Edit tour
Windows
Analysis Report
RFQ December-January Forcast and TCL.exe
Overview
General Information
| Sample name: | RFQ December-January Forcast and TCL.exe |
| Analysis ID: | 1577232 |
| MD5: | 65eea9949b624401ea78aaf28072ab3f |
| SHA1: | fbbe105c42a0ad822625a5242d854357f956886c |
| SHA256: | 32fb0b39f4243593925572e1ea32d1bd21e72a8c0022a12c6c8025da20b7ffb2 |
| Infos: |  |
 | |
Detection
GuLoader, MassLogger RAT
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected MassLogger RAT
Yara detected Telegram RAT
AI detected suspicious sample
Disable Task Manager(disabletaskmgr)
Disables CMD prompt
Disables the Windows task manager (taskmgr)
Initial sample is a PE file and has a suspicious name
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Classification
- System is w10x64
RFQ December-January Forcast and TCL.exe (PID: 432 cmdline: "C:\Users\ user\Deskt op\RFQ Dec ember-Janu ary Forcas t and TCL. exe" MD5: 65EEA9949B624401EA78AAF28072AB3F) - RFQ December-January Forcast and TCL.exe (PID: 2692 cmdline:
"C:\Users\ user\Deskt op\RFQ Dec ember-Janu ary Forcas t and TCL. exe" MD5: 65EEA9949B624401EA78AAF28072AB3F)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
{"C2 url": "https://api.telegram.org/bot7766574905:AAGkK12NqfgMWNTsNJqrFtr2J3oH0W_DuqA/sendMessage"}{"EXfil Mode": "Telegram", "Telegram Token": "7766574905:AAGkK12NqfgMWNTsNJqrFtr2J3oH0W_DuqA", "Telegram Chatid": "2065242915"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | ||
| Click to see the 2 entries | ||||
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-18T09:52:05.808790+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49752 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:09.325974+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49758 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:12.665699+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49769 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:16.296271+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49777 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:19.981105+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49788 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:23.826079+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49800 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:27.776272+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49812 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:31.173451+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49819 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:34.620820+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49831 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:38.101320+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49843 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:41.586605+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49850 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:44.961373+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49862 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:48.314478+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49869 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:51.698398+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49881 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:55.057064+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49889 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:59.049907+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49900 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:53:02.514487+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49912 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:53:06.047224+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49920 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:53:09.391789+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49931 | 149.154.167.220 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-18T09:51:54.919930+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49738 | 158.101.44.242 | 80 | TCP |
| 2024-12-18T09:52:03.732495+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49738 | 158.101.44.242 | 80 | TCP |
| 2024-12-18T09:52:07.373361+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49757 | 158.101.44.242 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-18T09:51:47.011616+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49736 | 172.217.17.46 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Integrated Neural Analysis Model: | ||
Location Tracking | |
|---|
| Source: | DNS query: | ||
| Source: | Code function: | 4_2_36A5D1EC | |
| Source: | Code function: | 4_2_36A5D9D9 | |
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00405846 | |
| Source: | Code function: | 0_2_004027FB | |
| Source: | Code function: | 0_2_00406398 | |
| Source: | Code function: | 4_2_00405846 | |
| Source: | Code function: | 4_2_004027FB | |
| Source: | Code function: | 4_2_00406398 | |
| Source: | Code function: | 4_2_36A5C638 | |
| Source: | Code function: | 4_2_36A50C28 | |
| Source: | Code function: | 4_2_36A503AF | |
| Source: | Code function: | 4_2_36A5DEE1 | |
| Source: | Code function: | 4_2_36A5E790 | |
| Source: | Code function: | 4_2_36A50F6F | |
| Source: | Code function: | 4_2_36A5B4EC | |
| Source: | Code function: | 4_2_36A50C1A | |
| Source: | Code function: | 4_2_36A5BD88 | |
| Source: | Code function: | 4_2_36A5DA89 | |
| Source: | Code function: | 4_2_36A5EBF2 | |
| Source: | Code function: | 4_2_36A5E339 | |
| Source: | Code function: | 4_2_36A5B07F | |
| Source: | Code function: | 4_2_36A5F042 | |
| Source: | Code function: | 4_2_36A5C1F2 | |
| Source: | Code function: | 4_2_36A5B944 | |
| Source: | Code function: | 4_2_36B08650 | |
| Source: | Code function: | 4_2_36B08650 | |
| Source: | Code function: | 4_2_36B0BDF0 | |
| Source: | Code function: | 4_2_36B036C0 | |
| Source: | Code function: | 4_2_36B02E10 | |
| Source: | Code function: | 4_2_36B05660 | |
| Source: | Code function: | 4_2_36B00FA8 | |
| Source: | Code function: | 4_2_36B067C0 | |
| Source: | Code function: | 4_2_36B05F10 | |
| Source: | Code function: | 4_2_36B03F70 | |
| Source: | Code function: | 4_2_36B01CB0 | |
| Source: | Code function: | 4_2_36B074C8 | |
| Source: | Code function: | 4_2_36B06C18 | |
| Source: | Code function: | 4_2_36B01400 | |
| Source: | Code function: | 4_2_36B04DB0 | |
| Source: | Code function: | 4_2_36B02560 | |
| Source: | Code function: | 4_2_36B05AB8 | |
| Source: | Code function: | 4_2_36B05208 | |
| Source: | Code function: | 4_2_36B03268 | |
| Source: | Code function: | 4_2_36B0CBE7 | |
| Source: | Code function: | 4_2_36B043C8 | |
| Source: | Code function: | 4_2_36B03B18 | |
| Source: | Code function: | 4_2_36B08373 | |
| Source: | Code function: | 4_2_36B06368 | |
| Source: | Code function: | 4_2_36B07B4F | |
| Source: | Code function: | 4_2_36B04820 | |
| Source: | Code function: | 4_2_36B07070 | |
| Source: | Code function: | 4_2_36B01858 | |
| Source: | Code function: | 4_2_36B029B8 | |
| Source: | Code function: | 4_2_36B08193 | |
| Source: | Code function: | 4_2_36B0C92F | |
| Source: | Code function: | 4_2_36B02108 | |
| Source: | Code function: | 4_2_36B2E790 | |
| Source: | Code function: | 4_2_36B2F5A0 | |
| Source: | Code function: | 4_2_36B2F2DE | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_004052F3 | |
System Summary | |
|---|
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_004032A0 | |
| Source: | Code function: | 4_2_004032A0 | |
| Source: | Code function: | 0_2_00404B30 | |
| Source: | Code function: | 0_2_00407041 | |
| Source: | Code function: | 0_2_0040686A | |
| Source: | Code function: | 4_2_00407041 | |
| Source: | Code function: | 4_2_0040686A | |
| Source: | Code function: | 4_2_00404B30 | |
| Source: | Code function: | 4_2_00114328 | |
| Source: | Code function: | 4_2_001127B9 | |
| Source: | Code function: | 4_2_00118DA0 | |
| Source: | Code function: | 4_2_00115968 | |
| Source: | Code function: | 4_2_00115F90 | |
| Source: | Code function: | 4_2_00112DD1 | |
| Source: | Code function: | 4_2_36A57628 | |
| Source: | Code function: | 4_2_36A5C638 | |
| Source: | Code function: | 4_2_36A5CCA0 | |
| Source: | Code function: | 4_2_36A503AF | |
| Source: | Code function: | 4_2_36A5331A | |
| Source: | Code function: | 4_2_36A52130 | |
| Source: | Code function: | 4_2_36A56EA0 | |
| Source: | Code function: | 4_2_36A56E91 | |
| Source: | Code function: | 4_2_36A5DEE1 | |
| Source: | Code function: | 4_2_36A5E790 | |
| Source: | Code function: | 4_2_36A5CC91 | |
| Source: | Code function: | 4_2_36A5B4EC | |
| Source: | Code function: | 4_2_36A5BD88 | |
| Source: | Code function: | 4_2_36A5DA89 | |
| Source: | Code function: | 4_2_36A5AAEA | |
| Source: | Code function: | 4_2_36A5EBF7 | |
| Source: | Code function: | 4_2_36A5EBF2 | |
| Source: | Code function: | 4_2_36A5E339 | |
| Source: | Code function: | 4_2_36A5B07F | |
| Source: | Code function: | 4_2_36A5F042 | |
| Source: | Code function: | 4_2_36A57848 | |
| Source: | Code function: | 4_2_36A5C1F2 | |
| Source: | Code function: | 4_2_36A5B944 | |
| Source: | Code function: | 4_2_36B096C8 | |
| Source: | Code function: | 4_2_36B08650 | |
| Source: | Code function: | 4_2_36B0BDF0 | |
| Source: | Code function: | 4_2_36B09D10 | |
| Source: | Code function: | 4_2_36B0BA88 | |
| Source: | Code function: | 4_2_36B0A360 | |
| Source: | Code function: | 4_2_36B0A9B0 | |
| Source: | Code function: | 4_2_36B036B0 | |
| Source: | Code function: | 4_2_36B096B8 | |
| Source: | Code function: | 4_2_36B036C0 | |
| Source: | Code function: | 4_2_36B02E10 | |
| Source: | Code function: | 4_2_36B05660 | |
| Source: | Code function: | 4_2_36B05650 | |
| Source: | Code function: | 4_2_36B08640 | |
| Source: | Code function: | 4_2_36B067B0 | |
| Source: | Code function: | 4_2_36B00FA8 | |
| Source: | Code function: | 4_2_36B0AFF7 | |
| Source: | Code function: | 4_2_36B0AFF8 | |
| Source: | Code function: | 4_2_36B0AFE8 | |
| Source: | Code function: | 4_2_36B067C0 | |
| Source: | Code function: | 4_2_36B05F10 | |
| Source: | Code function: | 4_2_36B05F01 | |
| Source: | Code function: | 4_2_36B03F70 | |
| Source: | Code function: | 4_2_36B03F60 | |
| Source: | Code function: | 4_2_36B01CB0 | |
| Source: | Code function: | 4_2_36B074B8 | |
| Source: | Code function: | 4_2_36B01CA0 | |
| Source: | Code function: | 4_2_36B074C8 | |
| Source: | Code function: | 4_2_36B06C18 | |
| Source: | Code function: | 4_2_36B01400 | |
| Source: | Code function: | 4_2_36B06C09 | |
| Source: | Code function: | 4_2_36B04DB0 | |
| Source: | Code function: | 4_2_36B04DA0 | |
| Source: | Code function: | 4_2_36B09D00 | |
| Source: | Code function: | 4_2_36B02560 | |
| Source: | Code function: | 4_2_36B02550 | |
| Source: | Code function: | 4_2_36B05AB8 | |
| Source: | Code function: | 4_2_36B05AA8 | |
| Source: | Code function: | 4_2_36B0BA97 | |
| Source: | Code function: | 4_2_36B05207 | |
| Source: | Code function: | 4_2_36B05208 | |
| Source: | Code function: | 4_2_36B03268 | |
| Source: | Code function: | 4_2_36B043B9 | |
| Source: | Code function: | 4_2_36B013F0 | |
