |
| Dec 9, 2024 08:32:34.476265907 CET | 49711 | 443 | 192.168.2.9 | 172.217.19.174 |
| Dec 9, 2024 08:32:34.477359056 CET | 49711 | 443 | 192.168.2.9 | 172.217.19.174 |
| Dec 9, 2024 08:32:34.477369070 CET | 443 | 49711 | 172.217.19.174 | 192.168.2.9 |
| Dec 9, 2024 08:32:34.638808012 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:34.638855934 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:34.639065981 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:34.639456034 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:34.639470100 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:36.332391024 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:36.332457066 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:36.336570978 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:36.336582899 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:36.336951971 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:36.337006092 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:36.337445974 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:36.379340887 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.433552980 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.433653116 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.446182966 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.446253061 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.552191973 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.552432060 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.552450895 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.552519083 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.556251049 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.556340933 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.625096083 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.625271082 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.628897905 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.628999949 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.629033089 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.629096031 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.634741068 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.634824991 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.642541885 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.642664909 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.643968105 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.644022942 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.651835918 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.651906967 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.653475046 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.653563023 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.660990000 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.661061049 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.666584969 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.666642904 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.670192003 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.670253992 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.680802107 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.680900097 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.686408043 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.686484098 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.694396973 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.694484949 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.697289944 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.697381020 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.707355976 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.707439899 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.710315943 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.710412025 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.722568989 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.722716093 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.724977970 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.725075006 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.734327078 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.734430075 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.737277985 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.737334013 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.755491972 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.755609035 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.755620956 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.755678892 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.768995047 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.769104958 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.782888889 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.783029079 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.783056974 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.783140898 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.816704988 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.816883087 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.816914082 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.817025900 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.818932056 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.819016933 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.823394060 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.823457003 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.823513985 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.823573112 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.826975107 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.827151060 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.827162027 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.827224016 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.834904909 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.834997892 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.835213900 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.835266113 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.835274935 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.835326910 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.845642090 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.845774889 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.845796108 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.845896006 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.856415033 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.856600046 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.856614113 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.856688023 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.866518021 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.866686106 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.866697073 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.866750956 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.876542091 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.876657009 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.876667023 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.876769066 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.886564970 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.886657000 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.886718988 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.886811018 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.896648884 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.896756887 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.896792889 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.896913052 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.907244921 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.907404900 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.907414913 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.907489061 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.917418957 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.917531013 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.917546988 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.917603016 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.926302910 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.926433086 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.926454067 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.926520109 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.936996937 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.937150002 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.937164068 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.937249899 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.945265055 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.945410013 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.945425987 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.945530891 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.952692032 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.952838898 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.953047991 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.953114033 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.953124046 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.953206062 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.954179049 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.954236031 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.954356909 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:39.954401970 CET | 443 | 49712 | 142.250.181.33 | 192.168.2.9 |
