Edit tour
Windows
Analysis Report
PAYMENT ADVICE TT07180016-24_pdf.exe
Overview
General Information
| Sample name: | PAYMENT ADVICE TT07180016-24_pdf.exe |
| Analysis ID: | 1576542 |
| MD5: | 34dcd76e7a002a5f19d9842a70ba5c87 |
| SHA1: | 188373e893907df10ccf54559d05b6bb98ccdcf4 |
| SHA256: | 360acac9133b07ab36c79af7aa5e46850a97a297696bc812bfd25c4415ce4449 |
| Tags: | exeuser-lowmal3 |
| Infos: |  |
 | |
Detection
GuLoader, MassLogger RAT
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected MassLogger RAT
Yara detected Telegram RAT
AI detected suspicious sample
Disable Task Manager(disabletaskmgr)
Disables CMD prompt
Disables the Windows task manager (taskmgr)
Initial sample is a PE file and has a suspicious name
Sample has a suspicious name (potential lure to open the executable)
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Classification
- System is w10x64
PAYMENT ADVICE TT07180016-24_pdf.exe (PID: 7380 cmdline: "C:\Users\ user\Deskt op\PAYMENT ADVICE TT 07180016-2 4_pdf.exe" MD5: 34DCD76E7A002A5F19D9842A70BA5C87) - PAYMENT ADVICE TT07180016-24_pdf.exe (PID: 7788 cmdline:
"C:\Users\ user\Deskt op\PAYMENT ADVICE TT 07180016-2 4_pdf.exe" MD5: 34DCD76E7A002A5F19D9842A70BA5C87)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
{"C2 url": "https://api.telegram.org/bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendMessage"}{"EXfil Mode": "Telegram", "Telegram Token": "7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc", "Telegram Chatid": "7382809095"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_GuLoader_5 | Yara detected GuLoader | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_GuLoader_5 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_GuLoader_5 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
| Click to see the 4 entries | ||||
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-17T08:43:15.858902+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49747 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:43:19.406922+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49759 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:43:22.807206+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49766 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:43:26.189057+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49778 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:43:29.522042+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49784 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:43:32.963762+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49794 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:43:36.317018+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49805 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:43:39.650464+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49813 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:43:42.965077+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49825 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:43:46.291647+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49834 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:43:49.603821+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49844 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:43:52.956466+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49852 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:43:56.280424+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49861 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:43:59.665974+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49871 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:44:02.995888+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49880 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:44:06.403244+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49890 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:44:09.804010+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49899 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:44:13.335584+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49910 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:44:16.782812+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49918 | 149.154.167.220 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-17T08:43:05.227378+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49738 | 158.101.44.242 | 80 | TCP |
| 2024-12-17T08:43:13.633618+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49738 | 158.101.44.242 | 80 | TCP |
| 2024-12-17T08:43:17.383645+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49753 | 158.101.44.242 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-17T08:42:58.326935+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49736 | 172.217.19.174 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | ||
| Source: | Integrated Neural Analysis Model: | ||
Location Tracking | |
|---|
| Source: | DNS query: | ||
| Source: | Code function: | 4_2_3747D1EC | |
| Source: | Code function: | 4_2_3747D9D9 | |
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00405846 | |
| Source: | Code function: | 0_2_004027FB | |
| Source: | Code function: | 0_2_00406398 | |
| Source: | Code function: | 4_2_00405846 | |
| Source: | Code function: | 4_2_004027FB | |
| Source: | Code function: | 4_2_00406398 | |
| Source: | Code function: | 4_2_3747C638 | |
| Source: | Code function: | 4_2_37470C28 | |
| Source: | Code function: | 4_2_374703AF | |
| Source: | Code function: | 4_2_37470F6F | |
| Source: | Code function: | 4_2_3747E79F | |
| Source: | Code function: | 4_2_3747DEE1 | |
| Source: | Code function: | 4_2_3747BD88 | |
| Source: | Code function: | 4_2_37470C1A | |
| Source: | Code function: | 4_2_3747B4EC | |
| Source: | Code function: | 4_2_3747E339 | |
| Source: | Code function: | 4_2_3747EBF7 | |
| Source: | Code function: | 4_2_3747DA89 | |
| Source: | Code function: | 4_2_3747B944 | |
| Source: | Code function: | 4_2_3747C1F2 | |
| Source: | Code function: | 4_2_3747F042 | |
| Source: | Code function: | 4_2_3747B07F | |
| Source: | Code function: | 4_2_37528650 | |
| Source: | Code function: | 4_2_37528650 | |
| Source: | Code function: | 4_2_3752BDF0 | |
| Source: | Code function: | 4_2_37523F70 | |
| Source: | Code function: | 4_2_37525F10 | |
| Source: | Code function: | 4_2_375267C0 | |
| Source: | Code function: | 4_2_37520FA8 | |
| Source: | Code function: | 4_2_37525660 | |
| Source: | Code function: | 4_2_37522E10 | |
| Source: | Code function: | 4_2_375236C0 | |
| Source: | Code function: | 4_2_37522560 | |
| Source: | Code function: | 4_2_37524DB0 | |
| Source: | Code function: | 4_2_37526C18 | |
| Source: | Code function: | 4_2_37521400 | |
| Source: | Code function: | 4_2_375274C8 | |
| Source: | Code function: | 4_2_37521CB0 | |
| Source: | Code function: | 4_2_37527B4F | |
| Source: | Code function: | 4_2_37526368 | |
| Source: | Code function: | 4_2_37523B18 | |
| Source: | Code function: | 4_2_375243C8 | |
| Source: | Code function: | 4_2_37523268 | |
| Source: | Code function: | 4_2_37525208 | |
| Source: | Code function: | 4_2_37525AB8 | |
| Source: | Code function: | 4_2_37522108 | |
| Source: | Code function: | 4_2_375229B8 | |
| Source: | Code function: | 4_2_37521858 | |
| Source: | Code function: | 4_2_37527070 | |
| Source: | Code function: | 4_2_37524820 | |
| Source: | Code function: | 4_2_37A5E7C8 | |
| Source: | Code function: | 4_2_37A5F5D8 | |
| Source: | Code function: | 4_2_37A5F316 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_004052F3 | |
System Summary | |
|---|
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Code function: | 0_2_004032A0 | |
| Source: | Code function: | 4_2_004032A0 | |
| Source: | Code function: | 0_2_00404B30 | |
| Source: | Code function: | 0_2_00407041 | |
| Source: | Code function: | 0_2_0040686A | |
| Source: | Code function: | 4_2_00407041 | |
| Source: | Code function: | 4_2_0040686A | |
| Source: | Code function: | 4_2_00404B30 | |
| Source: | Code function: | 4_2_00164328 | |
| Source: | Code function: | 4_2_001666B8 | |
| Source: | Code function: | 4_2_00168DA0 | |
| Source: | Code function: | 4_2_00165968 | |
| Source: | Code function: | 4_2_001619B8 | |
| Source: | Code function: | 4_2_00165F90 | |
| Source: | Code function: | 4_2_00162DD1 | |
| Source: | Code function: | 4_2_3747C638 | |
| Source: | Code function: | 4_2_3747CCA0 | |
| Source: | Code function: | 4_2_3747331A | |
| Source: | Code function: | 4_2_374703AF | |
| Source: | Code function: | 4_2_37477848 | |
| Source: | Code function: | 4_2_3747E79F | |
| Source: | Code function: | 4_2_3747DEE1 | |
| Source: | Code function: | 4_2_37476EA0 | |
| Source: | Code function: | 4_2_3747BD88 | |
| Source: | Code function: | 4_2_3747B4EC | |
| Source: | Code function: | 4_2_3747CC91 | |
| Source: | Code function: | 4_2_3747E339 | |
| Source: | Code function: | 4_2_3747EBF7 | |
| Source: | Code function: | 4_2_3747DA89 | |
| Source: | Code function: | 4_2_3747B944 | |
| Source: | Code function: | 4_2_3747C1F2 | |
| Source: | Code function: | 4_2_3747F042 | |
| Source: | Code function: | 4_2_3747B07F | |
| Source: | Code function: | 4_2_37528650 | |
| Source: | Code function: | 4_2_375296C8 | |
| Source: | Code function: | 4_2_37529D10 | |
| Source: | Code function: | 4_2_3752BDF0 | |
| Source: | Code function: | 4_2_3752A360 | |
| Source: | Code function: | 4_2_3752BA97 | |
| Source: | Code function: | 4_2_3752A9B0 | |
| Source: | Code function: | 4_2_37523F70 | |
| Source: | Code function: | 4_2_37523F60 | |
| Source: | Code function: | 4_2_37525F10 | |
| Source: | Code function: | 4_2_37525F01 | |
| Source: | Code function: | 4_2_375267C0 | |
| Source: | Code function: | 4_2_3752AFF7 | |
| Source: | Code function: | 4_2_3752AFF8 | |
| Source: | Code function: | 4_2_375267B0 | |
| Source: | Code function: | 4_2_37520FA8 | |
| Source: | Code function: | 4_2_37525650 | |
| Source: | Code function: | 4_2_37528640 | |
| Source: | Code function: | 4_2_37525660 | |
| Source: | Code function: | 4_2_37522E10 | |
| Source: | Code function: | 4_2_375236C0 | |
| Source: | Code function: | 4_2_375236B0 | |
| Source: | Code function: | 4_2_375296B8 | |
| Source: | Code function: | 4_2_37522550 | |
| Source: | Code function: | 4_2_37522560 | |
| Source: | Code function: | 4_2_37529D00 | |
| Source: | Code function: | 4_2_37524DB0 | |
| Source: | Code function: | 4_2_37524DA0 | |
| Source: | Code function: | 4_2_37526C18 | |
| Source: | Code function: | 4_2_37521400 | |
| Source: | Code function: | 4_2_37526C09 | |
| Source: | Code function: | 4_2_375274C8 | |
| Source: | Code function: | 4_2_37521CB0 | |
| Source: | Code function: | 4_2_375274B8 | |
| Source: | Code function: | 4_2_37521CA0 | |
| Source: | Code function: | 4_2_3752A352 | |
| Source: | Code function: | 4_2_37526358 | |
| Source: | Code function: | 4_2_37527B4F | |
| Source: | Code function: | 4_2_37526368 | |
| Source: | Code function: | 4_2_37523B18 | |
| Source: | Code function: | 4_2_37523B08 | |
| Source: | Code function: | 4_2_375243C8 | |
| Source: | Code function: | 4_2_375243B9 | |
| Source: | Code function: | 4_2_37523268 | |
| Source: | Code function: | 4_2_37525207 | |
| Source: | Code function: | 4_2_37525208 | |
| Source: | Code function: | 4_2_37525AB8 | |
| Source: | Code function: | 4_2_37525AA8 | |
| Source: | Code function: | 4_2_37522108 | |
| Source: | Code function: | 4_2_3752F130 | |
| Source: | Code function: | 4_2_375229B8 | |
| Source: | Code function: | 4_2_3752A9A0 | |
| Source: | Code function: | 4_2_375229A8 | |
| Source: | Code function: | 4_2_37521858 | |
| Source: | Code function: | 4_2_37520040 | |
| Source: | Code function: | 4_2_37527070 | |
| Source: | Code function: | 4_2_37527061 | |
| Source: | Code function: | 4_2_37524810 | |
| Source: | Code function: | 4_2_37524820 | |
| Source: | Code function: | 4_2_37A5E7C8 | |
| Source: | Code function: | 4_2_37A5D6C1 | |
| Source: | Code function: | 4_2_37A58328 | |
| Source: | Code function: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_004032A0 | |
| Source: | Code function: | 4_2_004032A0 | |
| Source: | Code function: | 0_2_004045B4 | |
| Source: | Code function: | 0_2_00402095 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | LNK file: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Code function: | 0_2_10001B18 | |
| Source: | Code function: | 0_2_10002E0E | |
| Source: | Code function: | 4_2_3747875C | |
| Source: | Code function: | 4_2_37478461 | |
| Source: | Code function: | 4_2_37478C69 | |
| Source: | Code function: | 4_2_37478AB8 | |
| Source: | Code function: | 4_2_3747891B | |
| Source: | Code function: | 4_2_374781E2 | |
| Source: | Code function: | 4_2_374781C0 | |
| Source: | File created: | Jump to dropped file | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | API coverage: | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 0_2_00405846 | |
| Source: | Code function: | 0_2_004027FB | |
| Source: | Code function: | 0_2_00406398 | |
| Source: | Code function: | 4_2_00405846 | |
| Source: | Code function: | 4_2_004027FB | |
| Source: | Code function: | 4_2_00406398 | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-3943 | ||
| Source: | API call chain: | graph_0-3762 | ||
| Source: | Code function: | 0_2_10001B18 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00406077 | |
| Source: | Key value queried: | Jump to behavior | ||
Lowering of HIPS / PFW / Operating System Security Settings | |
|---|
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry key created or modified: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Access Token Manipulation | 1 Masquerading | 1 OS Credential Dumping | 21 Security Software Discovery | Remote Services | 1 Email Collection | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 11 Process Injection | 31 Disable or Modify Tools | LSASS Memory | 31 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 31 Virtualization/Sandbox Evasion | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | 1 Data from Local System | 1 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Access Token Manipulation | NTDS | 1 System Network Configuration Discovery | Distributed Component Object Model | 1 Clipboard Data | 3 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Process Injection | LSA Secrets | 2 File and Directory Discovery | SSH | Keylogging | 14 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Deobfuscate/Decode Files or Information | Cached Domain Credentials | 215 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 3 Obfuscated Files or Information | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 50% | ReversingLabs | Win32.Trojan.Guloader |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| drive.google.com | 172.217.19.174 | true | false | high | |