| Source: | Code function: | 4_2_36B043C8 | |
| Source: | Code function: | 4_2_36B03B18 | |
| Source: | Code function: | 4_2_36B03B08 | |
| Source: | Code function: | 4_2_36B06368 | |
| Source: | Code function: | 4_2_36B0A352 | |
| Source: | Code function: | 4_2_36B06358 | |
| Source: | Code function: | 4_2_36B07B4F | |
| Source: | Code function: | 4_2_36B04820 | |
| Source: | Code function: | 4_2_36B04810 | |
| Source: | Code function: | 4_2_36B07070 | |
| Source: | Code function: | 4_2_36B07061 | |
| Source: | Code function: | 4_2_36B01858 | |
| Source: | Code function: | 4_2_36B00040 | |
| Source: | Code function: | 4_2_36B01848 | |
| Source: | Code function: | 4_2_36B029B8 | |
| Source: | Code function: | 4_2_36B0A9A0 | |
| Source: | Code function: | 4_2_36B029A8 | |
| Source: | Code function: | 4_2_36B051F8 | |
| Source: | Code function: | 4_2_36B0F130 | |
| Source: | Code function: | 4_2_36B0F120 | |
| Source: | Code function: | 4_2_36B02108 | |
| Source: | Code function: | 4_2_36B2D6C1 | |
| Source: | Code function: | 4_2_36B2E790 | |
| Source: | Code function: | 4_2_36B28328 | |
| Source: | Code function: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_004032A0 | |
| Source: | Code function: | 4_2_004032A0 | |
| Source: | Code function: | 0_2_004045B4 | |
| Source: | Code function: | 0_2_00402095 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | LNK file: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | Code function: | 0_2_10001B18 | |
| Source: | Code function: | 0_2_10002E0E | |
| Source: | File created: | Jump to dropped file | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | API coverage: | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 0_2_00405846 | |
| Source: | Code function: | 0_2_004027FB | |
| Source: | Code function: | 0_2_00406398 | |
| Source: | Code function: | 4_2_00405846 | |
| Source: | Code function: | 4_2_004027FB | |
| Source: | Code function: | 4_2_00406398 | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-3943 | ||
| Source: | API call chain: | graph_0-3762 | ||
| Source: | Code function: | 0_2_10001B18 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00406077 | |
| Source: | Key value queried: | Jump to behavior | ||
Lowering of HIPS / PFW / Operating System Security Settings | |
|---|
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry key created or modified: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Access Token Manipulation | 1 Masquerading | 1 OS Credential Dumping | 21 Security Software Discovery | Remote Services | 1 Email Collection | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 11 Process Injection | 31 Disable or Modify Tools | LSASS Memory | 31 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 31 Virtualization/Sandbox Evasion | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | 1 Data from Local System | 1 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Access Token Manipulation | NTDS | 1 System Network Configuration Discovery | Distributed Component Object Model | 1 Clipboard Data | 3 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Process Injection | LSA Secrets | 2 File and Directory Discovery | SSH | Keylogging | 14 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Deobfuscate/Decode Files or Information | Cached Domain Credentials | 215 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 3 Obfuscated Files or Information | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 30% | Virustotal | Browse | ||
| 18% | ReversingLabs | Win32.Trojan.Generic |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| drive.google.com | 172.217.17.46 | true | false | high | |
| drive.usercontent.google.com | 172.217.17.65 | true | false | high | |
| reallyfreegeoip.org | 172.67.177.134 | true | false | high | |
| api.telegram.org | 149.154.167.220 | true | false | high | |
| checkip.dyndns.com | 158.101.44.242 | true | false | high | |
| checkip.dyndns.org | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
| 172.217.17.46 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
| 172.217.17.65 | drive.usercontent.google.com | United States | 15169 | GOOGLEUS | false | |
| 158.101.44.242 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false | |
| 172.67.177.134 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1577232 |
| Start date and time: | 2024-12-18 09:50:07 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 6m 51s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 6 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | RFQ December-January Forcast and TCL.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/8@5/5 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 4.245.163.56, 13.107.246.63
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 03:52:02 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 149.154.167.220 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | Can Stealer | Browse | |||
| Get hash | malicious | Can Stealer | Browse | |||
| Get hash | malicious | Arcane | Browse | |||
| Get hash | malicious | Arcane | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | Phemedrone Stealer | Browse | |||
| 158.101.44.242 | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| checkip.dyndns.com | Get hash | malicious | Snake Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| api.telegram.org | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Can Stealer | Browse |
| ||
| Get hash | malicious | Can Stealer | Browse |
| ||
| Get hash | malicious | Arcane | Browse |
| ||
| Get hash | malicious | Arcane | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Phemedrone Stealer | Browse |
| ||
| reallyfreegeoip.org | Get hash | malicious | Snake Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| TELEGRAMRU | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Can Stealer | Browse |
| ||
| Get hash | malicious | Can Stealer | Browse |
| ||
| Get hash | malicious | Arcane | Browse |
| ||
| Get hash | malicious | Arcane | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| ORACLE-BMC-31898US | Get hash | malicious | Mirai, Okiru | Browse |
| |
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | LummaC | Browse |
| |
| Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
| ||
| Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
| ||
| Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, RHADAMANTHYS, Xmrig | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, RHADAMANTHYS, Xmrig | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | Snake Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Phemedrone Stealer | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | PureCrypter, PureLog Stealer | Browse |
| |
| Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
| ||
| Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
| ||
| Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
| ||
| Get hash | malicious | PureCrypter, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Sliver | Browse |
| ||
| Get hash | malicious | Sliver | Browse |
| ||
| Get hash | malicious | PureLog Stealer, RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | ScreenConnect Tool | Browse |
| ||
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | NetSupport RAT | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mint Stealer | Browse |
| ||
| Get hash | malicious | Mint Stealer | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nskEAE7.tmp\System.dll | Get hash | malicious | GuLoader, MassLogger RAT | Browse | ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\Harlekinmnster.Sln
Download File
| Process: | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 296773 |
| Entropy (8bit): | 7.7553240459150565 |
| Encrypted: | false |
| SSDEEP: | 6144:l2Zvnfa6iZq6R5dP+Zsgwuh95zJGwThReXR7gh6cfT7yM0ox:aTiU6R5JEsw9BowNReXR7gtHDx |
| MD5: | BF152442F1F99452926CD94369F6B608 |
| SHA1: | 72CFE2D2596E73BDE8CA89350B9B0598C1BC6931 |
| SHA-256: | B1197715B329AD2AD85AD8B21648E20C05EA63DBC3E946DC84EB3B49D9D94975 |
| SHA-512: | 5CD5BBB7941ED267AE792AC28772073112F99BBC704F7931895ACA30BC827D0E16BDE4B406EC2805A3F7F2A3857D1B6170CBF946858A217F515484AE519EAE8F |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\Khans\Riprap43.gaw
Download File
| Process: | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 56641 |
| Entropy (8bit): | 1.2318917163845036 |
| Encrypted: | false |
| SSDEEP: | 384:vrBeaW6xu5Pd9GW0Zq+/HXF1qcGNMUd8phxiFQHOV7hpvZlq:t9+Pdop/306xixrlq |
| MD5: | 39C9A5F767D8C170B5CE38EA8D5734D4 |
| SHA1: | 4B4CA81EB3D093645B504004F62A269D4EACDECC |
| SHA-256: | 87A7017021050071DBE5726BF9AC505763CD923E2BDE93336CA0905802CD8D49 |
| SHA-512: | AE2D66B801251046FA4D3093391B916955B43BE75A954DD398583B1B8881A9F109F51F81D6E4FE759F83AC7B921FA89B02185013AFDE16D3C8EAB422BE89B4FF |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\Khans\Trabascolo.Mis
Download File
| Process: | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 137129 |
| Entropy (8bit): | 4.597202404090859 |
| Encrypted: | false |
| SSDEEP: | 1536:NppsEOCAUuOh8DuTKHFGWDpdrxDA60gWyYvquxtWGhTqbmIDaQyjhbIpbGtEz3rn:65hjDph1A6ia6UgTkmIDOeIEHn |
| MD5: | 786741C59B9C7924CDD5560A739C93FF |
| SHA1: | C10560B3BD57FB16D5B91D7BF4A31DC92ABA9BB7 |
| SHA-256: | D90ECEC37B6F392863FC12EC9A2248E71B6E8B3C7368A3DDAAA3E85D9BF7464D |
| SHA-512: | 65D1EDA5677F7142E8D0B3EC8F0FD0040FDC29B2D4311CA8AA971FEC653BCCF1C13B57DB492D259F33A0D65115CA2C2CCFA2680381E20A9FE325AFCE6AE2B469 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\Khans\forskansningens.txt
Download File
| Process: | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 345 |
| Entropy (8bit): | 4.241929841155785 |
| Encrypted: | false |
| SSDEEP: | 6:dvkdMOL4xnuXGNQWjMIDw1luhPB46xAJX7sBJOdkmLA8gMfArpIXbgOwQWiQJEEC:dufExIoDe1lYnGJLsBQdtL6rpIrWQkJA |
| MD5: | AE69FE0F4D1E1115BC470031E661785C |
| SHA1: | 8D3799826FE457C61C1E8EE5E3071683A8125BC5 |
| SHA-256: | 6B18768503395C809263568D3A8858810404C2B7D49DC7CB6CE5F717F5D6C7DE |
| SHA-512: | 969C0DB048EAC4A9B447A0C0C463A7983F1B4091B6206E274B9D249F8311439B6C33F5AA1EDF9CD1AA27502DA49378D3E1B45F16909C55DF830E51684E9648BE |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\Khans\fyldebtten.soi
Download File
| Process: | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 210366 |
| Entropy (8bit): | 1.240975322465592 |
| Encrypted: | false |
| SSDEEP: | 768:vBTwJOLxCIF0V6iLboHog6BQlsMqlN1R0pmGy30wbfq6+9GmlsNh34k0uJ/QohER:cJigyyDJnLH7zA |
| MD5: | AEF78D8D561E8802286A78AAC6C73ED6 |
| SHA1: | DDF5DA649482D0A553802827BB9F0EF64A7069E1 |
| SHA-256: | 45F24543C01C9A11CC2246A9B27569AF433EEF61C877A4E191B683315D3566BE |
| SHA-512: | 93D43C0CECADF8E1F507F8E58D2B4D92995D8F7ECF213A23559938B380033A6D0D80B0816A8D6603864F821F4FEDC988E0F79BE14C6892089178970E08DC4199 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\Khans\wildwestfilm.sto
Download File
| Process: | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 363811 |
| Entropy (8bit): | 1.2512349423386382 |
| Encrypted: | false |
| SSDEEP: | 768:y2f405GRYtnSLOBbyCociR2TVuEpHsVURGxwGmXjyMB+CtKDOgt9rlHF1QOs+9m5:pIuagbnK7CwVwFpYogwhUsvCq |
| MD5: | BFEA15C03AB295424981A73637A19491 |
| SHA1: | A5ADABDDC373D6B3004F96946D84B651E42D9F5C |