| Dec 9, 2024 08:32:39.954457045 CET | 49712 | 443 | 192.168.2.9 | 142.250.181.33 |
| Dec 9, 2024 08:32:41.419172049 CET | 49714 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:32:41.538598061 CET | 80 | 49714 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:32:41.538803101 CET | 49714 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:32:41.539978027 CET | 49714 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:32:41.659280062 CET | 80 | 49714 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:32:42.848786116 CET | 80 | 49714 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:32:42.854034901 CET | 49714 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:32:42.973778963 CET | 80 | 49714 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:32:43.277419090 CET | 80 | 49714 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:32:43.321758032 CET | 49714 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:32:43.679121017 CET | 49715 | 443 | 192.168.2.9 | 172.67.177.134 |
| Dec 9, 2024 08:32:43.679169893 CET | 443 | 49715 | 172.67.177.134 | 192.168.2.9 |
| Dec 9, 2024 08:32:43.679239988 CET | 49715 | 443 | 192.168.2.9 | 172.67.177.134 |
| Dec 9, 2024 08:32:43.682146072 CET | 49715 | 443 | 192.168.2.9 | 172.67.177.134 |
| Dec 9, 2024 08:32:43.682158947 CET | 443 | 49715 | 172.67.177.134 | 192.168.2.9 |
| Dec 9, 2024 08:32:44.896400928 CET | 443 | 49715 | 172.67.177.134 | 192.168.2.9 |
| Dec 9, 2024 08:32:44.896598101 CET | 49715 | 443 | 192.168.2.9 | 172.67.177.134 |
| Dec 9, 2024 08:32:44.961251020 CET | 49715 | 443 | 192.168.2.9 | 172.67.177.134 |
| Dec 9, 2024 08:32:44.961302042 CET | 443 | 49715 | 172.67.177.134 | 192.168.2.9 |
| Dec 9, 2024 08:32:44.961694002 CET | 443 | 49715 | 172.67.177.134 | 192.168.2.9 |
| Dec 9, 2024 08:32:44.966438055 CET | 49715 | 443 | 192.168.2.9 | 172.67.177.134 |
| Dec 9, 2024 08:32:45.011331081 CET | 443 | 49715 | 172.67.177.134 | 192.168.2.9 |
| Dec 9, 2024 08:32:45.336654902 CET | 443 | 49715 | 172.67.177.134 | 192.168.2.9 |
| Dec 9, 2024 08:32:45.336735964 CET | 443 | 49715 | 172.67.177.134 | 192.168.2.9 |
| Dec 9, 2024 08:32:45.336975098 CET | 49715 | 443 | 192.168.2.9 | 172.67.177.134 |
| Dec 9, 2024 08:32:45.343308926 CET | 49715 | 443 | 192.168.2.9 | 172.67.177.134 |
| Dec 9, 2024 08:32:50.665574074 CET | 49714 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:32:50.786506891 CET | 80 | 49714 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:32:51.090795040 CET | 80 | 49714 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:32:51.134362936 CET | 49714 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:32:51.234256983 CET | 49732 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:32:51.234297037 CET | 443 | 49732 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:32:51.234384060 CET | 49732 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:32:51.235105991 CET | 49732 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:32:51.235121012 CET | 443 | 49732 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:32:52.600003958 CET | 443 | 49732 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:32:52.600120068 CET | 49732 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:32:52.602561951 CET | 49732 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:32:52.602571011 CET | 443 | 49732 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:32:52.602823019 CET | 443 | 49732 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:32:52.604573965 CET | 49732 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:32:52.651324034 CET | 443 | 49732 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:32:52.651402950 CET | 49732 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:32:52.651411057 CET | 443 | 49732 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:32:53.286885977 CET | 443 | 49732 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:32:53.287486076 CET | 443 | 49732 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:32:53.287545919 CET | 49732 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:32:53.287857056 CET | 49732 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:32:53.447976112 CET | 49714 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:32:53.449378014 CET | 49737 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:32:53.567388058 CET | 80 | 49714 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:32:53.567497969 CET | 49714 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:32:53.568592072 CET | 80 | 49737 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:32:53.568700075 CET | 49737 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:32:53.570131063 CET | 49737 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:32:53.689362049 CET | 80 | 49737 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:32:54.890522003 CET | 80 | 49737 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:32:54.892168045 CET | 49739 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:32:54.892224073 CET | 443 | 49739 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:32:54.892301083 CET | 49739 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:32:54.892975092 CET | 49739 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:32:54.892987967 CET | 443 | 49739 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:32:54.931231976 CET | 49737 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:32:56.254075050 CET | 443 | 49739 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:32:56.256310940 CET | 49739 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:32:56.256330967 CET | 443 | 49739 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:32:56.256409883 CET | 49739 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:32:56.256421089 CET | 443 | 49739 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:32:56.876548052 CET | 443 | 49739 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:32:56.876631021 CET | 443 | 49739 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:32:56.876771927 CET | 49739 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:32:56.877409935 CET | 49739 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:32:56.882448912 CET | 49744 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:32:57.002852917 CET | 80 | 49744 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:32:57.003045082 CET | 49744 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:32:57.008755922 CET | 49744 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:32:57.128020048 CET | 80 | 49744 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:32:58.349574089 CET | 80 | 49744 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:32:58.350899935 CET | 49750 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:32:58.350951910 CET | 443 | 49750 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:32:58.351016998 CET | 49750 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:32:58.351475954 CET | 49750 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:32:58.351499081 CET | 443 | 49750 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:32:58.400041103 CET | 49744 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:32:59.882436037 CET | 443 | 49750 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:32:59.884628057 CET | 49750 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:32:59.884650946 CET | 443 | 49750 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:32:59.884708881 CET | 49750 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:32:59.884717941 CET | 443 | 49750 