| drive.usercontent.google.com | 142.250.200.225 | true | false | high | |
| reallyfreegeoip.org | 104.21.67.152 | true | false | high | |
| api.telegram.org | 149.154.167.220 | true | false | high | |
| checkip.dyndns.com | 158.101.44.242 | true | false | high | |
| checkip.dyndns.org | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
| 104.21.67.152 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false | |
| 142.250.200.225 | drive.usercontent.google.com | United States | 15169 | GOOGLEUS | false | |
| 158.101.44.242 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false | |
| 172.217.19.174 | drive.google.com | United States | 15169 | GOOGLEUS | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1576542 |
| Start date and time: | 2024-12-17 08:41:20 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 7m 3s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 6 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | PAYMENT ADVICE TT07180016-24_pdf.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/8@5/5 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 4.175.87.197, 13.107.246.43, 172.202.163.200
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: PAYMENT ADVICE TT07180016-24_pdf.exe
| Time | Type | Description |
|---|---|---|
| 02:43:12 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 149.154.167.220 | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | AgentTesla | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | MassLogger RAT | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| 104.21.67.152 | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | ||
| Get hash | malicious | Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | MassLogger RAT | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse | |||
| Get hash | malicious | MassLogger RAT | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| 158.101.44.242 | Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| checkip.dyndns.com | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | VIP Keylogger | Browse |
| ||
| reallyfreegeoip.org | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | VIP Keylogger | Browse |
| ||
| api.telegram.org | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| TELEGRAMRU | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| ORACLE-BMC-31898US | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GO Miner, Xmrig | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | VIP Keylogger | Browse |
| ||
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | RedLine, SectopRAT | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nsxC748.tmp\System.dll | Get hash | malicious | GuLoader, MassLogger RAT | Browse | ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\Riprap43.gaw
Download File
| Process: | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 56641 |
| Entropy (8bit): | 1.2318917163845036 |
| Encrypted: | false |
| SSDEEP: | 384:vrBeaW6xu5Pd9GW0Zq+/HXF1qcGNMUd8phxiFQHOV7hpvZlq:t9+Pdop/306xixrlq |
| MD5: | 39C9A5F767D8C170B5CE38EA8D5734D4 |
| SHA1: | 4B4CA81EB3D093645B504004F62A269D4EACDECC |
| SHA-256: | 87A7017021050071DBE5726BF9AC505763CD923E2BDE93336CA0905802CD8D49 |
| SHA-512: | AE2D66B801251046FA4D3093391B916955B43BE75A954DD398583B1B8881A9F109F51F81D6E4FE759F83AC7B921FA89B02185013AFDE16D3C8EAB422BE89B4FF |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\Situationen.Pol
Download File
| Process: | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 95190 |
| Entropy (8bit): | 4.6205617007906605 |
| Encrypted: | false |
| SSDEEP: | 1536:zaAMu1AwMzvOV9VU+er/vEt18Rl8hUNsF:za8hEAw+o/vEt18D8KS |
| MD5: | C666D5BD668E4E9BD4DC1D4359A19B1F |
| SHA1: | 2CC942AFA039F22B19C741F262D928228C1CDD1C |
| SHA-256: | B5CDF16D8354827F1A281C7E5E7743FC60494040A049B391D0997B7D54BD026F |
| SHA-512: | 5136AB06B982173E52D4621302826ACFEBDB261B388BA26C6845C9C7FB3808C85512DA2025E79231B21B7080959C625D930DDF5C96863D97CE402109ADD02462 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\forskansningens.txt
Download File
| Process: | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 345 |
| Entropy (8bit): | 4.241929841155785 |
| Encrypted: | false |
| SSDEEP: | 6:dvkdMOL4xnuXGNQWjMIDw1luhPB46xAJX7sBJOdkmLA8gMfArpIXbgOwQWiQJEEC:dufExIoDe1lYnGJLsBQdtL6rpIrWQkJA |
| MD5: | AE69FE0F4D1E1115BC470031E661785C |
| SHA1: | 8D3799826FE457C61C1E8EE5E3071683A8125BC5 |
| SHA-256: | 6B18768503395C809263568D3A8858810404C2B7D49DC7CB6CE5F717F5D6C7DE |
| SHA-512: | 969C0DB048EAC4A9B447A0C0C463A7983F1B4091B6206E274B9D249F8311439B6C33F5AA1EDF9CD1AA27502DA49378D3E1B45F16909C55DF830E51684E9648BE |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\fyldebtten.soi
Download File
| Process: | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 210366 |
| Entropy (8bit): | 1.240975322465592 |
| Encrypted: | false |
| SSDEEP: | 768:vBTwJOLxCIF0V6iLboHog6BQlsMqlN1R0pmGy30wbfq6+9GmlsNh34k0uJ/QohER:cJigyyDJnLH7zA |
| MD5: | AEF78D8D561E8802286A78AAC6C73ED6 |
| SHA1: | DDF5DA649482D0A553802827BB9F0EF64A7069E1 |
| SHA-256: | 45F24543C01C9A11CC2246A9B27569AF433EEF61C877A4E191B683315D3566BE |
| SHA-512: | 93D43C0CECADF8E1F507F8E58D2B4D92995D8F7ECF213A23559938B380033A6D0D80B0816A8D6603864F821F4FEDC988E0F79BE14C6892089178970E08DC4199 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\tropaeola.Tel 
Download File
| Process: | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 293684 |
| Entropy (8bit): | 7.703410579341344 |
| Encrypted: | false |
| SSDEEP: | 6144:ZSTn+i7Qz2n4X4rYJzri719zV8BoQM4w3wSNonLx6tv0EL:ZSTn+i7Qz2n4X4cXOD5J542wSidM |
| MD5: | 67F6619D5C7D457E9DA47F86E3627FA2 |
| SHA1: | 0250A7635B60A177CE018CD34B5CEE61A8A81C46 |
| SHA-256: | 8182DF40F625C8A96CB493C6B642C6E391B50DB503A628AFF25B9161DDF0644B |
| SHA-512: | 577F08A5305543EF1B4DCD28BB5819E0970FE2586A0D5B5149BF0FE11C57BE8EFFF6C6BECCEEDB5F168D5E9D048C40E4514487CF91DC80A2AEE0CF6D46902DAC |
| Malicious: | true |
| Yara Hits: |
|
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\wildwestfilm.sto
Download File
| Process: | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 363811 |
| Entropy (8bit): | 1.2512349423386382 |
| Encrypted: | false |
| SSDEEP: | 768:y2f405GRYtnSLOBbyCociR2TVuEpHsVURGxwGmXjyMB+CtKDOgt9rlHF1QOs+9m5:pIuagbnK7CwVwFpYogwhUsvCq |
| MD5: | BFEA15C03AB295424981A73637A19491 |
| SHA1: | A5ADABDDC373D6B3004F96946D84B651E42D9F5C |
| SHA-256: | 83E9CE74259889DCABD39D41131F286882B224698DCDEB8D0B4074069AAA687B |
| SHA-512: | CB5969BFFAED8AF1791938E924E0CC9F876E45165F4E7EA5E9249131FACA831C0600F14BD68EF041D18C81A3FBE087970043D1B3B8A6786C1E5E5049834D4D0D |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11776 |
| Entropy (8bit): | 5.655335921632966 |
| Encrypted: | false |
| SSDEEP: | 192:eF24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol9Sl:h8QIl975eXqlWBrz7YLOl9 |
| MD5: | EE260C45E97B62A5E42F17460D406068 |
| SHA1: | DF35F6300A03C4D3D3BD69752574426296B78695 |
| SHA-256: | E94A1F7BCD7E0D532B660D0AF468EB3321536C3EFDCA265E61F9EC174B1AEF27 |
| SHA-512: | A98F350D17C9057F33E5847462A87D59CBF2AAEDA7F6299B0D49BB455E484CE4660C12D2EB8C4A0D21DF523E729222BBD6C820BF25B081BC7478152515B414B3 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1156 |
| Entropy (8bit): | 3.250976511083343 |
| Encrypted: | false |
| SSDEEP: | 12:8wl0asXowAOcQ/tz0/CSL6/cBnwgXl341DEDeG41DED/RKQ1olfW+kjcmAahTCN7:8xLDWLrFPjPL9izZMspdqy |
| MD5: | DA3120C581FD7369156BF3B9B82815B5 |
| SHA1: | 12B60059AE6BCFFFADEB2D4BDD2B4000E5295362 |
| SHA-256: | 5EA5E2BC538A59AA6F16F46991007F577B6EA4B456D42CBBDCF25EAB84FFA971 |
| SHA-512: | B65020A6B78960BED204A4F4C39BEE4BD43E28349DB8D61C91788D6600E89204DFFB4D9087434D8A924994C04C8C36F2A3D69563FDA8AE1D34A333F017AC2FD6 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.96302159927424 |
| TrID: |
|
| File name: | PAYMENT ADVICE TT07180016-24_pdf.exe |
| File size: | 471'469 bytes |
| MD5: | 34dcd76e7a002a5f19d9842a70ba5c87 |
| SHA1: | 188373e893907df10ccf54559d05b6bb98ccdcf4 |
| SHA256: | 360acac9133b07ab36c79af7aa5e46850a97a297696bc812bfd25c4415ce4449 |
| SHA512: | e59230ce8bd6758653642b1eba48d88e3ef3da670b466fdf8ccebf5ccba57f04084f663a529df29e6e9ee2e378930b6a5a970843cba3f57cc63eecd44140ef93 |
| SSDEEP: | 12288:I5AekxiEheb3HhIt06wEu7Jj1JK8s5FEeK4:Z1Z0Cu7Jj1Jiced |
| TLSH: | 55A423196AB1A2E3E5371A340D33BFBE62397701DB65CD2393241E0E7E227925C3B945 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P..*_...P...P..NP..*_...P...s...P...V...P..Rich.P..........................PE..L......V.................d......... |
 | |
| Icon Hash: | 3d2e0f95332b3399 |
| Entrypoint: | 0x4032a0 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x567F847F [Sun Dec 27 06:26:07 2015 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | d4b94e8ee3f620a89d114b9da4b31873 |
| Instruction |
|---|
| sub esp, 000002D4h |
| push ebp |
| push esi |
| push 00000020h |
| xor ebp, ebp |
| pop esi |
| mov dword ptr [esp+0Ch], ebp |
| push 00008001h |
| mov dword ptr [esp+0Ch], 0040A300h |
| mov dword ptr [esp+18h], ebp |
| call dword ptr [004080B0h] |
| call dword ptr [004080ACh] |
| cmp ax, 00000006h |
| je 00007FF2E881D153h |
| push ebp |
| call 00007FF2E8820296h |
| cmp eax, ebp |
| je 00007FF2E881D149h |
| push 00000C00h |
| call eax |
| push ebx |
| push edi |
| push 0040A2F4h |
| call 00007FF2E8820213h |
| push 0040A2ECh |
| call 00007FF2E8820209h |
| push 0040A2E0h |
| call 00007FF2E88201FFh |
| push 00000009h |
| call 00007FF2E8820264h |
| push 00000007h |
| call 00007FF2E882025Dh |
| mov dword ptr [00434F04h], eax |
| call dword ptr [00408044h] |
| push ebp |
| call dword ptr [004082A8h] |
| mov dword ptr [00434FB8h], eax |
| push ebp |
| lea eax, dword ptr [esp+34h] |
| push 000002B4h |
| push eax |
| push ebp |
| push 0042B228h |
| call dword ptr [0040818Ch] |
| push 0040A2C8h |
| push 00433F00h |
| call 00007FF2E881FE4Ah |
| call dword ptr [004080A8h] |
| mov ebx, 0043F000h |
| push eax |
| push ebx |
| call 00007FF2E881FE38h |
| push ebp |
| call dword ptr [00408178h] |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x85c8 | 0xa0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5d000 | 0x11e0 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b8 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x637c | 0x6400 | 83ff228d6dae8dd738eb2f78afbc793f | False | 0.672421875 | data | 6.491609540807675 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8000 | 0x147c | 0x1600 | d9f9b0b330e238260616b62a7a3cac09 | False | 0.42933238636363635 | data | 4.973928345594701 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xa000 | 0x2aff8 | 0x600 | 3f2b05c8fbb8b2e4c9c89e93d30e7252 | False | 0.53125 | data | 4.133631086111171 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x35000 | 0x28000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x5d000 | 0x11e0 | 0x1200 | 20639f4e7c421f5379e2fb9ea4a1530d | False | 0.3684895833333333 | data | 4.485045860065118 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_BITMAP | 0x5d268 | 0x368 | Device independent bitmap graphic, 96 x 16 x 4, image size 768 | English | United States | 0.23623853211009174 |
| RT_ICON | 0x5d5d0 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | English | United States | 0.42473118279569894 |
| RT_DIALOG | 0x5d8b8 | 0x144 | data | English | United States | 0.5216049382716049 |
| RT_DIALOG | 0x5da00 | 0x13c | data | English | United States | 0.5506329113924051 |
| RT_DIALOG | 0x5db40 | 0x100 | data | English | United States | 0.5234375 |
| RT_DIALOG | 0x5dc40 | 0x11c | data | English | United States | 0.6056338028169014 |
| RT_DIALOG | 0x5dd60 | 0xc4 | data | English | United States | 0.5918367346938775 |
| RT_DIALOG | 0x5de28 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0x5de88 | 0x14 | data | English | United States | 1.2 |
| RT_MANIFEST | 0x5dea0 | 0x33f | XML 1.0 document, ASCII text, with very long lines (831), with no line terminators | English | United States | 0.5547533092659447 |
| DLL | Import |
|---|---|
| KERNEL32.dll | SetCurrentDirectoryW, GetFileAttributesW, GetFullPathNameW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, MoveFileW, SetFileAttributesW, GetCurrentProcess, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, CopyFileW, CompareFileTime, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, lstrcpyW, MoveFileExW, lstrcatW, GetSystemDirectoryW, LoadLibraryW, GetProcAddress, GetModuleHandleA, ExpandEnvironmentStringsW, GetShortPathNameW, SearchPathW, lstrcmpiW, SetFileTime, CloseHandle, GlobalFree, lstrcmpW, GlobalAlloc, WaitForSingleObject, GlobalUnlock, GetDiskFreeSpaceW, GetExitCodeProcess, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, lstrlenA, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW |
| USER32.dll | GetSystemMenu, SetClassLongW, IsWindowEnabled, EnableMenuItem, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, wsprintfW, ScreenToClient, GetWindowRect, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, GetDC, SetWindowTextW, PostQuitMessage, ShowWindow, GetDlgItem, IsWindow, LoadImageW, SetWindowLongW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, SetTimer, FindWindowExW, SendMessageTimeoutW, SetForegroundWindow |
| GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
| SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW |
| ADVAPI32.dll | RegDeleteKeyW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW, RegEnumValueW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
| COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
| ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-17T08:42:58.326935+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.4 | 49736 | 172.217.19.174 | 443 | TCP |
| 2024-12-17T08:43:05.227378+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.4 | 49738 | 158.101.44.242 | 80 | TCP |
| 2024-12-17T08:43:13.633618+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.4 | 49738 | 158.101.44.242 | 80 | TCP |