| SHA-256: | 83E9CE74259889DCABD39D41131F286882B224698DCDEB8D0B4074069AAA687B |
| SHA-512: | CB5969BFFAED8AF1791938E924E0CC9F876E45165F4E7EA5E9249131FACA831C0600F14BD68EF041D18C81A3FBE087970043D1B3B8A6786C1E5E5049834D4D0D |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11776 |
| Entropy (8bit): | 5.655335921632966 |
| Encrypted: | false |
| SSDEEP: | 192:eF24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol9Sl:h8QIl975eXqlWBrz7YLOl9 |
| MD5: | EE260C45E97B62A5E42F17460D406068 |
| SHA1: | DF35F6300A03C4D3D3BD69752574426296B78695 |
| SHA-256: | E94A1F7BCD7E0D532B660D0AF468EB3321536C3EFDCA265E61F9EC174B1AEF27 |
| SHA-512: | A98F350D17C9057F33E5847462A87D59CBF2AAEDA7F6299B0D49BB455E484CE4660C12D2EB8C4A0D21DF523E729222BBD6C820BF25B081BC7478152515B414B3 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1168 |
| Entropy (8bit): | 3.257626688482366 |
| Encrypted: | false |
| SSDEEP: | 12:8wl0asXowAOcQ/tz0/CSL6/cBnwgXl341DEDeG41DED9RKQ1olfW+kjcmAaqWuTE:8xLDWLrFPjPZ9izZMq0pdqy |
| MD5: | EB454D916DAD9C1F7A790D9D436B9F60 |
| SHA1: | D896E9721F7BB6EE69BC6C7F7A56A0B3F21D6941 |
| SHA-256: | AB81A39654327A619ECA7225313C5D446DCF54F829534FD1A61FAFF89EF4CE0B |
| SHA-512: | 6FDA2F6A12E1C036E7492EBD98164B01FFF9919A05C9152F317D72A024DE0222B1E85360ADB1C30E17D93C8E5C4A4D7E62F0E6CB5BDB15F401017F7A9A900085 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.966394496701673 |
| TrID: |
|
| File name: | RFQ December-January Forcast and TCL.exe |
| File size: | 501'968 bytes |
| MD5: | 65eea9949b624401ea78aaf28072ab3f |
| SHA1: | fbbe105c42a0ad822625a5242d854357f956886c |
| SHA256: | 32fb0b39f4243593925572e1ea32d1bd21e72a8c0022a12c6c8025da20b7ffb2 |
| SHA512: | e69ca3c97573d5a60b38b764ceadc37420ea069d6850bf5457463579341792dd72612c364af733ff97b08eee5ed2520fc258a0d0b451961deb733ef3deac0654 |
| SSDEEP: | 12288:I5A0bwojpe9Ic0h0mdkHApqk90HINf0s1nriyiu7Jj1JK8s5FEeKR:Z0sojp4IZhfqHApZOizgu7Jj1JiceY |
| TLSH: | 05B423109140E57BFA678B754D326AAF6ABF99054A34AF5F87242D0E3C31F93C43626C |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P..*_...P...P..NP..*_...P...s...P...V...P..Rich.P..........................PE..L......V.................d......... |
 | |
| Icon Hash: | 3d2e0f95332b3399 |
| Entrypoint: | 0x4032a0 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x567F847F [Sun Dec 27 06:26:07 2015 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | d4b94e8ee3f620a89d114b9da4b31873 |
| Instruction |
|---|
| sub esp, 000002D4h |
| push ebp |
| push esi |
| push 00000020h |
| xor ebp, ebp |
| pop esi |
| mov dword ptr [esp+0Ch], ebp |
| push 00008001h |
| mov dword ptr [esp+0Ch], 0040A300h |
| mov dword ptr [esp+18h], ebp |
| call dword ptr [004080B0h] |
| call dword ptr [004080ACh] |
| cmp ax, 00000006h |
| je 00007F435176D683h |
| push ebp |
| call 00007F43517707C6h |
| cmp eax, ebp |
| je 00007F435176D679h |
| push 00000C00h |
| call eax |
| push ebx |
| push edi |
| push 0040A2F4h |
| call 00007F4351770743h |
| push 0040A2ECh |
| call 00007F4351770739h |
| push 0040A2E0h |
| call 00007F435177072Fh |
| push 00000009h |
| call 00007F4351770794h |
| push 00000007h |
| call 00007F435177078Dh |
| mov dword ptr [00434F04h], eax |
| call dword ptr [00408044h] |
| push ebp |
| call dword ptr [004082A8h] |
| mov dword ptr [00434FB8h], eax |
| push ebp |
| lea eax, dword ptr [esp+34h] |
| push 000002B4h |
| push eax |
| push ebp |
| push 0042B228h |
| call dword ptr [0040818Ch] |
| push 0040A2C8h |
| push 00433F00h |
| call 00007F435177037Ah |
| call dword ptr [004080A8h] |
| mov ebx, 0043F000h |
| push eax |
| push ebx |
| call 00007F4351770368h |
| push ebp |
| call dword ptr [00408178h] |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x85c8 | 0xa0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5d000 | 0x11e0 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b8 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x637c | 0x6400 | 83ff228d6dae8dd738eb2f78afbc793f | False | 0.672421875 | data | 6.491609540807675 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8000 | 0x147c | 0x1600 | d9f9b0b330e238260616b62a7a3cac09 | False | 0.42933238636363635 | data | 4.973928345594701 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xa000 | 0x2aff8 | 0x600 | 3f2b05c8fbb8b2e4c9c89e93d30e7252 | False | 0.53125 | data | 4.133631086111171 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x35000 | 0x28000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x5d000 | 0x11e0 | 0x1200 | 20639f4e7c421f5379e2fb9ea4a1530d | False | 0.3684895833333333 | data | 4.485045860065118 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_BITMAP | 0x5d268 | 0x368 | Device independent bitmap graphic, 96 x 16 x 4, image size 768 | English | United States | 0.23623853211009174 |
| RT_ICON | 0x5d5d0 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | English | United States | 0.42473118279569894 |
| RT_DIALOG | 0x5d8b8 | 0x144 | data | English | United States | 0.5216049382716049 |
| RT_DIALOG | 0x5da00 | 0x13c | data | English | United States | 0.5506329113924051 |
| RT_DIALOG | 0x5db40 | 0x100 | data | English | United States | 0.5234375 |
| RT_DIALOG | 0x5dc40 | 0x11c | data | English | United States | 0.6056338028169014 |
| RT_DIALOG | 0x5dd60 | 0xc4 | data | English | United States | 0.5918367346938775 |
| RT_DIALOG | 0x5de28 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0x5de88 | 0x14 | data | English | United States | 1.2 |
| RT_MANIFEST | 0x5dea0 | 0x33f | XML 1.0 document, ASCII text, with very long lines (831), with no line terminators | English | United States | 0.5547533092659447 |
| DLL | Import |
|---|---|
| KERNEL32.dll | SetCurrentDirectoryW, GetFileAttributesW, GetFullPathNameW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, MoveFileW, SetFileAttributesW, GetCurrentProcess, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, CopyFileW, CompareFileTime, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, lstrcpyW, MoveFileExW, lstrcatW, GetSystemDirectoryW, LoadLibraryW, GetProcAddress, GetModuleHandleA, ExpandEnvironmentStringsW, GetShortPathNameW, SearchPathW, lstrcmpiW, SetFileTime, CloseHandle, GlobalFree, lstrcmpW, GlobalAlloc, WaitForSingleObject, GlobalUnlock, GetDiskFreeSpaceW, GetExitCodeProcess, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, lstrlenA, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW |
| USER32.dll | GetSystemMenu, SetClassLongW, IsWindowEnabled, EnableMenuItem, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, wsprintfW, ScreenToClient, GetWindowRect, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, GetDC, SetWindowTextW, PostQuitMessage, ShowWindow, GetDlgItem, IsWindow, LoadImageW, SetWindowLongW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, SetTimer, FindWindowExW, SendMessageTimeoutW, SetForegroundWindow |
| GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
| SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW |
| ADVAPI32.dll | RegDeleteKeyW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW, RegEnumValueW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
| COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
| ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-18T09:51:47.011616+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.4 | 49736 | 172.217.17.46 | 443 | TCP |
| 2024-12-18T09:51:54.919930+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.4 | 49738 | 158.101.44.242 | 80 | TCP |
| 2024-12-18T09:52:03.732495+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.4 | 49738 | 158.101.44.242 | 80 | TCP |
| 2024-12-18T09:52:05.808790+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49752 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:07.373361+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.4 | 49757 | 158.101.44.242 | 80 | TCP |
| 2024-12-18T09:52:09.325974+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49758 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:12.665699+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49769 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:16.296271+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49777 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:19.981105+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49788 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:23.826079+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49800 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:27.776272+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49812 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:31.173451+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49819 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:34.620820+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49831 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:38.101320+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49843 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:41.586605+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49850 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:44.961373+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49862 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:48.314478+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49869 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:51.698398+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49881 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:55.057064+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49889 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:52:59.049907+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49900 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:53:02.514487+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49912 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:53:06.047224+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49920 | 149.154.167.220 | 443 | TCP |
| 2024-12-18T09:53:09.391789+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49931 | 149.154.167.220 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 18, 2024 09:51:44.270340919 CET | 49736 | 443 | 192.168.2.4 | 172.217.17.46 |
| Dec 18, 2024 09:51:44.270371914 CET | 443 | 49736 | 172.217.17.46 | 192.168.2.4 |
| Dec 18, 2024 09:51:44.270462990 CET | 49736 | 443 | 192.168.2.4 | 172.217.17.46 |
| Dec 18, 2024 09:51:44.291533947 CET | 49736 | 443 | 192.168.2.4 | 172.217.17.46 |
| Dec 18, 2024 09:51:44.291551113 CET | 443 | 49736 | 172.217.17.46 | 192.168.2.4 |
| Dec 18, 2024 09:51:45.983880997 CET | 443 | 49736 | 172.217.17.46 | 192.168.2.4 |
| Dec 18, 2024 09:51:45.983963966 CET | 49736 | 443 | 192.168.2.4 | 172.217.17.46 |
| Dec 18, 2024 09:51:45.984982014 CET | 443 | 49736 | 172.217.17.46 | 192.168.2.4 |
| Dec 18, 2024 09:51:45.985058069 CET | 49736 | 443 | 192.168.2.4 | 172.217.17.46 |
| Dec 18, 2024 09:51:46.281352997 CET | 49736 | 443 | 192.168.2.4 | 172.217.17.46 |
| Dec 18, 2024 09:51:46.281369925 CET | 443 | 49736 | 172.217.17.46 | 192.168.2.4 |
| Dec 18, 2024 09:51:46.281827927 CET | 443 | 49736 | 172.217.17.46 | 192.168.2.4 |
| Dec 18, 2024 09:51:46.285278082 CET | 49736 | 443 | 192.168.2.4 | 172.217.17.46 |