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:00.521815062 CET | 443 | 49750 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:00.522000074 CET | 443 | 49750 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:00.522057056 CET | 49750 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:00.522507906 CET | 49750 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:00.526290894 CET | 49744 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:00.527421951 CET | 49756 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:00.646009922 CET | 80 | 49744 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:00.646087885 CET | 49744 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:00.646644115 CET | 80 | 49756 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:00.646718025 CET | 49756 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:00.646945953 CET | 49756 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:00.766472101 CET | 80 | 49756 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:01.955497980 CET | 80 | 49756 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:01.957742929 CET | 49758 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:01.957801104 CET | 443 | 49758 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:01.957920074 CET | 49758 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:01.958215952 CET | 49758 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:01.958229065 CET | 443 | 49758 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:02.009464979 CET | 49756 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:03.318875074 CET | 443 | 49758 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:03.320832968 CET | 49758 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:03.320859909 CET | 443 | 49758 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:03.320919991 CET | 49758 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:03.320930004 CET | 443 | 49758 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:04.094959021 CET | 443 | 49758 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:04.095201969 CET | 443 | 49758 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:04.095268011 CET | 49758 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:04.095674038 CET | 49758 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:04.102453947 CET | 49756 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:04.103483915 CET | 49764 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:04.222008944 CET | 80 | 49756 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:04.222125053 CET | 49756 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:04.222745895 CET | 80 | 49764 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:04.222847939 CET | 49764 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:04.223192930 CET | 49764 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:04.343035936 CET | 80 | 49764 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:05.541635990 CET | 80 | 49764 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:05.545722008 CET | 49770 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:05.545754910 CET | 443 | 49770 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:05.545847893 CET | 49770 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:05.546143055 CET | 49770 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:05.546154976 CET | 443 | 49770 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:05.587682009 CET | 49764 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:06.908540964 CET | 443 | 49770 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:06.910444021 CET | 49770 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:06.910464048 CET | 443 | 49770 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:06.910546064 CET | 49770 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:06.910556078 CET | 443 | 49770 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:07.653379917 CET | 443 | 49770 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:07.653469086 CET | 443 | 49770 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:07.653580904 CET | 49770 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:07.654242039 CET | 49770 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:07.657496929 CET | 49764 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:07.658905029 CET | 49775 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:07.777120113 CET | 80 | 49764 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:07.777219057 CET | 49764 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:07.778173923 CET | 80 | 49775 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:07.778249979 CET | 49775 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:07.778630018 CET | 49775 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:07.897869110 CET | 80 | 49775 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:09.081372976 CET | 80 | 49775 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:09.082777977 CET | 49780 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:09.082822084 CET | 443 | 49780 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:09.083074093 CET | 49780 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:09.083419085 CET | 49780 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:09.083431005 CET | 443 | 49780 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:09.134572983 CET | 49775 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:10.447453022 CET | 443 | 49780 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:10.449527025 CET | 49780 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:10.449542999 CET | 443 | 49780 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:10.449599028 CET | 49780 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:10.449605942 CET | 443 | 49780 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:11.270353079 CET | 443 | 49780 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:11.270437002 CET | 443 | 49780 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:11.270529032 CET | 49780 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:11.271102905 CET | 49780 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:11.274384975 CET | 49775 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:11.275645971 CET | 49787 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:11.393968105 CET | 80 | 49775 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:11.394094944 CET | 49775 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:11.394867897 CET | 80 | 49787 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:11.394958019 CET | 49787 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:11.395179033 CET | 49787 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:11.514358044 CET | 80 | 49787 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:12.699516058 CET | 80 | 49787 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:12.700999022 CET | 49789 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:12.701039076 CET | 443 | 49789 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:12.701489925 CET | 49789 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:12.701489925 CET | 49789 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:12.701519012 CET | 443 | 49789 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:12.744024992 CET | 49787 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:14.061558008 CET | 443 | 49789 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:14.063745022 CET | 49789 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:14.063761950 CET | 443 | 49789 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:14.063827991 CET | 49789 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:14.063832998 CET | 443 | 49789 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:14.832942009 CET | 443 | 49789 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:14.833023071 CET | 443 | 49789 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:14.833066940 CET | 49789 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:14.833621979 CET | 49789 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:14.839227915 CET | 49787 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:14.840985060 CET | 49795 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:14.958811998 CET | 80 | 49787 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:14.958873987 CET | 49787 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:14.960222006 CET | 80 | 49795 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:14.960299015 CET | 49795 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:14.960570097 CET | 49795 