| 2024-12-17T08:43:15.858902+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49747 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:43:17.383645+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.4 | 49753 | 158.101.44.242 | 80 | TCP |
| 2024-12-17T08:43:19.406922+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49759 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:43:22.807206+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49766 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:43:26.189057+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49778 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:43:29.522042+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49784 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:43:32.963762+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49794 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:43:36.317018+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49805 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:43:39.650464+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49813 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:43:42.965077+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49825 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:43:46.291647+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49834 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:43:49.603821+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49844 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:43:52.956466+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49852 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:43:56.280424+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49861 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:43:59.665974+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49871 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:44:02.995888+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49880 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:44:06.403244+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49890 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:44:09.804010+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49899 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:44:13.335584+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49910 | 149.154.167.220 | 443 | TCP |
| 2024-12-17T08:44:16.782812+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49918 | 149.154.167.220 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 17, 2024 08:42:55.460531950 CET | 49736 | 443 | 192.168.2.4 | 172.217.19.174 |
| Dec 17, 2024 08:42:55.460582018 CET | 443 | 49736 | 172.217.19.174 | 192.168.2.4 |
| Dec 17, 2024 08:42:55.460676908 CET | 49736 | 443 | 192.168.2.4 | 172.217.19.174 |
| Dec 17, 2024 08:42:55.488687992 CET | 49736 | 443 | 192.168.2.4 | 172.217.19.174 |
| Dec 17, 2024 08:42:55.488713026 CET | 443 | 49736 | 172.217.19.174 | 192.168.2.4 |
| Dec 17, 2024 08:42:57.194242954 CET | 443 | 49736 | 172.217.19.174 | 192.168.2.4 |
| Dec 17, 2024 08:42:57.194339991 CET | 49736 | 443 | 192.168.2.4 | 172.217.19.174 |
| Dec 17, 2024 08:42:57.195065022 CET | 443 | 49736 | 172.217.19.174 | 192.168.2.4 |
| Dec 17, 2024 08:42:57.195117950 CET | 49736 | 443 | 192.168.2.4 | 172.217.19.174 |
| Dec 17, 2024 08:42:57.589965105 CET | 49736 | 443 | 192.168.2.4 | 172.217.19.174 |
| Dec 17, 2024 08:42:57.589996099 CET | 443 | 49736 | 172.217.19.174 | 192.168.2.4 |
| Dec 17, 2024 08:42:57.591027975 CET | 443 | 49736 | 172.217.19.174 | 192.168.2.4 |
| Dec 17, 2024 08:42:57.591085911 CET | 49736 | 443 | 192.168.2.4 | 172.217.19.174 |
| Dec 17, 2024 08:42:57.603717089 CET | 49736 | 443 | 192.168.2.4 | 172.217.19.174 |
| Dec 17, 2024 08:42:57.647330046 CET | 443 | 49736 | 172.217.19.174 | 192.168.2.4 |
| Dec 17, 2024 08:42:58.327038050 CET | 443 | 49736 | 172.217.19.174 | 192.168.2.4 |
| Dec 17, 2024 08:42:58.327121019 CET | 49736 | 443 | 192.168.2.4 | 172.217.19.174 |
| Dec 17, 2024 08:42:58.327142954 CET | 443 | 49736 | 172.217.19.174 | 192.168.2.4 |
| Dec 17, 2024 08:42:58.327181101 CET | 49736 | 443 | 192.168.2.4 | 172.217.19.174 |
| Dec 17, 2024 08:42:58.327229023 CET | 443 | 49736 | 172.217.19.174 | 192.168.2.4 |
| Dec 17, 2024 08:42:58.327270031 CET | 49736 | 443 | 192.168.2.4 | 172.217.19.174 |
| Dec 17, 2024 08:42:58.327346087 CET | 49736 | 443 | 192.168.2.4 | 172.217.19.174 |
| Dec 17, 2024 08:42:58.327366114 CET | 443 | 49736 | 172.217.19.174 | 192.168.2.4 |
| Dec 17, 2024 08:42:58.327377081 CET | 49736 | 443 | 192.168.2.4 | 172.217.19.174 |
| Dec 17, 2024 08:42:58.327403069 CET | 49736 | 443 | 192.168.2.4 | 172.217.19.174 |
| Dec 17, 2024 08:42:58.592993975 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:42:58.593045950 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:42:58.593126059 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:42:58.593410969 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:42:58.593424082 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:00.004173994 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:00.004286051 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:00.060506105 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:00.060545921 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:00.061593056 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:00.061657906 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:00.064728975 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:00.107336998 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.545934916 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.546013117 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.556935072 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.557024956 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.575685024 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.575750113 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.665812969 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.665874004 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.665888071 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.665932894 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.737986088 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.738059044 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.741574049 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.741640091 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.741700888 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.741743088 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.748990059 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.749072075 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.749083996 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.749129057 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.756681919 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.756762981 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.764022112 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.764106035 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.764117002 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.764158010 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.771409988 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.771498919 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.771505117 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.771552086 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.779067993 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.779113054 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.779117107 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.779160023 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.786482096 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.786545992 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.786685944 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.786732912 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.794025898 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.794090033 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.801440954 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.801516056 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.801548004 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.801594973 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.808954000 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.809029102 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.809036970 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.809078932 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.815490961 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.815555096 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.815562963 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.815598965 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.822217941 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.822294950 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.828805923 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.828918934 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.828928947 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.828968048 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.835005045 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.835103035 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.835110903 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.835155010 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.930047989 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.930104017 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.930159092 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.930202007 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.934952974 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.935004950 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.935045958 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.935090065 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.938199043 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.938242912 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.942295074 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.942338943 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.942455053 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.942501068 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.947032928 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.947072983 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.947149992 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.947200060 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.947236061 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.947293997 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.951564074 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.951628923 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.951857090 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.951910019 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.956145048 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.956195116 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.959794998 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.959846973 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.959887028 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.959937096 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.963826895 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.963871002 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.964164019 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.964206934 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.968127012 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.968172073 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.968178034 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.968219042 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.972371101 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.972419977 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.977565050 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.977612019 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.977617025 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.977653980 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.980854988 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.980897903 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.980901957 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.980942965 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.984765053 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.984807014 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.984946966 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.984991074 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.989257097 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.989304066 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.989414930 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.989458084 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.993701935 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.993745089 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.997417927 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.997462034 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:02.997757912 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:02.997797966 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:03.001710892 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:03.001765013 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:03.001996994 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:03.002044916 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:03.005975008 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:03.006025076 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:03.006145000 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:03.006196022 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:03.006242990 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:03.006246090 CET | 443 | 49737 | 142.250.200.225 | 192.168.2.4 |
| Dec 17, 2024 08:43:03.006302118 CET | 49737 | 443 | 192.168.2.4 | 142.250.200.225 |