| Dec 18, 2024 09:51:46.289884090 CET | 49736 | 443 | 192.168.2.4 | 172.217.17.46 |
| Dec 18, 2024 09:51:46.331330061 CET | 443 | 49736 | 172.217.17.46 | 192.168.2.4 |
| Dec 18, 2024 09:51:47.011548996 CET | 443 | 49736 | 172.217.17.46 | 192.168.2.4 |
| Dec 18, 2024 09:51:47.011610031 CET | 49736 | 443 | 192.168.2.4 | 172.217.17.46 |
| Dec 18, 2024 09:51:47.011630058 CET | 443 | 49736 | 172.217.17.46 | 192.168.2.4 |
| Dec 18, 2024 09:51:47.011677027 CET | 49736 | 443 | 192.168.2.4 | 172.217.17.46 |
| Dec 18, 2024 09:51:47.011774063 CET | 49736 | 443 | 192.168.2.4 | 172.217.17.46 |
| Dec 18, 2024 09:51:47.011818886 CET | 443 | 49736 | 172.217.17.46 | 192.168.2.4 |
| Dec 18, 2024 09:51:47.011867046 CET | 49736 | 443 | 192.168.2.4 | 172.217.17.46 |
| Dec 18, 2024 09:51:47.265336990 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:47.265383959 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:47.265455008 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:47.265738964 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:47.265753031 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:48.966967106 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:48.967056990 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:48.979568005 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:48.979618073 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:48.980293989 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:48.980381966 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:48.983793020 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:49.031335115 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:51.834207058 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:51.834304094 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:51.848018885 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:51.848104000 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:51.952724934 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:51.952825069 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:51.952919960 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:51.953005075 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:51.956739902 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:51.956790924 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.023227930 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.023317099 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.027128935 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.027194977 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.027215004 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.027272940 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.033428907 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.033497095 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.040791035 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.040858030 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.042254925 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.042318106 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.050091982 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.050162077 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.054198027 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.054260015 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.059638977 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.059705973 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.067898989 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.067965031 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.071839094 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.071901083 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.081917048 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.081979990 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.084597111 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.084690094 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.095983982 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.096183062 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.098651886 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.098727942 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.109029055 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.109321117 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.112293005 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.112374067 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.122765064 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.122963905 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.125560999 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.125649929 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.136241913 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.136301994 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.143277884 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.143349886 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.152822018 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.152896881 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.152909994 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.152956963 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.164948940 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.165020943 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.190167904 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.190361023 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.190424919 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.190500021 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.214386940 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.214579105 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.214641094 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.214934111 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.216676950 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.216861010 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.219568014 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.219765902 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.219796896 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.219865084 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.226336956 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.226402998 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.226485014 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.226546049 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.238176107 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.238249063 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.239475012 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.239574909 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.239636898 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.239711046 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.249038935 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.249119043 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.249175072 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.249237061 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.259852886 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.260157108 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.260220051 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.260291100 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.270275116 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.270464897 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.270478964 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.270545006 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.280153036 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.280217886 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.280303955 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.280369043 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.290436983 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.290501118 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.290537119 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.290595055 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.300390005 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.300561905 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.300622940 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.300920963 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.310507059 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.310723066 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.310786009 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.310859919 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.320852995 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.320938110 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.321010113 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.321188927 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.330214024 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.330395937 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.330975056 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.331135035 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.339201927 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.339266062 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.339339018 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.339400053 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.348210096 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.348278046 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.348295927 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.348370075 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.356964111 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.357053041 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.357083082 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.357146025 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.357161999 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.357218027 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.358258963 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.358341932 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.358376026 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.358464003 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.358545065 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 18, 2024 09:51:52.720832109 CET | 49738 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:51:52.840454102 CET | 80 | 49738 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.840682030 CET | 49738 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:51:52.841017008 CET | 49738 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:51:52.960481882 CET | 80 | 49738 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:51:54.497431993 CET | 80 | 49738 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:51:54.503520966 CET | 49738 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:51:54.623179913 CET | 80 | 49738 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:51:54.875744104 CET | 80 | 49738 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:51:54.919929981 CET | 49738 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:51:55.416953087 CET | 49739 | 443 | 192.168.2.4 | 172.67.177.134 |