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:15.079813957 CET | 80 | 49795 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:16.268881083 CET | 80 | 49795 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:16.270668983 CET | 49800 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:16.270699024 CET | 443 | 49800 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:16.270776033 CET | 49800 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:16.271137953 CET | 49800 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:16.271150112 CET | 443 | 49800 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:16.322202921 CET | 49795 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:17.635514975 CET | 443 | 49800 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:17.637424946 CET | 49800 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:17.637434959 CET | 443 | 49800 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:17.637518883 CET | 49800 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:17.637523890 CET | 443 | 49800 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:18.273128986 CET | 443 | 49800 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:18.273200035 CET | 443 | 49800 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:18.273268938 CET | 49800 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:18.273929119 CET | 49800 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:18.277956963 CET | 49795 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:18.278819084 CET | 49806 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:18.397612095 CET | 80 | 49795 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:18.397726059 CET | 49795 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:18.398150921 CET | 80 | 49806 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:18.398247004 CET | 49806 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:18.398494005 CET | 49806 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:18.517911911 CET | 80 | 49806 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:19.703084946 CET | 80 | 49806 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:19.704530001 CET | 49810 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:19.704576015 CET | 443 | 49810 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:19.704663038 CET | 49810 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:19.705007076 CET | 49810 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:19.705027103 CET | 443 | 49810 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:19.744106054 CET | 49806 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:21.074265957 CET | 443 | 49810 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:21.075999975 CET | 49810 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:21.076013088 CET | 443 | 49810 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:21.076066971 CET | 49810 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:21.076076031 CET | 443 | 49810 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:21.725933075 CET | 443 | 49810 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:21.727221012 CET | 443 | 49810 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:21.728643894 CET | 49810 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:21.728984118 CET | 49810 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:21.732358932 CET | 49806 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:21.733531952 CET | 49816 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:21.851860046 CET | 80 | 49806 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:21.852540970 CET | 49806 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:21.852771044 CET | 80 | 49816 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:21.852962971 CET | 49816 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:21.853198051 CET | 49816 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:21.972428083 CET | 80 | 49816 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:23.155771971 CET | 80 | 49816 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:23.162127018 CET | 49820 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:23.162175894 CET | 443 | 49820 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:23.162256002 CET | 49820 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:23.162606001 CET | 49820 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:23.162620068 CET | 443 | 49820 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:23.197304964 CET | 49816 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:24.524055004 CET | 443 | 49820 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:24.526329041 CET | 49820 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:24.526384115 CET | 443 | 49820 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:24.526449919 CET | 49820 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:24.526478052 CET | 443 | 49820 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:25.145781040 CET | 443 | 49820 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:25.145873070 CET | 443 | 49820 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:25.145931959 CET | 49820 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:25.146445990 CET | 49820 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:25.149831057 CET | 49816 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:25.151060104 CET | 49826 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:25.269448042 CET | 80 | 49816 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:25.269606113 CET | 49816 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:25.270349026 CET | 80 | 49826 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:25.270453930 CET | 49826 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:25.270713091 CET | 49826 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:25.389903069 CET | 80 | 49826 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:26.574084997 CET | 80 | 49826 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:26.575804949 CET | 49831 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:26.575848103 CET | 443 | 49831 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:26.575942993 CET | 49831 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:26.576297998 CET | 49831 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:26.576313019 CET | 443 | 49831 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:26.619319916 CET | 49826 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:27.937383890 CET | 443 | 49831 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:27.940769911 CET | 49831 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:27.940785885 CET | 443 | 49831 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:27.941061974 CET | 49831 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:27.941066980 CET | 443 | 49831 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:28.574850082 CET | 443 | 49831 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:28.574942112 CET | 443 | 49831 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:28.575040102 CET | 49831 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:28.575583935 CET | 49831 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:28.579139948 CET | 49826 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:28.580353022 CET | 49835 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:28.701652050 CET | 80 | 49826 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:28.701817989 CET | 49826 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:28.702346087 CET | 80 | 49835 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:28.702455044 CET | 49835 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:28.702703953 CET | 49835 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:28.822681904 CET | 80 | 49835 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:30.008955002 CET | 80 | 49835 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:30.010509968 CET | 49840 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:30.010544062 CET | 443 | 49840 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:30.010632992 CET | 49840 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:30.010920048 CET | 49840 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:30.010931969 CET | 443 | 49840 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:30.056794882 CET | 49835 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:31.380603075 CET | 443 | 49840 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:31.382371902 CET | 49840 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:31.382395983 CET | 