| Dec 17, 2024 08:43:03.457197905 CET | 49738 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:03.577127934 CET | 80 | 49738 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:03.577200890 CET | 49738 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:03.577646017 CET | 49738 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:03.699428082 CET | 80 | 49738 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:04.794939041 CET | 80 | 49738 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:04.799891949 CET | 49738 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:04.919800043 CET | 80 | 49738 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:05.180206060 CET | 80 | 49738 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:05.227377892 CET | 49738 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:06.108890057 CET | 49739 | 443 | 192.168.2.4 | 104.21.67.152 |
| Dec 17, 2024 08:43:06.108947992 CET | 443 | 49739 | 104.21.67.152 | 192.168.2.4 |
| Dec 17, 2024 08:43:06.109019041 CET | 49739 | 443 | 192.168.2.4 | 104.21.67.152 |
| Dec 17, 2024 08:43:06.112616062 CET | 49739 | 443 | 192.168.2.4 | 104.21.67.152 |
| Dec 17, 2024 08:43:06.112639904 CET | 443 | 49739 | 104.21.67.152 | 192.168.2.4 |
| Dec 17, 2024 08:43:07.332737923 CET | 443 | 49739 | 104.21.67.152 | 192.168.2.4 |
| Dec 17, 2024 08:43:07.335992098 CET | 49739 | 443 | 192.168.2.4 | 104.21.67.152 |
| Dec 17, 2024 08:43:07.339020014 CET | 49739 | 443 | 192.168.2.4 | 104.21.67.152 |
| Dec 17, 2024 08:43:07.339035988 CET | 443 | 49739 | 104.21.67.152 | 192.168.2.4 |
| Dec 17, 2024 08:43:07.339431047 CET | 443 | 49739 | 104.21.67.152 | 192.168.2.4 |
| Dec 17, 2024 08:43:07.343985081 CET | 49739 | 443 | 192.168.2.4 | 104.21.67.152 |
| Dec 17, 2024 08:43:07.387330055 CET | 443 | 49739 | 104.21.67.152 | 192.168.2.4 |
| Dec 17, 2024 08:43:07.773452997 CET | 443 | 49739 | 104.21.67.152 | 192.168.2.4 |
| Dec 17, 2024 08:43:07.773540020 CET | 443 | 49739 | 104.21.67.152 | 192.168.2.4 |
| Dec 17, 2024 08:43:07.773659945 CET | 49739 | 443 | 192.168.2.4 | 104.21.67.152 |
| Dec 17, 2024 08:43:07.780390024 CET | 49739 | 443 | 192.168.2.4 | 104.21.67.152 |
| Dec 17, 2024 08:43:13.202642918 CET | 49738 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:13.322618961 CET | 80 | 49738 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:13.582544088 CET | 80 | 49738 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:13.633618116 CET | 49738 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:13.819619894 CET | 49747 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:13.819662094 CET | 443 | 49747 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:13.819843054 CET | 49747 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:13.820307970 CET | 49747 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:13.820319891 CET | 443 | 49747 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:15.187578917 CET | 443 | 49747 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:15.187676907 CET | 49747 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:15.189490080 CET | 49747 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:15.189501047 CET | 443 | 49747 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:15.189793110 CET | 443 | 49747 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:15.191632032 CET | 49747 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:15.239326954 CET | 443 | 49747 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:15.240048885 CET | 49747 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:15.240056992 CET | 443 | 49747 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:15.858951092 CET | 443 | 49747 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:15.859024048 CET | 443 | 49747 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:15.859078884 CET | 49747 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:15.859621048 CET | 49747 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:16.009618044 CET | 49738 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:16.010886908 CET | 49753 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:16.130085945 CET | 80 | 49738 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:16.130597115 CET | 80 | 49753 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:16.130728960 CET | 49738 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:16.130754948 CET | 49753 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:16.130964994 CET | 49753 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:16.250693083 CET | 80 | 49753 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:17.335628986 CET | 80 | 49753 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:17.337385893 CET | 49759 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:17.337436914 CET | 443 | 49759 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:17.337534904 CET | 49759 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:17.338233948 CET | 49759 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:17.338254929 CET | 443 | 49759 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:17.383645058 CET | 49753 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:18.700539112 CET | 443 | 49759 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:18.704041958 CET | 49759 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:18.704073906 CET | 443 | 49759 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:18.707999945 CET | 49759 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:18.708007097 CET | 443 | 49759 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:19.406985044 CET | 443 | 49759 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:19.407066107 CET | 443 | 49759 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:19.407135010 CET | 49759 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:19.407526970 CET | 49759 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:19.411437988 CET | 49765 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:19.531341076 CET | 80 | 49765 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:19.531478882 CET | 49765 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:19.531661987 CET | 49765 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:19.651443958 CET | 80 | 49765 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:20.736805916 CET | 80 | 49765 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:20.738003969 CET | 49766 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:20.738051891 CET | 443 | 49766 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:20.738109112 CET | 49766 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:20.738421917 CET | 49766 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:20.738446951 CET | 443 | 49766 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:20.789925098 CET | 49765 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:22.101655960 CET | 443 | 49766 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:22.103276968 CET | 49766 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:22.103291988 CET | 443 | 49766 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:22.103353977 CET | 49766 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:22.103360891 CET | 443 | 49766 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:22.807264090 CET | 443 | 49766 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:22.807353973 CET | 443 | 49766 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:22.807416916 CET | 49766 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:22.807830095 CET | 49766 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:22.812640905 CET | 49765 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:22.813795090 CET | 49772 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:22.932805061 CET | 80 | 49765 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:22.932882071 CET | 49765 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:22.933612108 CET | 80 | 49772 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:22.933681011 CET | 49772 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:22.933883905 CET | 49772 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:23.053592920 CET | 80 | 49772 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:24.142376900 CET | 80 | 49772 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:24.143563986 CET | 49778 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:24.143624067 CET | 443 | 49778 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:24.143687963 CET | 49778 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:24.143964052 CET | 49778 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:24.143979073 CET | 443 | 49778 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:24.196141005 CET | 49772 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:25.515614033 CET | 443 | 49778 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:25.524482965 CET | 49778 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:25.524522066 CET | 443 | 49778 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:25.524596930 CET | 49778 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:25.524605036 CET | 443 | 49778 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:26.189069986 CET | 443 | 49778 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:26.189160109 CET | 443 | 49778 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:26.189205885 CET | 49778 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:26.189671993 CET | 49778 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:26.192938089 CET | 49772 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:26.194184065 CET | 49783 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:26.312999010 CET | 80 | 49772 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:26.313061953 CET | 49772 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:26.313903093 CET | 80 | 49783 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:26.313972950 CET | 49783 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:26.314163923 CET | 49783 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:26.433947086 CET | 80 | 49783 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:27.522449970 CET | 80 | 49783 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:27.525553942 CET | 49784 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:27.525652885 CET | 443 | 49784 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:27.525768995 CET | 49784 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:27.526019096 CET | 49784 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:27.526048899 CET | 443 | 49784 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:27.571290970 CET | 49783 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:28.890923023 CET | 443 | 49784 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:28.893968105 CET | 49784 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:28.893994093 CET | 443 | 49784 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:28.894043922 CET | 49784 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:28.894054890 CET | 443 | 49784 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:29.522211075 CET | 443 | 49784 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:29.522473097 CET | 443 | 49784 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:29.522535086 CET | 49784 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:29.522839069 CET | 49784 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:29.526262045 CET | 49783 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:29.527450085 CET | 49790 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:29.646591902 CET | 80 | 49783 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:29.647217989 CET | 80 | 49790 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:29.647330046 CET | 49783 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:29.647360086 CET | 49790 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:29.647578955 CET | 49790 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:29.767343998 CET | 80 | 49790 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:30.855303049 CET | 80 | 49790 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:30.856867075 CET | 49794 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:30.856914997 CET | 443 | 49794 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:30.857006073 CET | 49794 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:30.857260942 CET | 49794 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:30.857271910 CET | 443 | 49794 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:30.899262905 CET | 49790 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:32.346534967 CET | 443 | 49794 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:32.348431110 CET | 49794 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:32.348511934 CET | 443 | 49794 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:32.348604918 CET | 49794 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:32.348624945 CET | 443 | 49794 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:32.963917971 CET | 443 | 49794 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:32.964121103 CET | 443 | 49794 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:32.964184999 CET | 49794 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:32.964510918 CET | 49794 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:32.968194008 CET | 49790 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:32.968978882 CET | 49800 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:33.088247061 CET | 80 | 49790 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:33.088370085 CET | 49790 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:33.088663101 CET | 80 | 49800 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:33.088735104 CET | 49800 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:33.088923931 CET | 49800 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:33.208637953 CET | 80 | 49800 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:34.292960882 CET | 80 | 49800 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:34.294383049 CET | 49805 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:34.294430971 CET | 443 | 49805 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:34.294526100 CET | 49805 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:34.294789076 CET | 49805 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:34.294800997 