| Dec 18, 2024 09:51:55.416994095 CET | 443 | 49739 | 172.67.177.134 | 192.168.2.4 |
| Dec 18, 2024 09:51:55.417062044 CET | 49739 | 443 | 192.168.2.4 | 172.67.177.134 |
| Dec 18, 2024 09:51:55.421114922 CET | 49739 | 443 | 192.168.2.4 | 172.67.177.134 |
| Dec 18, 2024 09:51:55.421128035 CET | 443 | 49739 | 172.67.177.134 | 192.168.2.4 |
| Dec 18, 2024 09:51:56.645708084 CET | 443 | 49739 | 172.67.177.134 | 192.168.2.4 |
| Dec 18, 2024 09:51:56.645787001 CET | 49739 | 443 | 192.168.2.4 | 172.67.177.134 |
| Dec 18, 2024 09:51:56.648957968 CET | 49739 | 443 | 192.168.2.4 | 172.67.177.134 |
| Dec 18, 2024 09:51:56.648967028 CET | 443 | 49739 | 172.67.177.134 | 192.168.2.4 |
| Dec 18, 2024 09:51:56.649414062 CET | 443 | 49739 | 172.67.177.134 | 192.168.2.4 |
| Dec 18, 2024 09:51:56.653086901 CET | 49739 | 443 | 192.168.2.4 | 172.67.177.134 |
| Dec 18, 2024 09:51:56.695374012 CET | 443 | 49739 | 172.67.177.134 | 192.168.2.4 |
| Dec 18, 2024 09:51:57.078752041 CET | 443 | 49739 | 172.67.177.134 | 192.168.2.4 |
| Dec 18, 2024 09:51:57.078912973 CET | 443 | 49739 | 172.67.177.134 | 192.168.2.4 |
| Dec 18, 2024 09:51:57.078973055 CET | 49739 | 443 | 192.168.2.4 | 172.67.177.134 |
| Dec 18, 2024 09:51:57.102857113 CET | 49739 | 443 | 192.168.2.4 | 172.67.177.134 |
| Dec 18, 2024 09:52:02.758761883 CET | 49738 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:02.878340960 CET | 80 | 49738 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:03.677910089 CET | 80 | 49738 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:03.732495070 CET | 49738 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:03.819334030 CET | 49752 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:03.819375992 CET | 443 | 49752 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:03.819448948 CET | 49752 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:03.819968939 CET | 49752 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:03.819987059 CET | 443 | 49752 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:05.179444075 CET | 443 | 49752 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:05.179518938 CET | 49752 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:05.192738056 CET | 49752 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:05.192750931 CET | 443 | 49752 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:05.193025112 CET | 443 | 49752 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:05.203378916 CET | 49752 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:05.247328997 CET | 443 | 49752 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:05.248632908 CET | 49752 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:05.248637915 CET | 443 | 49752 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:05.808779001 CET | 443 | 49752 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:05.808887959 CET | 443 | 49752 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:05.808938026 CET | 49752 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:05.809272051 CET | 49752 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:06.007378101 CET | 49738 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:06.008771896 CET | 49757 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:06.127540112 CET | 80 | 49738 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:06.127664089 CET | 49738 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:06.128264904 CET | 80 | 49757 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:06.128345013 CET | 49757 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:06.128499031 CET | 49757 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:06.248857975 CET | 80 | 49757 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:07.328689098 CET | 80 | 49757 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:07.329874992 CET | 49758 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:07.329904079 CET | 443 | 49758 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:07.329968929 CET | 49758 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:07.330523968 CET | 49758 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:07.330535889 CET | 443 | 49758 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:07.373361111 CET | 49757 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:08.691282034 CET | 443 | 49758 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:08.692854881 CET | 49758 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:08.692867994 CET | 443 | 49758 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:08.692924023 CET | 49758 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:08.692931890 CET | 443 | 49758 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:09.326138973 CET | 443 | 49758 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:09.326340914 CET | 443 | 49758 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:09.326539040 CET | 49758 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:09.326863050 CET | 49758 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:09.358577967 CET | 49763 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:09.478122950 CET | 80 | 49763 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:09.478343964 CET | 49763 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:09.478343964 CET | 49763 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:09.598937035 CET | 80 | 49763 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:10.678323984 CET | 80 | 49763 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:10.679742098 CET | 49769 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:10.679852009 CET | 443 | 49769 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:10.680107117 CET | 49769 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:10.680491924 CET | 49769 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:10.680529118 CET | 443 | 49769 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:10.732707977 CET | 49763 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:12.041467905 CET | 443 | 49769 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:12.043730021 CET | 49769 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:12.043796062 CET | 443 | 49769 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:12.043879032 CET | 49769 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:12.043894053 CET | 443 | 49769 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:12.665818930 CET | 443 | 49769 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:12.666013956 CET | 443 | 49769 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:12.666104078 CET | 49769 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:12.666341066 CET | 49769 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:12.778105021 CET | 49763 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:12.778599024 CET | 49775 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:12.899367094 CET | 80 | 49763 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:12.899458885 CET | 80 | 49775 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:12.899482965 CET | 49763 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:12.899549961 CET | 49775 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:12.899662971 CET | 49775 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:13.019123077 CET | 80 | 49775 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:14.101454973 CET | 80 | 49775 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:14.103673935 CET | 49777 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:14.103708982 CET | 443 | 49777 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:14.103785038 CET | 49777 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:14.103988886 CET | 49777 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:14.104006052 CET | 443 | 49777 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:14.154375076 CET | 49775 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:15.466722965 CET | 443 | 49777 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:15.473031044 CET | 49777 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:15.473048925 CET | 443 | 49777 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:15.473099947 CET | 49777 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:15.473110914 CET | 443 | 49777 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:16.296406984 CET | 443 | 49777 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:16.296608925 CET | 443 | 49777 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:16.296659946 CET | 49777 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:16.296960115 CET | 49777 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:16.317152977 CET | 49775 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:16.317732096 CET | 49783 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:16.437355995 CET | 80 | 49775 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:16.437424898 CET | 80 | 49783 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:16.437453032 CET | 49775 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:16.437489033 CET | 49783 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:16.437601089 CET | 49783 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:16.557118893 CET | 80 | 49783 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:18.055922031 CET | 80 | 49783 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:18.057611942 CET | 49788 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:18.057715893 CET | 443 | 49788 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:18.057813883 CET | 49788 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:18.058098078 CET | 49788 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:18.058139086 CET | 443 | 49788 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:18.107712984 CET | 49783 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:19.422358990 CET | 443 | 49788 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:19.423902035 CET | 49788 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:19.423979044 CET | 443 | 49788 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:19.424150944 CET | 49788 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:19.424169064 CET | 443 | 49788 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:19.981221914 CET | 443 | 49788 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:19.981403112 CET | 443 | 49788 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:19.981482983 CET | 49788 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:19.981939077 CET | 49788 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:20.003865004 CET | 49783 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:20.004488945 CET | 49794 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:20.123945951 CET | 80 | 49783 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:20.124036074 