443 | 49840 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:31.382477999 CET | 49840 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:31.382482052 CET | 443 | 49840 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:32.007332087 CET | 443 | 49840 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:32.007466078 CET | 443 | 49840 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:32.007570982 CET | 49840 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:32.008143902 CET | 49840 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:32.014431000 CET | 49835 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:32.016006947 CET | 49846 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:32.134145975 CET | 80 | 49835 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:32.134215117 CET | 49835 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:32.135935068 CET | 80 | 49846 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:32.136029959 CET | 49846 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:32.136446953 CET | 49846 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:32.256052971 CET | 80 | 49846 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:33.440058947 CET | 80 | 49846 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:33.441459894 CET | 49850 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:33.441520929 CET | 443 | 49850 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:33.441589117 CET | 49850 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:33.441875935 CET | 49850 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:33.441894054 CET | 443 | 49850 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:33.494390965 CET | 49846 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:34.802845955 CET | 443 | 49850 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:34.805018902 CET | 49850 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:34.805042982 CET | 443 | 49850 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:34.805113077 CET | 49850 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:34.805119038 CET | 443 | 49850 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:35.485436916 CET | 443 | 49850 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:35.485629082 CET | 443 | 49850 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:35.485707045 CET | 49850 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:35.486296892 CET | 49850 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:35.489897013 CET | 49846 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:35.491108894 CET | 49856 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:35.609467983 CET | 80 | 49846 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:35.609641075 CET | 49846 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:35.610313892 CET | 80 | 49856 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:35.610408068 CET | 49856 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:35.610646009 CET | 49856 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:35.729806900 CET | 80 | 49856 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:36.913548946 CET | 80 | 49856 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:36.915246010 CET | 49860 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:36.915307999 CET | 443 | 49860 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:36.915422916 CET | 49860 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:36.915707111 CET | 49860 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:36.915730000 CET | 443 | 49860 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:36.955912113 CET | 49856 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:38.283449888 CET | 443 | 49860 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:38.285353899 CET | 49860 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:38.285367966 CET | 443 | 49860 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:38.285450935 CET | 49860 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:38.285459042 CET | 443 | 49860 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:38.920592070 CET | 443 | 49860 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:38.920711040 CET | 443 | 49860 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:38.920778990 CET | 49860 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:38.921374083 CET | 49860 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:38.924873114 CET | 49856 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:38.926065922 CET | 49866 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:39.045216084 CET | 80 | 49856 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:39.045275927 CET | 49856 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:39.046549082 CET | 80 | 49866 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:39.046654940 CET | 49866 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:39.046822071 CET | 49866 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:39.166029930 CET | 80 | 49866 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:40.351454973 CET | 80 | 49866 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:40.369079113 CET | 49870 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:40.369131088 CET | 443 | 49870 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:40.369203091 CET | 49870 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:40.369894028 CET | 49870 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:40.369905949 CET | 443 | 49870 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:40.400701046 CET | 49866 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:41.731669903 CET | 443 | 49870 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:41.733762980 CET | 49870 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:41.733774900 CET | 443 | 49870 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:41.733840942 CET | 49870 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:41.733850956 CET | 443 | 49870 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:42.432265043 CET | 443 | 49870 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:42.432368994 CET | 443 | 49870 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:42.432508945 CET | 49870 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:42.433095932 CET | 49870 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:42.436796904 CET | 49866 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:42.437644958 CET | 49876 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:42.557682991 CET | 80 | 49866 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:42.557847977 CET | 80 | 49876 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:42.558010101 CET | 49866 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:42.558053017 CET | 49876 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:42.558346987 CET | 49876 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:42.902549028 CET | 80 | 49876 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:43.866245031 CET | 80 | 49876 | 132.226.247.73 | 192.168.2.9 |
| Dec 9, 2024 08:33:43.916352034 CET | 49876 | 80 | 192.168.2.9 | 132.226.247.73 |
| Dec 9, 2024 08:33:46.170675993 CET | 49886 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:46.170716047 CET | 443 | 49886 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:46.170816898 CET | 49886 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:46.171139956 CET | 49886 | 443 | 192.168.2.9 | 149.154.167.220 |
| Dec 9, 2024 08:33:46.171154022 CET | 443 | 49886 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:47.534440041 CET | 443 | 49886 | 149.154.167.220 | 192.168.2.9 |
| Dec 9, 2024 08:33:47.588567019 CET | 49886 | 443 | 192.168.2.9 | 149.154.167.220 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 9, 2024 08:32:31.700875044 CET | 52856 | 53 | 192.168.2.9 | 1.1.1.1 |
| Dec 9, 2024 08:32:31.840909004 CET | 53 | 52856 | 1.1.1.1 | 192.168.2.9 |
| Dec 9, 2024 08:32:34.496165037 CET | 62598 | 53 | 192.168.2.9 | 1.1.1.1 |
| Dec 9, 2024 08:32:34.635406971 CET | 53 | 62598 | 1.1.1.1 | 192.168.2.9 |
| Dec 9, 2024 08:32:41.275645971 CET | 64978 | 53 | 192.168.2.9 | 1.1.1.1 |
| Dec 9, 2024 08:32:41.413285017 CET | 53 | 64978 | 1.1.1.1 | 192.168.2.9 |
| Dec 9, 2024 08:32:43.540227890 CET | 58498 | 53 | 192.168.2.9 | 1.1.1.1 |
| Dec 9, 2024 08:32:43.678113937 CET | 53 | 58498 | 1.1.1.1 | 192.168.2.9 |
| Dec 9, 2024 08:32:51.096159935 CET | 52886 | 53 | 192.168.2.9 | 1.1.1.1 |