CET | 443 | 49805 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:34.336774111 CET | 49800 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:35.662969112 CET | 443 | 49805 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:35.664815903 CET | 49805 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:35.664855003 CET | 443 | 49805 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:35.664928913 CET | 49805 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:35.664937019 CET | 443 | 49805 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:36.317049980 CET | 443 | 49805 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:36.317136049 CET | 443 | 49805 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:36.317200899 CET | 49805 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:36.317590952 CET | 49805 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:36.320411921 CET | 49800 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:36.321429014 CET | 49810 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:36.441143036 CET | 80 | 49800 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:36.441278934 CET | 80 | 49810 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:36.441281080 CET | 49800 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:36.441379070 CET | 49810 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:36.441560030 CET | 49810 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:36.561366081 CET | 80 | 49810 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:37.644859076 CET | 80 | 49810 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:37.646339893 CET | 49813 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:37.646389008 CET | 443 | 49813 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:37.646610022 CET | 49813 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:37.647032022 CET | 49813 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:37.647044897 CET | 443 | 49813 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:37.696127892 CET | 49810 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:39.009488106 CET | 443 | 49813 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:39.011132002 CET | 49813 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:39.011142969 CET | 443 | 49813 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:39.011179924 CET | 49813 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:39.011185884 CET | 443 | 49813 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:39.650638103 CET | 443 | 49813 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:39.650825024 CET | 443 | 49813 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:39.650919914 CET | 49813 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:39.653136969 CET | 49813 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:39.655985117 CET | 49810 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:39.657088041 CET | 49819 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:39.776324034 CET | 80 | 49810 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:39.776469946 CET | 49810 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:39.776871920 CET | 80 | 49819 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:39.776952982 CET | 49819 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:39.777172089 CET | 49819 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:39.896972895 CET | 80 | 49819 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:40.981745958 CET | 80 | 49819 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:40.983148098 CET | 49825 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:40.983197927 CET | 443 | 49825 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:40.983321905 CET | 49825 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:40.983587027 CET | 49825 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:40.983597040 CET | 443 | 49825 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:41.024307013 CET | 49819 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:42.345652103 CET | 443 | 49825 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:42.347275972 CET | 49825 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:42.347318888 CET | 443 | 49825 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:42.347383976 CET | 49825 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:42.347389936 CET | 443 | 49825 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:42.965125084 CET | 443 | 49825 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:42.965209007 CET | 443 | 49825 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:42.965305090 CET | 49825 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:42.965744972 CET | 49825 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:42.968694925 CET | 49819 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:42.969727993 CET | 49830 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:43.088862896 CET | 80 | 49819 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:43.089099884 CET | 49819 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:43.089396954 CET | 80 | 49830 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:43.089473963 CET | 49830 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:43.089665890 CET | 49830 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:43.211877108 CET | 80 | 49830 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:44.294574976 CET | 80 | 49830 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:44.295730114 CET | 49834 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:44.295782089 CET | 443 | 49834 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:44.295869112 CET | 49834 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:44.296113968 CET | 49834 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:44.296128035 CET | 443 | 49834 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:44.336783886 CET | 49830 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:45.656698942 CET | 443 | 49834 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:45.658562899 CET | 49834 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:45.658584118 CET | 443 | 49834 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:45.658663988 CET | 49834 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:45.658668995 CET | 443 | 49834 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:46.291702032 CET | 443 | 49834 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:46.291778088 CET | 443 | 49834 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:46.291853905 CET | 49834 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:46.292346001 CET | 49834 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:46.295037031 CET | 49830 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:46.296190023 CET | 49838 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:46.415395021 CET | 80 | 49830 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:46.415510893 CET | 49830 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:46.415924072 CET | 80 | 49838 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:46.415992975 CET | 49838 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:46.416150093 CET | 49838 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:46.537045002 CET | 80 | 49838 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:47.623064995 CET | 80 | 49838 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:47.624264002 CET | 49844 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:47.624311924 CET | 443 | 49844 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:47.624501944 CET | 49844 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:47.624656916 CET | 49844 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:47.624670029 CET | 443 | 49844 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:47.664892912 CET | 49838 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:48.985409021 CET | 443 | 49844 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:48.987293959 CET | 49844 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:48.987356901 CET | 443 | 49844 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:48.987458944 CET | 49844 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:48.987466097 CET | 443 | 49844 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:49.603873968 CET | 443 | 49844 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:49.603948116 CET | 443 | 49844 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:49.604108095 CET | 49844 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:49.604670048 CET | 49844 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:49.608165026 CET | 49838 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:49.609205008 CET | 49849 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:49.728275061 CET | 80 | 49838 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:49.728388071 CET | 49838 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:49.728948116 CET | 80 | 49849 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:49.729024887 CET | 49849 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:49.729285002 CET | 49849 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:49.848948956 CET | 80 | 49849 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:50.932688951 CET | 80 | 49849 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:50.934218884 CET | 49852 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:50.934266090 CET | 443 | 49852 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:50.934369087 CET | 49852 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:50.934612989 CET | 49852 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:50.934628010 CET | 443 | 49852 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:50.977456093 CET | 49849 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:52.296857119 CET | 443 | 49852 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:52.298650026 CET | 49852 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:52.298690081 CET | 443 | 49852 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:52.298804998 CET | 49852 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:52.298810959 CET | 443 | 49852 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:52.956474066 CET | 443 | 49852 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:52.956653118 CET | 443 | 49852 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:52.956706047 CET | 49852 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:52.956948996 CET | 49852 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:52.959930897 CET | 49849 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:52.960971117 CET | 49858 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:53.080055952 CET | 80 | 49849 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:53.080146074 CET | 49849 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:53.080764055 CET | 80 | 49858 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:53.080841064 CET | 49858 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:53.080987930 CET | 49858 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:53.200861931 CET | 80 | 49858 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:54.284662962 CET | 80 | 49858 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:54.285785913 CET | 49861 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:54.285840988 CET | 443 | 49861 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:54.286046982 CET | 49861 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:54.286341906 CET | 49861 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:54.286351919 CET | 443 | 49861 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:54.336827040 CET | 49858 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:55.651398897 CET | 443 | 49861 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:55.653188944 CET | 49861 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:55.653204918 CET | 443 | 49861 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:55.653270006 CET | 49861 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:55.653275967 CET | 443 | 49861 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:56.280447006 CET | 443 | 49861 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:56.280543089 CET | 443 | 49861 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:56.280678034 CET | 49861 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:56.281105042 CET | 49861 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:56.284248114 CET | 49858 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:56.285207987 CET | 49867 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:56.404342890 CET | 80 | 49858 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:56.404398918 CET | 49858 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:56.405211926 CET | 80 | 49867 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:56.405302048 CET | 49867 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:56.405495882 CET | 49867 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:56.525223970 CET | 80 | 49867 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:57.631014109 CET | 80 | 49867 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:57.642534971 CET | 49871 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:57.642632008 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:57.642715931 CET | 49871 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:57.642987013 CET | 49871 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:57.643017054 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:57.680531025 CET | 49867 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:59.014338970 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:59.015968084 CET | 49871 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:59.015993118 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:59.016158104 CET | 49871 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:59.016168118 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:59.666034937 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:59.666117907 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:43:59.666218042 CET | 