CET | 80 | 49794 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:20.124135017 CET | 49783 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:20.124146938 CET | 49794 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:20.124254942 CET | 49794 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:20.243772984 CET | 80 | 49794 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:21.787307978 CET | 80 | 49794 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:21.788502932 CET | 49800 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:21.788595915 CET | 443 | 49800 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:21.788676023 CET | 49800 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:21.788928032 CET | 49800 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:21.788964033 CET | 443 | 49800 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:21.841994047 CET | 49794 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:23.150466919 CET | 443 | 49800 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:23.152019024 CET | 49800 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:23.152102947 CET | 443 | 49800 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:23.152179003 CET | 49800 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:23.152194023 CET | 443 | 49800 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:23.826190948 CET | 443 | 49800 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:23.826370001 CET | 443 | 49800 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:23.826466084 CET | 49800 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:23.826827049 CET | 49800 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:23.848823071 CET | 49794 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:23.849862099 CET | 49806 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:23.968764067 CET | 80 | 49794 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:23.968827009 CET | 49794 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:23.969445944 CET | 80 | 49806 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:23.969523907 CET | 49806 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:23.969630957 CET | 49806 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:24.089133024 CET | 80 | 49806 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:25.762916088 CET | 80 | 49806 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:25.764672041 CET | 49812 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:25.764697075 CET | 443 | 49812 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:25.769392014 CET | 49812 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:25.769666910 CET | 49812 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:25.769680977 CET | 443 | 49812 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:25.810657978 CET | 49806 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:27.130356073 CET | 443 | 49812 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:27.132030964 CET | 49812 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:27.132040977 CET | 443 | 49812 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:27.132086039 CET | 49812 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:27.132093906 CET | 443 | 49812 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:27.776386023 CET | 443 | 49812 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:27.776583910 CET | 443 | 49812 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:27.776648998 CET | 49812 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:27.776906013 CET | 49812 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:27.794722080 CET | 49806 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:27.795830965 CET | 49818 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:27.914753914 CET | 80 | 49806 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:27.914850950 CET | 49806 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:27.915421963 CET | 80 | 49818 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:27.915642977 CET | 49818 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:27.915771961 CET | 49818 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:28.164829969 CET | 80 | 49818 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:29.121165037 CET | 80 | 49818 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:29.127120972 CET | 49819 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:29.127198935 CET | 443 | 49819 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:29.127270937 CET | 49819 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:29.131175995 CET | 49819 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:29.131211996 CET | 443 | 49819 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:29.170034885 CET | 49818 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:30.490808010 CET | 443 | 49819 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:30.492400885 CET | 49819 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:30.492425919 CET | 443 | 49819 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:30.492479086 CET | 49819 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:30.492490053 CET | 443 | 49819 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:31.173569918 CET | 443 | 49819 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:31.173767090 CET | 443 | 49819 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:31.173851967 CET | 49819 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:31.174037933 CET | 49819 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:31.199358940 CET | 49818 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:31.200084925 CET | 49825 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:31.319278002 CET | 80 | 49818 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:31.319380045 CET | 49818 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:31.319698095 CET | 80 | 49825 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:31.319777966 CET | 49825 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:31.319883108 CET | 49825 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:31.439415932 CET | 80 | 49825 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:32.536601067 CET | 80 | 49825 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:32.537874937 CET | 49831 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:32.537975073 CET | 443 | 49831 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:32.538072109 CET | 49831 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:32.538301945 CET | 49831 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:32.538333893 CET | 443 | 49831 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:32.576301098 CET | 49825 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:33.907080889 CET | 443 | 49831 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:33.908759117 CET | 49831 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:33.908807039 CET | 443 | 49831 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:33.908890963 CET | 49831 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:33.908912897 CET | 443 | 49831 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:34.620850086 CET | 443 | 49831 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:34.620937109 CET | 443 | 49831 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:34.621073008 CET | 49831 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:34.621413946 CET | 49831 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:34.644675016 CET | 49825 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:34.646018982 CET | 49837 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:34.764703035 CET | 80 | 49825 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:34.764828920 CET | 49825 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:34.765626907 CET | 80 | 49837 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:34.765716076 CET | 49837 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:34.765850067 CET | 49837 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:34.885350943 CET | 80 | 49837 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:35.967087030 CET | 80 | 49837 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:35.968192101 CET | 49843 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:35.968283892 CET | 443 | 49843 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:35.968379021 CET | 49843 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:35.968622923 CET | 49843 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:35.968660116 CET | 443 | 49843 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:36.013808012 CET | 49837 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:37.332284927 CET | 443 | 49843 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:37.333832026 CET | 49843 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:37.333918095 CET | 443 | 49843 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:37.334008932 CET | 49843 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:37.334032059 CET | 443 | 49843 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:38.101340055 CET | 443 | 49843 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:38.101530075 CET | 443 | 49843 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:38.101589918 CET | 49843 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:38.101792097 CET | 49843 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:38.140476942 CET | 49837 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:38.141376972 CET | 49849 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:38.260708094 CET | 80 | 49837 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:38.260812998 CET | 49837 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:38.260904074 CET | 80 | 49849 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:38.260988951 CET | 49849 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:38.261204004 CET | 49849 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:38.380794048 CET | 80 | 49849 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:39.591249943 CET | 80 | 49849 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:39.592856884 CET | 49850 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:39.592952013 CET | 443 | 49850 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:39.593030930 CET | 49850 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:39.593453884 CET | 49850 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:39.593497038 CET | 443 | 49850 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:39.638814926 CET | 49849 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:40.960079908 CET | 443 | 49850 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:40.964373112 CET | 49850 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:40.964411020 CET | 443 | 49850 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:40.964483976 CET | 49850 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:40.964500904 CET | 443 | 49850 