| Dec 9, 2024 08:32:51.233118057 CET | 53 | 52886 | 1.1.1.1 | 192.168.2.9 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Dec 9, 2024 08:32:31.700875044 CET | 192.168.2.9 | 1.1.1.1 | 0xfe53 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 9, 2024 08:32:34.496165037 CET | 192.168.2.9 | 1.1.1.1 | 0x6cdc | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 9, 2024 08:32:41.275645971 CET | 192.168.2.9 | 1.1.1.1 | 0xbaed | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 9, 2024 08:32:43.540227890 CET | 192.168.2.9 | 1.1.1.1 | 0x9c64 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 9, 2024 08:32:51.096159935 CET | 192.168.2.9 | 1.1.1.1 | 0x7a4c | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Dec 9, 2024 08:32:31.840909004 CET | 1.1.1.1 | 192.168.2.9 | 0xfe53 | No error (0) | 172.217.19.174 | A (IP address) | IN (0x0001) | false | ||
| Dec 9, 2024 08:32:34.635406971 CET | 1.1.1.1 | 192.168.2.9 | 0x6cdc | No error (0) | 142.250.181.33 | A (IP address) | IN (0x0001) | false | ||
| Dec 9, 2024 08:32:41.413285017 CET | 1.1.1.1 | 192.168.2.9 | 0xbaed | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Dec 9, 2024 08:32:41.413285017 CET | 1.1.1.1 | 192.168.2.9 | 0xbaed | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Dec 9, 2024 08:32:41.413285017 CET | 1.1.1.1 | 192.168.2.9 | 0xbaed | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Dec 9, 2024 08:32:41.413285017 CET | 1.1.1.1 | 192.168.2.9 | 0xbaed | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Dec 9, 2024 08:32:41.413285017 CET | 1.1.1.1 | 192.168.2.9 | 0xbaed | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
| Dec 9, 2024 08:32:41.413285017 CET | 1.1.1.1 | 192.168.2.9 | 0xbaed | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
| Dec 9, 2024 08:32:43.678113937 CET | 1.1.1.1 | 192.168.2.9 | 0x9c64 | No error (0) | 172.67.177.134 | A (IP address) | IN (0x0001) | false | ||
| Dec 9, 2024 08:32:43.678113937 CET | 1.1.1.1 | 192.168.2.9 | 0x9c64 | No error (0) | 104.21.67.152 | A (IP address) | IN (0x0001) | false | ||
| Dec 9, 2024 08:32:51.233118057 CET | 1.1.1.1 | 192.168.2.9 | 0x7a4c | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.9 | 49714 | 132.226.247.73 | 80 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 9, 2024 08:32:41.539978027 CET | 151 | OUT | |
| Dec 9, 2024 08:32:42.848786116 CET | 321 | IN | |
| Dec 9, 2024 08:32:42.854034901 CET | 127 | OUT | |
| Dec 9, 2024 08:32:43.277419090 CET | 321 | IN | |
| Dec 9, 2024 08:32:50.665574074 CET | 127 | OUT | |
| Dec 9, 2024 08:32:51.090795040 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.9 | 49737 | 132.226.247.73 | 80 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 9, 2024 08:32:53.570131063 CET | 127 | OUT | |
| Dec 9, 2024 08:32:54.890522003 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.9 | 49744 | 132.226.247.73 | 80 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 9, 2024 08:32:57.008755922 CET | 151 | OUT | |
| Dec 9, 2024 08:32:58.349574089 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.9 | 49756 | 132.226.247.73 | 80 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 9, 2024 08:33:00.646945953 CET | 151 | OUT | |
| Dec 9, 2024 08:33:01.955497980 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.9 | 49764 | 132.226.247.73 | 80 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 9, 2024 08:33:04.223192930 CET | 151 | OUT | |
| Dec 9, 2024 08:33:05.541635990 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.9 | 49775 | 132.226.247.73 | 80 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 9, 2024 08:33:07.778630018 CET | 151 | OUT | |
| Dec 9, 2024 08:33:09.081372976 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.9 | 49787 | 132.226.247.73 | 80 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 9, 2024 08:33:11.395179033 CET | 151 | OUT | |
| Dec 9, 2024 08:33:12.699516058 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.9 | 49795 | 132.226.247.73 | 80 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 9, 2024 08:33:14.960570097 CET | 151 | OUT | |
| Dec 9, 2024 08:33:16.268881083 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.9 | 49806 | 132.226.247.73 | 80 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 9, 2024 08:33:18.398494005 CET | 151 | OUT | |
| Dec 9, 2024 08:33:19.703084946 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.9 | 49816 | 132.226.247.73 | 80 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 9, 2024 08:33:21.853198051 CET | 151 | OUT | |
| Dec 9, 2024 08:33:23.155771971 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.9 | 49826 | 132.226.247.73 | 80 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 9, 2024 08:33:25.270713091 CET | 151 | OUT | |
| Dec 9, 2024 08:33:26.574084997 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.9 | 49835 | 132.226.247.73 | 80 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 9, 2024 08:33:28.702703953 CET | 151 | OUT | |
| Dec 9, 2024 08:33:30.008955002 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.9 | 49846 | 132.226.247.73 | 80 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 9, 2024 08:33:32.136446953 CET | 151 | OUT | |
| Dec 9, 2024 08:33:33.440058947 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.9 | 49856 | 132.226.247.73 | 80 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 9, 2024 08:33:35.610646009 CET | 151 | OUT | |
| Dec 9, 2024 08:33:36.913548946 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.9 | 49866 | 132.226.247.73 | 80 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 9, 2024 08:33:39.046822071 CET | 151 | OUT | |
| Dec 9, 2024 08:33:40.351454973 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.9 | 49876 | 132.226.247.73 | 80 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 9, 2024 08:33:42.558346987 CET | 151 | OUT | |
| Dec 9, 2024 08:33:43.866245031 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.9 | 49711 | 172.217.19.174 | 443 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-09 07:32:33 UTC | 216 | OUT | |
| 2024-12-09 07:32:34 UTC | 1920 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.9 | 49712 | 142.250.181.33 | 443 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-09 07:32:36 UTC | 258 | OUT | |
| 2024-12-09 07:32:39 UTC | 4949 | IN | |
| 2024-12-09 07:32:39 UTC | 4949 | IN | |
| 2024-12-09 07:32:39 UTC | 4797 | IN | |
| 2024-12-09 07:32:39 UTC | 1325 | IN | |
| 2024-12-09 07:32:39 UTC | 1390 | IN | |
| 2024-12-09 07:32:39 UTC | 1390 | IN | |
| 2024-12-09 07:32:39 UTC | 1390 | IN | |
| 2024-12-09 07:32:39 UTC | 1390 | IN | |
| 2024-12-09 07:32:39 UTC | 1390 | IN | |
| 2024-12-09 07:32:39 UTC | 1390 | IN | |
| 2024-12-09 07:32:39 UTC | 1390 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.9 | 49715 | 172.67.177.134 | 443 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-09 07:32:44 UTC | 85 | OUT | |
| 2024-12-09 07:32:45 UTC | 878 | IN | |
| 2024-12-09 07:32:45 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.9 | 49732 | 149.154.167.220 | 443 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-09 07:32:52 UTC | 294 | OUT | |
| 2024-12-09 07:32:52 UTC | 1090 | OUT | |
| 2024-12-09 07:32:53 UTC | 388 | IN | |
| 2024-12-09 07:32:53 UTC | 538 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.9 | 49739 | 149.154.167.220 | 443 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-09 07:32:56 UTC | 294 | OUT | |
| 2024-12-09 07:32:56 UTC | 1090 | OUT | |
| 2024-12-09 07:32:56 UTC | 388 | IN | |
| 2024-12-09 07:32:56 UTC | 538 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.9 | 49750 | 149.154.167.220 | 443 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-09 07:32:59 UTC | 270 | OUT | |
| 2024-12-09 07:32:59 UTC | 1090 | OUT | |
| 2024-12-09 07:33:00 UTC | 388 | IN | |
| 2024-12-09 07:33:00 UTC | 538 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.9 | 49758 | 149.154.167.220 | 443 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-09 07:33:03 UTC | 270 | OUT | |
| 2024-12-09 07:33:03 UTC | 1090 | OUT | |
| 2024-12-09 07:33:04 UTC | 388 | IN | |
| 2024-12-09 07:33:04 UTC | 538 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.9 | 49770 | 149.154.167.220 | 443 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-09 07:33:06 UTC | 270 | OUT | |
| 2024-12-09 07:33:06 UTC | 1090 | OUT | |
| 2024-12-09 07:33:07 UTC | 388 | IN | |
| 2024-12-09 07:33:07 UTC | 538 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.9 | 49780 | 149.154.167.220 | 443 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-09 07:33:10 UTC | 294 | OUT | |
| 2024-12-09 07:33:10 UTC | 1090 | OUT | |
| 2024-12-09 07:33:11 UTC | 388 | IN | |
| 2024-12-09 07:33:11 UTC | 538 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.9 | 49789 | 149.154.167.220 | 443 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-09 07:33:14 UTC | 294 | OUT | |
| 2024-12-09 07:33:14 UTC | 1090 | OUT | |
| 2024-12-09 07:33:14 UTC | 388 | IN | |