49871 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:59.666589022 CET | 49871 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:43:59.669213057 CET | 49867 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:59.670185089 CET | 49877 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:59.789422035 CET | 80 | 49867 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:59.789549112 CET | 49867 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:59.789911985 CET | 80 | 49877 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:43:59.790019035 CET | 49877 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:59.790177107 CET | 49877 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:43:59.910013914 CET | 80 | 49877 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:44:00.996728897 CET | 80 | 49877 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:44:00.999722004 CET | 49880 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:00.999778032 CET | 443 | 49880 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:00.999838114 CET | 49880 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:01.000087976 CET | 49880 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:01.000103951 CET | 443 | 49880 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:01.040040016 CET | 49877 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:02.361347914 CET | 443 | 49880 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:02.385595083 CET | 49880 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:02.385615110 CET | 443 | 49880 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:02.385754108 CET | 49880 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:02.385757923 CET | 443 | 49880 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:02.995872021 CET | 443 | 49880 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:02.996005058 CET | 443 | 49880 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:02.996061087 CET | 49880 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:02.996699095 CET | 49880 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:03.000488997 CET | 49877 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:03.001571894 CET | 49886 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:03.120559931 CET | 80 | 49877 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:44:03.120639086 CET | 49877 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:03.121217966 CET | 80 | 49886 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:44:03.121299028 CET | 49886 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:03.121478081 CET | 49886 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:03.241389990 CET | 80 | 49886 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:44:04.325215101 CET | 80 | 49886 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:44:04.326775074 CET | 49890 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:04.326822996 CET | 443 | 49890 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:04.328105927 CET | 49890 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:04.328494072 CET | 49890 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:04.328505993 CET | 443 | 49890 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:04.368068933 CET | 49886 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:05.692289114 CET | 443 | 49890 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:05.694427013 CET | 49890 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:05.694444895 CET | 443 | 49890 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:05.694519043 CET | 49890 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:05.694528103 CET | 443 | 49890 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:06.403275967 CET | 443 | 49890 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:06.403366089 CET | 443 | 49890 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:06.403444052 CET | 49890 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:06.403836966 CET | 49890 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:06.407279015 CET | 49886 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:06.408992052 CET | 49896 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:06.527374983 CET | 80 | 49886 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:44:06.527483940 CET | 49886 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:06.528825998 CET | 80 | 49896 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:44:06.528903961 CET | 49896 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:06.529033899 CET | 49896 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:06.648750067 CET | 80 | 49896 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:44:07.736078024 CET | 80 | 49896 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:44:07.737823963 CET | 49899 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:07.737870932 CET | 443 | 49899 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:07.737986088 CET | 49899 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:07.738320112 CET | 49899 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:07.738331079 CET | 443 | 49899 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:07.790047884 CET | 49896 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:09.100826979 CET | 443 | 49899 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:09.102916956 CET | 49899 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:09.102946997 CET | 443 | 49899 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:09.103001118 CET | 49899 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:09.103004932 CET | 443 | 49899 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:09.804054976 CET | 443 | 49899 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:09.804141998 CET | 443 | 49899 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:09.804352045 CET | 49899 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:09.804702997 CET | 49899 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:09.807928085 CET | 49896 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:09.809494019 CET | 49905 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:09.927983999 CET | 80 | 49896 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:44:09.928312063 CET | 49896 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:09.929263115 CET | 80 | 49905 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:44:09.929332972 CET | 49905 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:09.929522038 CET | 49905 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:10.049376965 CET | 80 | 49905 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:44:11.265780926 CET | 80 | 49905 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:44:11.267385006 CET | 49910 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:11.267410040 CET | 443 | 49910 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:11.267483950 CET | 49910 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:11.267837048 CET | 49910 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:11.267849922 CET | 443 | 49910 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:11.321235895 CET | 49905 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:12.629793882 CET | 443 | 49910 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:12.631871939 CET | 49910 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:12.631915092 CET | 443 | 49910 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:12.631962061 CET | 49910 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:12.631970882 CET | 443 | 49910 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:13.335553885 CET | 443 | 49910 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:13.335680008 CET | 443 | 49910 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:13.335896015 CET | 49910 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:13.336446047 CET | 49910 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:13.340235949 CET | 49905 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:13.341619015 CET | 49915 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:13.461353064 CET | 80 | 49905 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:44:13.461430073 CET | 80 | 49915 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:44:13.461836100 CET | 49905 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:13.462112904 CET | 49915 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:13.462217093 CET | 49915 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:13.582979918 CET | 80 | 49915 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:44:14.697674990 CET | 80 | 49915 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:44:14.699331999 CET | 49918 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:14.699387074 CET | 443 | 49918 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:14.699603081 CET | 49918 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:14.699789047 CET | 49918 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:14.699804068 CET | 443 | 49918 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:14.743113041 CET | 49915 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:16.059267044 CET | 443 | 49918 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:16.063371897 CET | 49918 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:16.063421965 CET | 443 | 49918 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:16.063483000 CET | 49918 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:16.063493013 CET | 443 | 49918 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:16.782862902 CET | 443 | 49918 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:16.782948017 CET | 443 | 49918 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:16.783037901 CET | 49918 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:16.783533096 CET | 49918 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:16.786427021 CET | 49915 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:16.787373066 CET | 49924 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:16.906789064 CET | 80 | 49915 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:44:16.906924963 CET | 49915 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:16.907167912 CET | 80 | 49924 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:44:16.907274008 CET | 49924 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:16.907413960 CET | 49924 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:17.027256012 CET | 80 | 49924 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:44:18.116226912 CET | 80 | 49924 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:44:18.164937973 CET | 49924 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 17, 2024 08:44:20.809348106 CET | 49935 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:20.809420109 CET | 443 | 49935 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:20.809495926 CET | 49935 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:20.809813976 CET | 49935 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:20.809830904 CET | 443 | 49935 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:22.169610023 CET | 443 | 49935 | 149.154.167.220 | 192.168.2.4 |
| Dec 17, 2024 08:44:22.211855888 CET | 49935 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 17, 2024 08:44:22.335658073 CET | 80 | 49753 | 158.101.44.242 | 192.168.2.4 |
| Dec 17, 2024 08:44:22.335725069 CET | 49753 | 80 | 192.168.2.4 | 158.101.44.242 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 17, 2024 08:42:55.316226959 CET | 53128 | 53 | 192.168.2.4 | 1.1.1.1 |
| Dec 17, 2024 08:42:55.454019070 CET | 53 | 53128 | 1.1.1.1 | 192.168.2.4 |
| Dec 17, 2024 08:42:58.350507021 CET | 65389 | 53 | 192.168.2.4 | 1.1.1.1 |
| Dec 17, 2024 08:42:58.589390993 CET | 53 | 65389 | 1.1.1.1 | 192.168.2.4 |
| Dec 17, 2024 08:43:03.310192108 CET | 54400 | 53 | 192.168.2.4 | 1.1.1.1 |
| Dec 17, 2024 08:43:03.452250957 CET | 53 | 54400 | 1.1.1.1 | 192.168.2.4 |
| Dec 17, 2024 08:43:05.965230942 CET | 49310 | 53 | 192.168.2.4 | 1.1.1.1 |
| Dec 17, 2024 08:43:06.105846882 CET | 53 | 49310 | 1.1.1.1 | 192.168.2.4 |
| Dec 17, 2024 08:43:13.587847948 CET | 61699 | 53 | 192.168.2.4 | 1.1.1.1 |
| Dec 17, 2024 08:43:13.818962097 CET | 53 | 61699 | 1.1.1.1 | 192.168.2.4 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Dec 17, 2024 08:42:55.316226959 CET | 192.168.2.4 | 1.1.1.1 | 0x8f49 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 17, 2024 08:42:58.350507021 CET | 192.168.2.4 | 1.1.1.1 | 0xb0f2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 17, 2024 08:43:03.310192108 CET | 192.168.2.4 | 1.1.1.1 | 0xdb86 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 17, 2024 08:43:05.965230942 CET | 192.168.2.4 | 1.1.1.1 | 0x9ec4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 17, 2024 08:43:13.587847948 CET | 192.168.2.4 | 1.1.1.1 | 0x8443 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Dec 17, 2024 08:42:55.454019070 CET | 1.1.1.1 | 192.168.2.4 | 0x8f49 | No error (0) | 172.217.19.174 | A (IP address) | IN (0x0001) | false | ||
| Dec 17, 2024 08:42:58.589390993 CET | 1.1.1.1 | 192.168.2.4 | 0xb0f2 | No error (0) | 142.250.200.225 | A (IP address) | IN (0x0001) | false | ||
| Dec 17, 2024 08:43:03.452250957 CET | 1.1.1.1 | 192.168.2.4 | 0xdb86 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Dec 17, 2024 08:43:03.452250957 CET | 1.1.1.1 | 192.168.2.4 | 0xdb86 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Dec 17, 2024 08:43:03.452250957 CET | 1.1.1.1 | 192.168.2.4 | 0xdb86 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
| Dec 17, 2024 08:43:03.452250957 CET | 1.1.1.1 | 192.168.2.4 | 0xdb86 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
| Dec 17, 2024 08:43:03.452250957 CET | 1.1.1.1 | 192.168.2.4 | 0xdb86 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Dec 17, 2024 08:43:03.452250957 CET | 1.1.1.1 | 192.168.2.4 | 0xdb86 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Dec 17, 2024 08:43:06.105846882 CET | 1.1.1.1 | 192.168.2.4 | 0x9ec4 | No error (0) | 104.21.67.152 | A (IP address) | IN (0x0001) | false | ||
| Dec 17, 2024 08:43:06.105846882 CET | 1.1.1.1 | 192.168.2.4 | 0x9ec4 | No error (0) | 172.67.177.134 | A (IP address) | IN (0x0001) | false | ||