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:41.586654902 CET | 443 | 49850 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:41.586741924 CET | 443 | 49850 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:41.586812019 CET | 49850 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:41.587157965 CET | 49850 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:41.608697891 CET | 49849 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:41.609642029 CET | 49856 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:41.728961945 CET | 80 | 49849 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:41.729054928 CET | 49849 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:41.729183912 CET | 80 | 49856 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:41.729260921 CET | 49856 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:41.729394913 CET | 49856 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:41.848864079 CET | 80 | 49856 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:42.930677891 CET | 80 | 49856 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:42.932022095 CET | 49862 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:42.932040930 CET | 443 | 49862 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:42.932118893 CET | 49862 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:42.932351112 CET | 49862 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:42.932367086 CET | 443 | 49862 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:42.982572079 CET | 49856 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:44.330214024 CET | 443 | 49862 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:44.332461119 CET | 49862 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:44.332487106 CET | 443 | 49862 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:44.332554102 CET | 49862 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:44.332562923 CET | 443 | 49862 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:44.961417913 CET | 443 | 49862 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:44.961512089 CET | 443 | 49862 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:44.961579084 CET | 49862 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:44.961916924 CET | 49862 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:44.985197067 CET | 49856 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:44.986459017 CET | 49868 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:45.105436087 CET | 80 | 49856 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:45.105493069 CET | 49856 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:45.105938911 CET | 80 | 49868 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:45.106018066 CET | 49868 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:45.106144905 CET | 49868 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:45.225987911 CET | 80 | 49868 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:46.306411982 CET | 80 | 49868 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:46.307641029 CET | 49869 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:46.307689905 CET | 443 | 49869 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:46.307780981 CET | 49869 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:46.308005095 CET | 49869 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:46.308036089 CET | 443 | 49869 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:46.357590914 CET | 49868 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:47.669991016 CET | 443 | 49869 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:47.672173977 CET | 49869 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:47.672205925 CET | 443 | 49869 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:47.672297955 CET | 49869 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:47.672311068 CET | 443 | 49869 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:48.314515114 CET | 443 | 49869 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:48.314815044 CET | 443 | 49869 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:48.315136909 CET | 49869 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:48.315557957 CET | 49869 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:48.361321926 CET | 49868 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:48.362658978 CET | 49875 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:48.481379032 CET | 80 | 49868 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:48.482132912 CET | 80 | 49875 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:48.482232094 CET | 49868 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:48.482269049 CET | 49875 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:48.482367039 CET | 49875 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:48.601850986 CET | 80 | 49875 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:49.681303978 CET | 80 | 49875 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:49.686981916 CET | 49881 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:49.687030077 CET | 443 | 49881 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:49.687222958 CET | 49881 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:49.690995932 CET | 49881 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:49.691014051 CET | 443 | 49881 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:49.732666016 CET | 49875 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:51.055653095 CET | 443 | 49881 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:51.057159901 CET | 49881 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:51.057174921 CET | 443 | 49881 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:51.057228088 CET | 49881 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:51.057249069 CET | 443 | 49881 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:51.698477030 CET | 443 | 49881 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:51.698761940 CET | 443 | 49881 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:51.698941946 CET | 49881 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:51.699182987 CET | 49881 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:51.723835945 CET | 49875 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:51.724925995 CET | 49887 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:51.844527960 CET | 80 | 49887 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:51.844620943 CET | 49887 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:51.844710112 CET | 49887 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:51.852025032 CET | 80 | 49875 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:51.852092028 CET | 49875 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:51.964287996 CET | 80 | 49887 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:53.042521954 CET | 80 | 49887 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:53.046677113 CET | 49889 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:53.046727896 CET | 443 | 49889 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:53.046804905 CET | 49889 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:53.047123909 CET | 49889 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:53.047141075 CET | 443 | 49889 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:53.092046976 CET | 49887 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:54.405947924 CET | 443 | 49889 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:54.407435894 CET | 49889 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:54.407471895 CET | 443 | 49889 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:54.407613039 CET | 49889 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:54.407619953 CET | 443 | 49889 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:55.057032108 CET | 443 | 49889 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:55.057225943 CET | 443 | 49889 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:55.057281017 CET | 49889 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:55.058763027 CET | 49889 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:55.265938997 CET | 49887 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:55.267616987 CET | 49895 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:55.387012959 CET | 80 | 49887 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:55.387069941 CET | 49887 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:55.388365984 CET | 80 | 49895 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:55.388442039 CET | 49895 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:55.388598919 CET | 49895 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:55.508068085 CET | 80 | 49895 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:57.016340971 CET | 80 | 49895 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:57.017498016 CET | 49900 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:57.017544985 CET | 443 | 49900 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:57.017623901 CET | 49900 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:57.017890930 CET | 49900 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:57.017908096 CET | 443 | 49900 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:57.060726881 CET | 49895 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:58.380543947 CET | 443 | 49900 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:58.382185936 CET | 49900 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:58.382219076 CET | 443 | 49900 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:58.382277012 CET | 49900 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:58.382287979 CET | 443 | 49900 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:59.050038099 CET | 443 | 49900 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:59.050221920 CET | 443 | 49900 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:52:59.050394058 CET | 49900 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:59.050551891 CET | 49900 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:52:59.071809053 CET | 49895 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:59.072668076 CET | 49906 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:59.191674948 CET | 80 | 49895 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:59.191946983 CET | 49895 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:59.192181110 CET | 80 | 49906 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:52:59.192245007 CET | 49906 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:59.192332029 CET | 49906 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:52:59.311748028 CET | 80 | 49906 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:53:00.438339949 CET | 80 | 49906 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:53:00.439335108 CET | 49912 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:53:00.439369917 CET | 443 | 49912 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:53:00.439429045 CET | 49912 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:53:00.439652920 