| 2024-12-09 07:33:14 UTC | 538 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.9 | 49800 | 149.154.167.220 | 443 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-09 07:33:17 UTC | 294 | OUT | |
| 2024-12-09 07:33:17 UTC | 1090 | OUT | |
| 2024-12-09 07:33:18 UTC | 388 | IN | |
| 2024-12-09 07:33:18 UTC | 538 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.9 | 49810 | 149.154.167.220 | 443 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-09 07:33:21 UTC | 294 | OUT | |
| 2024-12-09 07:33:21 UTC | 1090 | OUT | |
| 2024-12-09 07:33:21 UTC | 388 | IN | |
| 2024-12-09 07:33:21 UTC | 539 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.9 | 49820 | 149.154.167.220 | 443 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-09 07:33:24 UTC | 294 | OUT | |
| 2024-12-09 07:33:24 UTC | 1090 | OUT | |
| 2024-12-09 07:33:25 UTC | 388 | IN | |
| 2024-12-09 07:33:25 UTC | 538 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.9 | 49831 | 149.154.167.220 | 443 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-09 07:33:27 UTC | 294 | OUT | |
| 2024-12-09 07:33:27 UTC | 1090 | OUT | |
| 2024-12-09 07:33:28 UTC | 388 | IN | |
| 2024-12-09 07:33:28 UTC | 538 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.9 | 49840 | 149.154.167.220 | 443 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-09 07:33:31 UTC | 294 | OUT | |
| 2024-12-09 07:33:31 UTC | 1090 | OUT | |
| 2024-12-09 07:33:32 UTC | 388 | IN | |
| 2024-12-09 07:33:32 UTC | 538 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.9 | 49850 | 149.154.167.220 | 443 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-09 07:33:34 UTC | 294 | OUT | |
| 2024-12-09 07:33:34 UTC | 1090 | OUT | |
| 2024-12-09 07:33:35 UTC | 388 | IN | |
| 2024-12-09 07:33:35 UTC | 539 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.9 | 49860 | 149.154.167.220 | 443 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-09 07:33:38 UTC | 294 | OUT | |
| 2024-12-09 07:33:38 UTC | 1090 | OUT | |
| 2024-12-09 07:33:38 UTC | 388 | IN | |
| 2024-12-09 07:33:38 UTC | 538 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 17 | 192.168.2.9 | 49870 | 149.154.167.220 | 443 | 2556 | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-09 07:33:41 UTC | 294 | OUT | |
| 2024-12-09 07:33:41 UTC | 1090 | OUT | |
| 2024-12-09 07:33:42 UTC | 388 | IN | |
| 2024-12-09 07:33:42 UTC | 538 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 02:31:36 |
| Start date: | 09/12/2024 |
| Path: | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 727'801 bytes |
| MD5 hash: | 1E4847DD3C262A4303261601F0197A42 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 5 |
| Start time: | 02:32:24 |
| Start date: | 09/12/2024 |
| Path: | C:\Users\user\Desktop\Request for Quotation New collaboration.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 727'801 bytes |
| MD5 hash: | 1E4847DD3C262A4303261601F0197A42 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 20.1% |
| Dynamic/Decrypted Code Coverage: | 15.1% |
| Signature Coverage: | 18.9% |
| Total number of Nodes: | 1508 |
| Total number of Limit Nodes: | 45 |
Graph
Function 0040335A Relevance: 75.6, APIs: 27, Strings: 16, Instructions: 335stringfilecomCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404B10 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F0C Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 207stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405772 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040653F Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004038B4 Relevance: 49.2, APIs: 15, Strings: 13, Instructions: 216stringregistrylibraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402DBC Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401752 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402573 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040317D Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402331 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405108 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405665 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406974 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406B75 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040688B Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406390 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004067DE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004068FC Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406848 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401F98 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401B22 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 10002868 Relevance: 3.2, APIs: 2, Instructions: 156COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401DC7 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405B56 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004026F9 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402253 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401718 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405BD9 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 1000278D Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404164 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040330F Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 1000121B Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004052D3 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004045CA Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 269stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402770 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004042CC Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 207windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405C08 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 136stringmemoryfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004024EE Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 54filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404196 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404A5E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402C7F Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100018C1 Relevance: 7.7, APIs: 5, Instructions: 190COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 10001617 Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401CE5 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D41 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404978 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401BCA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405DB7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405935 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401F08 Relevance: 6.1, APIs: 4, Instructions: 55memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100015CC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405981 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405ABB Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 13% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 2.6% |
| Total number of Nodes: | 229 |
| Total number of Limit Nodes: | 17 |
Graph
Function 3845D478 Relevance: 1.9, APIs: 1, Instructions: 396COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE9568 Relevance: 1.4, Strings: 1, Instructions: 195COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3845E628 Relevance: .8, Instructions: 764COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE98D0 Relevance: .8, Instructions: 758COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE6130 Relevance: .7, Instructions: 709COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 351AA928 Relevance: .3, Instructions: 296COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015E6A8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE42A0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015EC58 Relevance: .2, Instructions: 227COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE77F0 Relevance: .2, Instructions: 219COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE7E40 Relevance: .2, Instructions: 219COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE8490 Relevance: .2, Instructions: 218COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE71A8 Relevance: .2, Instructions: 218COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015EFAF Relevance: .2, Instructions: 202COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE6121 Relevance: .2, Instructions: 166COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE8481 Relevance: .2, Instructions: 164COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3845F176 Relevance: .2, Instructions: 154COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE77E0 Relevance: .1, Instructions: 108COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE7E30 Relevance: .1, Instructions: 106COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE4299 Relevance: .1, Instructions: 98COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384505F9 Relevance: 6.1, APIs: 4, Instructions: 138threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38450608 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FD76 Relevance: 1.6, APIs: 1, Instructions: 125COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FD4F Relevance: 1.6, APIs: 1, Instructions: 113COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FD98 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384514E4 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38450849 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38450850 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3845C410 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3845C4BC Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38451CB8 Relevance: 1.5, APIs: 1, Instructions: 45timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3845D258 Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38451CC0 Relevance: 1.5, APIs: 1, Instructions: 44timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3845E560 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EEB028 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE9C55 Relevance: .3, Instructions: 322COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE9C53 Relevance: .3, Instructions: 319COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EEF0E1 Relevance: .3, Instructions: 252COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EEE9B0 Relevance: .2, Instructions: 189COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE9FAF Relevance: .2, Instructions: 155COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EEDB00 Relevance: .1, Instructions: 148COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE5400 Relevance: .1, Instructions: 147COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EEA709 Relevance: .1, Instructions: 145COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EEAA10 Relevance: .1, Instructions: 97COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EEAA48 Relevance: .1, Instructions: 88COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EEE99F Relevance: .1, Instructions: 88COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE53F0 Relevance: .1, Instructions: 78COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD030 Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE9498 Relevance: .1, Instructions: 59COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE94A8 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD02B Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EEDF91 Relevance: .1, Instructions: 52COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EEDEFC Relevance: .1, Instructions: 52COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EEDAE4 Relevance: .0, Instructions: 50COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EEA931 Relevance: .0, Instructions: 43COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EEA940 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE70C8 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EEAFA8 Relevance: .0, Instructions: 37COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE70E8 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EEFEF8 Relevance: .0, Instructions: 28COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE9879 Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EEAB75 Relevance: .0, Instructions: 21COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE70B8 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE9828 Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE6F94 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404B10 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040335A Relevance: 63.3, APIs: 27, Strings: 9, Instructions: 335stringfilecomCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405772 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 148filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040653F Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE5631 Relevance: 1.9, Strings: 1, Instructions: 601COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 351AD330 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 351AEB48 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 351ABD78 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 351A9370 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 351AEFA0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 351AC1D0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 351A97C8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 351AF3F8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 351AC628 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 351A9C20 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 351AF850 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 351AA078 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 351ACA80 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 351ACED8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 351AA4D0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 351AE6F0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE4FA8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE46F8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE1EA8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE3E48 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE15F8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE3598 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE0D48 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE2CE8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE0498 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE4B50 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE2300 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE1A50 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE39F0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE11A0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE3140 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE08F0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE2890 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EE0040 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3845F438 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37EEA6C7 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004052D3 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004038B4 Relevance: 40.5, APIs: 15, Strings: 8, Instructions: 216stringregistrylibraryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004042CC Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 207windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405C08 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 136stringmemoryfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004045CA Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 269stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402DBC Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 203memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F0C Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 207stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404196 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402573 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404A5E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402C7F Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040317D Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004024EE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54filestringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401CE5 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D41 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404978 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401BCA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004015B9 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401F08 Relevance: 6.1, APIs: 4, Instructions: 55memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405108 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405665 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406974 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406B75 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040688B Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406390 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004067DE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004068FC Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406848 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405ABB Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|