| Dec 17, 2024 08:43:13.818962097 CET | 1.1.1.1 | 192.168.2.4 | 0x8443 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49738 | 158.101.44.242 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 17, 2024 08:43:03.577646017 CET | 151 | OUT | |
| Dec 17, 2024 08:43:04.794939041 CET | 321 | IN | |
| Dec 17, 2024 08:43:04.799891949 CET | 127 | OUT | |
| Dec 17, 2024 08:43:05.180206060 CET | 321 | IN | |
| Dec 17, 2024 08:43:13.202642918 CET | 127 | OUT | |
| Dec 17, 2024 08:43:13.582544088 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49753 | 158.101.44.242 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 17, 2024 08:43:16.130964994 CET | 127 | OUT | |
| Dec 17, 2024 08:43:17.335628986 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 49765 | 158.101.44.242 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 17, 2024 08:43:19.531661987 CET | 151 | OUT | |
| Dec 17, 2024 08:43:20.736805916 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.4 | 49772 | 158.101.44.242 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 17, 2024 08:43:22.933883905 CET | 151 | OUT | |
| Dec 17, 2024 08:43:24.142376900 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.4 | 49783 | 158.101.44.242 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 17, 2024 08:43:26.314163923 CET | 151 | OUT | |
| Dec 17, 2024 08:43:27.522449970 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.4 | 49790 | 158.101.44.242 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 17, 2024 08:43:29.647578955 CET | 151 | OUT | |
| Dec 17, 2024 08:43:30.855303049 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.4 | 49800 | 158.101.44.242 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 17, 2024 08:43:33.088923931 CET | 151 | OUT | |
| Dec 17, 2024 08:43:34.292960882 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.4 | 49810 | 158.101.44.242 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 17, 2024 08:43:36.441560030 CET | 151 | OUT | |
| Dec 17, 2024 08:43:37.644859076 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.4 | 49819 | 158.101.44.242 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 17, 2024 08:43:39.777172089 CET | 151 | OUT | |
| Dec 17, 2024 08:43:40.981745958 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.4 | 49830 | 158.101.44.242 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 17, 2024 08:43:43.089665890 CET | 151 | OUT | |
| Dec 17, 2024 08:43:44.294574976 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.4 | 49838 | 158.101.44.242 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 17, 2024 08:43:46.416150093 CET | 151 | OUT | |
| Dec 17, 2024 08:43:47.623064995 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.4 | 49849 | 158.101.44.242 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 17, 2024 08:43:49.729285002 CET | 151 | OUT | |
| Dec 17, 2024 08:43:50.932688951 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.4 | 49858 | 158.101.44.242 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 17, 2024 08:43:53.080987930 CET | 151 | OUT | |
| Dec 17, 2024 08:43:54.284662962 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.4 | 49867 | 158.101.44.242 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 17, 2024 08:43:56.405495882 CET | 151 | OUT | |
| Dec 17, 2024 08:43:57.631014109 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.4 | 49877 | 158.101.44.242 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 17, 2024 08:43:59.790177107 CET | 151 | OUT | |
| Dec 17, 2024 08:44:00.996728897 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.4 | 49886 | 158.101.44.242 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 17, 2024 08:44:03.121478081 CET | 151 | OUT | |
| Dec 17, 2024 08:44:04.325215101 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.4 | 49896 | 158.101.44.242 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 17, 2024 08:44:06.529033899 CET | 151 | OUT | |
| Dec 17, 2024 08:44:07.736078024 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 17 | 192.168.2.4 | 49905 | 158.101.44.242 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 17, 2024 08:44:09.929522038 CET | 151 | OUT | |
| Dec 17, 2024 08:44:11.265780926 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 18 | 192.168.2.4 | 49915 | 158.101.44.242 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 17, 2024 08:44:13.462217093 CET | 151 | OUT | |
| Dec 17, 2024 08:44:14.697674990 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 19 | 192.168.2.4 | 49924 | 158.101.44.242 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 17, 2024 08:44:16.907413960 CET | 151 | OUT | |
| Dec 17, 2024 08:44:18.116226912 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49736 | 172.217.19.174 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-17 07:42:57 UTC | 216 | OUT | |
| 2024-12-17 07:42:58 UTC | 1920 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49737 | 142.250.200.225 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-17 07:43:00 UTC | 258 | OUT | |
| 2024-12-17 07:43:02 UTC | 4932 | IN | |
| 2024-12-17 07:43:02 UTC | 4932 | IN | |
| 2024-12-17 07:43:02 UTC | 4834 | IN | |
| 2024-12-17 07:43:02 UTC | 1322 | IN | |
| 2024-12-17 07:43:02 UTC | 1390 | IN | |
| 2024-12-17 07:43:02 UTC | 1390 | IN | |
| 2024-12-17 07:43:02 UTC | 1390 | IN | |
| 2024-12-17 07:43:02 UTC | 1390 | IN | |
| 2024-12-17 07:43:02 UTC | 1390 | IN | |
| 2024-12-17 07:43:02 UTC | 1390 | IN | |
| 2024-12-17 07:43:02 UTC | 1390 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 49739 | 104.21.67.152 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-17 07:43:07 UTC | 85 | OUT | |
| 2024-12-17 07:43:07 UTC | 882 | IN | |
| 2024-12-17 07:43:07 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.4 | 49747 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-17 07:43:15 UTC | 295 | OUT | |
| 2024-12-17 07:43:15 UTC | 1090 | OUT | |
| 2024-12-17 07:43:15 UTC | 388 | IN | |
| 2024-12-17 07:43:15 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.4 | 49759 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-17 07:43:18 UTC | 295 | OUT | |
| 2024-12-17 07:43:18 UTC | 1090 | OUT | |
| 2024-12-17 07:43:19 UTC | 388 | IN | |
| 2024-12-17 07:43:19 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.4 | 49766 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-17 07:43:22 UTC | 271 | OUT | |
| 2024-12-17 07:43:22 UTC | 1090 | OUT | |
| 2024-12-17 07:43:22 UTC | 388 | IN | |
| 2024-12-17 07:43:22 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.4 | 49778 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-17 07:43:25 UTC | 271 | OUT | |
| 2024-12-17 07:43:25 UTC | 1090 | OUT | |
| 2024-12-17 07:43:26 UTC | 388 | IN | |
| 2024-12-17 07:43:26 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.4 | 49784 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-17 07:43:28 UTC | 271 | OUT | |
| 2024-12-17 07:43:28 UTC | 1090 | OUT | |
| 2024-12-17 07:43:29 UTC | 388 | IN | |
| 2024-12-17 07:43:29 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.4 | 49794 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-17 07:43:32 UTC | 295 | OUT | |
| 2024-12-17 07:43:32 UTC | 1090 | OUT | |
| 2024-12-17 07:43:32 UTC | 388 | IN | |
| 2024-12-17 07:43:32 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.4 | 49805 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-17 07:43:35 UTC | 295 | OUT | |
| 2024-12-17 07:43:35 UTC | 1090 | OUT | |
| 2024-12-17 07:43:36 UTC | 388 | IN | |
| 2024-12-17 07:43:36 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.4 | 49813 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-17 07:43:39 UTC | 295 | OUT | |
| 2024-12-17 07:43:39 UTC | 1090 | OUT | |
| 2024-12-17 07:43:39 UTC | 388 | IN | |
| 2024-12-17 07:43:39 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.4 | 49825 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-17 07:43:42 UTC | 295 | OUT | |
| 2024-12-17 07:43:42 UTC | 1090 | OUT | |
| 2024-12-17 07:43:42 UTC | 388 | IN | |
| 2024-12-17 07:43:42 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.4 | 49834 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-17 07:43:45 UTC | 295 | OUT | |
| 2024-12-17 07:43:45 UTC | 1090 | OUT | |
| 2024-12-17 07:43:46 UTC | 388 | IN | |
| 2024-12-17 07:43:46 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.4 | 49844 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-17 07:43:48 UTC | 295 | OUT | |
| 2024-12-17 07:43:48 UTC | 1090 | OUT | |
| 2024-12-17 07:43:49 UTC | 388 | IN | |
| 2024-12-17 07:43:49 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.4 | 49852 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-17 07:43:52 UTC | 295 | OUT | |
| 2024-12-17 07:43:52 UTC | 1090 | OUT | |
| 2024-12-17 07:43:52 UTC | 388 | IN | |
| 2024-12-17 07:43:52 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.4 | 49861 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-17 07:43:55 UTC | 295 | OUT | |
| 2024-12-17 07:43:55 UTC | 1090 | OUT | |
| 2024-12-17 07:43:56 UTC | 388 | IN | |
| 2024-12-17 07:43:56 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.4 | 49871 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-17 07:43:59 UTC | 295 | OUT | |
| 2024-12-17 07:43:59 UTC | 1090 | OUT | |
| 2024-12-17 07:43:59 UTC | 388 | IN | |
| 2024-12-17 07:43:59 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 17 | 192.168.2.4 | 49880 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-17 07:44:02 UTC | 295 | OUT | |
| 2024-12-17 07:44:02 UTC | 1090 | OUT | |
| 2024-12-17 07:44:02 UTC | 388 | IN | |
| 2024-12-17 07:44:02 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 18 | 192.168.2.4 | 49890 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-17 07:44:05 UTC | 295 | OUT | |
| 2024-12-17 07:44:05 UTC | 1090 | OUT | |
| 2024-12-17 07:44:06 UTC | 388 | IN | |
| 2024-12-17 07:44:06 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 19 | 192.168.2.4 | 49899 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-17 07:44:09 UTC | 295 | OUT | |
| 2024-12-17 07:44:09 UTC | 1090 | OUT | |
| 2024-12-17 07:44:09 UTC | 388 | IN | |
| 2024-12-17 07:44:09 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 20 | 192.168.2.4 | 49910 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-17 07:44:12 UTC | 295 | OUT | |
| 2024-12-17 07:44:12 UTC | 1090 | OUT | |
| 2024-12-17 07:44:13 UTC | 388 | IN | |
| 2024-12-17 07:44:13 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 21 | 192.168.2.4 | 49918 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-17 07:44:16 UTC | 295 | OUT | |
| 2024-12-17 07:44:16 UTC | 1090 | OUT | |
| 2024-12-17 07:44:16 UTC | 388 | IN | |
| 2024-12-17 07:44:16 UTC | 542 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 02:42:11 |
| Start date: | 17/12/2024 |
| Path: | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 471'469 bytes |
| MD5 hash: | 34DCD76E7A002A5F19D9842A70BA5C87 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 02:42:46 |
| Start date: | 17/12/2024 |
| Path: | C:\Users\user\Desktop\PAYMENT ADVICE TT07180016-24_pdf.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 471'469 bytes |
| MD5 hash: | 34DCD76E7A002A5F19D9842A70BA5C87 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 21.7% |
| Dynamic/Decrypted Code Coverage: | 13.9% |
| Signature Coverage: | 20.8% |
| Total number of Nodes: | 1517 |
| Total number of Limit Nodes: | 47 |
Graph
Function 004032A0 Relevance: 89.7, APIs: 32, Strings: 19, Instructions: 401stringfilecomCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404B30 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406077 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 207stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405846 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406398 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004027FB Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040389E Relevance: 47.5, APIs: 14, Strings: 13, Instructions: 215stringregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401767 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004025E5 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 151fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040237B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004063BF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405128 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401FC3 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401B37 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401DDC Relevance: 3.0, APIs: 2, Instructions: 21COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405C2A Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405700 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100028A4 Relevance: 2.7, APIs: 2, Instructions: 156memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402786 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040229D Relevance: 1.5, APIs: 1, Instructions: 25COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405CDC Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405CAD Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100027C7 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040159B Relevance: 1.5, APIs: 1, Instructions: 18COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040414E Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403258 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004052F3 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004045B4 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040686A Relevance: .3, Instructions: 334COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407041 Relevance: .3, Instructions: 300COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004042B6 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 207windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405D84 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100022D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404180 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404A7E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D04 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100024A9 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402537 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100018A9 Relevance: 7.7, APIs: 5, Instructions: 189COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100015FF Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401CFA Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404970 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401BDF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F22 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405A09 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D8A Relevance: 6.0, APIs: 4, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405B11 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405735 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405A55 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405B8F Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 11.4% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 2.5% |
| Total number of Nodes: | 236 |
| Total number of Limit Nodes: | 13 |
Graph
Function 001666B8 Relevance: 10.5, Strings: 8, Instructions: 457COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001619B8 Relevance: 8.5, Strings: 6, Instructions: 969COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00165F90 Relevance: 6.7, Strings: 5, Instructions: 469COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00164328 Relevance: 6.4, Strings: 5, Instructions: 196COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00168DA0 Relevance: 6.1, Strings: 4, Instructions: 1142COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A5E7C8 Relevance: 3.3, Strings: 2, Instructions: 764COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3752BDF0 Relevance: 3.3, Strings: 2, Instructions: 758COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00165968 Relevance: 3.0, Strings: 2, Instructions: 513COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A5D6C1 Relevance: 1.8, APIs: 1, Instructions: 329COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37529D10 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3752A360 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 375296C8 Relevance: 1.5, Strings: 1, Instructions: 218COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3752A9B0 Relevance: 1.5, Strings: 1, Instructions: 218COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3752A9A0 Relevance: 1.4, Strings: 1, Instructions: 173COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 375296B8 Relevance: 1.4, Strings: 1, Instructions: 168COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37528650 Relevance: .7, Instructions: 709COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3747C638 Relevance: .3, Instructions: 324COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 374703AF Relevance: .3, Instructions: 286COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37470C1A Relevance: .2, Instructions: 240COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37470C28 Relevance: .2, Instructions: 220COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37470F6F Relevance: .2, Instructions: 202COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3752BA97 Relevance: .2, Instructions: 191COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37528640 Relevance: .2, Instructions: 172COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A5F316 Relevance: .2, Instructions: 154COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37529D00 Relevance: .1, Instructions: 120COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3752A352 Relevance: .1, Instructions: 112COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A50980 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3752D548 Relevance: 5.2, Strings: 4, Instructions: 151COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00160B29 Relevance: 4.0, Strings: 3, Instructions: 203COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00160B30 Relevance: 4.0, Strings: 3, Instructions: 200COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37527920 Relevance: 3.9, Strings: 3, Instructions: 147COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00164F00 Relevance: 2.8, Strings: 2, Instructions: 331COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00165460 Relevance: 2.7, Strings: 2, Instructions: 229COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37527922 Relevance: 2.6, Strings: 2, Instructions: 72COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00168D19 Relevance: 2.5, Strings: 2, Instructions: 44COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A50104 Relevance: 1.6, APIs: 1, Instructions: 120COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A50110 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A51DC0 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A5D488 Relevance: 1.6, APIs: 1, Instructions: 74comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3752C175 Relevance: 1.6, Strings: 1, Instructions: 322COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3752C173 Relevance: 1.6, Strings: 1, Instructions: 319COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A50BC0 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A50BC8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A5D3E8 Relevance: 1.5, APIs: 1, Instructions: 48comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A52018 Relevance: 1.5, APIs: 1, Instructions: 48timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A5E700 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A5C560 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A52020 Relevance: 1.5, APIs: 1, Instructions: 44timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A5E708 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3752FAB0 Relevance: 1.4, Strings: 1, Instructions: 189COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00169EB0 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3752FAA1 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3752CF68 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3752CF59 Relevance: 1.3, Strings: 1, Instructions: 80COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 375295E8 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00166C98 Relevance: .2, Instructions: 201COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3752CC28 Relevance: .1, Instructions: 147COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00163168 Relevance: .1, Instructions: 134COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001692C3 Relevance: .1, Instructions: 125COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00168BF0 Relevance: .1, Instructions: 108COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00164620 Relevance: .1, Instructions: 101COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0016B1B7 Relevance: .1, Instructions: 97COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00166F40 Relevance: .1, Instructions: 87COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001618C8 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0009D3F0 Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001652C8 Relevance: .1, Instructions: 74COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0016B2C2 Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD030 Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00160EC8 Relevance: .1, Instructions: 70COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0016324D Relevance: .1, Instructions: 68COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001617B8 Relevance: .1, Instructions: 66COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00168729 Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0016FE60 Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3752B9C7 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3752B9C8 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0009D3EB Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3752CE50 Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD02B Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00164E5F Relevance: .1, Instructions: 52COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3752E7F4 Relevance: .0, Instructions: 50COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0016B2F0 Relevance: .0, Instructions: 49COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00164664 Relevance: .0, Instructions: 44COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0016FC3E Relevance: .0, Instructions: 44COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3752CE60 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37529608 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3752943B Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0016B168 Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00161877 Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0016FE1E Relevance: .0, Instructions: 24COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0016FE20 Relevance: .0, Instructions: 23COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0016FF22 Relevance: .0, Instructions: 21COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3752CF30 Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00161888 Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0016FFB0 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3752D095 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001656FF Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00169F6D Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 375295D8 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0016FF30 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3752BD48 Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 375294B4 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00165710 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004032A0 Relevance: 77.4, APIs: 32, Strings: 12, Instructions: 401stringfilecomCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404B30 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3752AFF8 Relevance: 23.0, Strings: 18, Instructions: 461COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405846 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 148filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3752AFF7 Relevance: 12.9, Strings: 10, Instructions: 361COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37527B4F Relevance: 3.1, Strings: 2, Instructions: 611COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3747DEE1 Relevance: 1.5, Strings: 1, Instructions: 274COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3747F042 Relevance: .3, Instructions: 278COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3747BD88 Relevance: .3, Instructions: 277COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3747B07F Relevance: .3, Instructions: 277COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3747E339 Relevance: .3, Instructions: 273COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3747DA89 Relevance: .3, Instructions: 273COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37523F70 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37525F10 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 375267C0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37520FA8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37525660 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37522E10 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 375236C0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37522560 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37524DB0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37526C18 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37521400 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 375274C8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37521CB0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37526368 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37523B18 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 375243C8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37523268 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37525208 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37525AB8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37522108 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 375229B8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37521858 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37527070 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37524820 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3747E79F Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3747EBF7 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3747C1F2 Relevance: .3, Instructions: 267COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3747B4EC Relevance: .3, Instructions: 265COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3747B944 Relevance: .3, Instructions: 265COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A5F5D8 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004052F3 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004042B6 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 207windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040389E Relevance: 37.0, APIs: 13, Strings: 8, Instructions: 215stringregistryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405D84 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004045B4 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406077 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 207stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404180 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004025E5 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 151fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404A7E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D04 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401CFA Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D56 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404970 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401BDF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004063BF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34libraryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405683 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D8A Relevance: 6.0, APIs: 4, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405128 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405735 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00161A40 Relevance: 5.1, Strings: 4, Instructions: 98COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001658E8 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405B8F Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|