CET | 49912 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:53:00.439667940 CET | 443 | 49912 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:53:00.482594967 CET | 49906 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:53:01.804485083 CET | 443 | 49912 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:53:01.808728933 CET | 49912 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:53:01.808760881 CET | 443 | 49912 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:53:01.808809996 CET | 49912 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:53:01.808819056 CET | 443 | 49912 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:53:02.514492989 CET | 443 | 49912 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:53:02.514569998 CET | 443 | 49912 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:53:02.514617920 CET | 49912 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:53:02.514988899 CET | 49912 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:53:02.533278942 CET | 49906 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:53:02.534424067 CET | 49918 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:53:02.653413057 CET | 80 | 49906 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:53:02.653484106 CET | 49906 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:53:02.653996944 CET | 80 | 49918 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:53:02.654079914 CET | 49918 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:53:02.654170990 CET | 49918 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:53:02.773752928 CET | 80 | 49918 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:53:03.855438948 CET | 80 | 49918 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:53:03.856560946 CET | 49920 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:53:03.856583118 CET | 443 | 49920 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:53:03.856698990 CET | 49920 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:53:03.856936932 CET | 49920 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:53:03.856949091 CET | 443 | 49920 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:53:03.904493093 CET | 49918 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:53:05.218477964 CET | 443 | 49920 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:53:05.220246077 CET | 49920 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:53:05.220263958 CET | 443 | 49920 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:53:05.220411062 CET | 49920 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:53:05.220422983 CET | 443 | 49920 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:53:06.047341108 CET | 443 | 49920 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:53:06.047532082 CET | 443 | 49920 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:53:06.047600985 CET | 49920 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:53:06.048054934 CET | 49920 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:53:06.067146063 CET | 49918 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:53:06.068330050 CET | 49926 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:53:06.187036037 CET | 80 | 49918 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:53:06.187496901 CET | 49918 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:53:06.187810898 CET | 80 | 49926 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:53:06.187876940 CET | 49926 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:53:06.187999010 CET | 49926 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:53:06.307420969 CET | 80 | 49926 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:53:07.397157907 CET | 80 | 49926 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:53:07.398750067 CET | 49931 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:53:07.398819923 CET | 443 | 49931 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:53:07.398891926 CET | 49931 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:53:07.399235010 CET | 49931 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:53:07.399264097 CET | 443 | 49931 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:53:07.451370001 CET | 49926 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:53:08.764087915 CET | 443 | 49931 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:53:08.765867949 CET | 49931 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:53:08.765918016 CET | 443 | 49931 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:53:08.766011953 CET | 49931 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:53:08.766033888 CET | 443 | 49931 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:53:09.391886950 CET | 443 | 49931 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:53:09.392096043 CET | 443 | 49931 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:53:09.392369032 CET | 49931 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:53:09.392488003 CET | 49931 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:53:09.415263891 CET | 49926 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:53:09.416321993 CET | 49937 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:53:09.535228968 CET | 80 | 49926 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:53:09.535291910 CET | 49926 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:53:09.535878897 CET | 80 | 49937 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:53:09.535953045 CET | 49937 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:53:11.861773014 CET | 49937 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:53:11.981956959 CET | 80 | 49937 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:53:12.269438028 CET | 80 | 49937 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:53:12.270621061 CET | 49943 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:53:12.270719051 CET | 443 | 49943 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:53:12.270920038 CET | 49943 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:53:12.271219015 CET | 49943 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 18, 2024 09:53:12.271258116 CET | 443 | 49943 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:53:12.310755968 CET | 49937 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:53:12.335921049 CET | 80 | 49757 | 158.101.44.242 | 192.168.2.4 |
| Dec 18, 2024 09:53:12.336038113 CET | 49757 | 80 | 192.168.2.4 | 158.101.44.242 |
| Dec 18, 2024 09:53:13.630956888 CET | 443 | 49943 | 149.154.167.220 | 192.168.2.4 |
| Dec 18, 2024 09:53:13.685834885 CET | 49943 | 443 | 192.168.2.4 | 149.154.167.220 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 18, 2024 09:51:44.117942095 CET | 64389 | 53 | 192.168.2.4 | 1.1.1.1 |
| Dec 18, 2024 09:51:44.255420923 CET | 53 | 64389 | 1.1.1.1 | 192.168.2.4 |
| Dec 18, 2024 09:51:47.026025057 CET | 50709 | 53 | 192.168.2.4 | 1.1.1.1 |
| Dec 18, 2024 09:51:47.264393091 CET | 53 | 50709 | 1.1.1.1 | 192.168.2.4 |
| Dec 18, 2024 09:51:52.570457935 CET | 54746 | 53 | 192.168.2.4 | 1.1.1.1 |
| Dec 18, 2024 09:51:52.707284927 CET | 53 | 54746 | 1.1.1.1 | 192.168.2.4 |
| Dec 18, 2024 09:51:55.089297056 CET | 57088 | 53 | 192.168.2.4 | 1.1.1.1 |
| Dec 18, 2024 09:51:55.416214943 CET | 53 | 57088 | 1.1.1.1 | 192.168.2.4 |
| Dec 18, 2024 09:52:03.681749105 CET | 64347 | 53 | 192.168.2.4 | 1.1.1.1 |
| Dec 18, 2024 09:52:03.818588018 CET | 53 | 64347 | 1.1.1.1 | 192.168.2.4 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Dec 18, 2024 09:51:44.117942095 CET | 192.168.2.4 | 1.1.1.1 | 0x669a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 18, 2024 09:51:47.026025057 CET | 192.168.2.4 | 1.1.1.1 | 0x62ea | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 18, 2024 09:51:52.570457935 CET | 192.168.2.4 | 1.1.1.1 | 0xc655 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 18, 2024 09:51:55.089297056 CET | 192.168.2.4 | 1.1.1.1 | 0x8a89 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 18, 2024 09:52:03.681749105 CET | 192.168.2.4 | 1.1.1.1 | 0x41c9 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Dec 18, 2024 09:51:44.255420923 CET | 1.1.1.1 | 192.168.2.4 | 0x669a | No error (0) | 172.217.17.46 | A (IP address) | IN (0x0001) | false | ||
| Dec 18, 2024 09:51:47.264393091 CET | 1.1.1.1 | 192.168.2.4 | 0x62ea | No error (0) | 172.217.17.65 | A (IP address) | IN (0x0001) | false | ||
| Dec 18, 2024 09:51:52.707284927 CET | 1.1.1.1 | 192.168.2.4 | 0xc655 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Dec 18, 2024 09:51:52.707284927 CET | 1.1.1.1 | 192.168.2.4 | 0xc655 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Dec 18, 2024 09:51:52.707284927 CET | 1.1.1.1 | 192.168.2.4 | 0xc655 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Dec 18, 2024 09:51:52.707284927 CET | 1.1.1.1 | 192.168.2.4 | 0xc655 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Dec 18, 2024 09:51:52.707284927 CET | 1.1.1.1 | 192.168.2.4 | 0xc655 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
| Dec 18, 2024 09:51:52.707284927 CET | 1.1.1.1 | 192.168.2.4 | 0xc655 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
| Dec 18, 2024 09:51:55.416214943 CET | 1.1.1.1 | 192.168.2.4 | 0x8a89 | No error (0) | 172.67.177.134 | A (IP address) | IN (0x0001) | false | ||
| Dec 18, 2024 09:51:55.416214943 CET | 1.1.1.1 | 192.168.2.4 | 0x8a89 | No error (0) | 104.21.67.152 | A (IP address) | IN (0x0001) | false | ||
| Dec 18, 2024 09:52:03.818588018 CET | 1.1.1.1 | 192.168.2.4 | 0x41c9 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49738 | 158.101.44.242 | 80 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 18, 2024 09:51:52.841017008 CET | 151 | OUT | |
| Dec 18, 2024 09:51:54.497431993 CET | 321 | IN | |
| Dec 18, 2024 09:51:54.503520966 CET | 127 | OUT | |
| Dec 18, 2024 09:51:54.875744104 CET | 321 | IN | |
| Dec 18, 2024 09:52:02.758761883 CET | 127 | OUT | |
| Dec 18, 2024 09:52:03.677910089 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49757 | 158.101.44.242 | 80 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 18, 2024 09:52:06.128499031 CET | 127 | OUT | |
| Dec 18, 2024 09:52:07.328689098 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 49763 | 158.101.44.242 | 80 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 18, 2024 09:52:09.478343964 CET | 151 | OUT | |
| Dec 18, 2024 09:52:10.678323984 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.4 | 49775 | 158.101.44.242 | 80 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 18, 2024 09:52:12.899662971 CET | 151 | OUT | |
| Dec 18, 2024 09:52:14.101454973 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.4 | 49783 | 158.101.44.242 | 80 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 18, 2024 09:52:16.437601089 CET | 151 | OUT | |
| Dec 18, 2024 09:52:18.055922031 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.4 | 49794 | 158.101.44.242 | 80 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 18, 2024 09:52:20.124254942 CET | 151 | OUT | |
| Dec 18, 2024 09:52:21.787307978 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.4 | 49806 | 158.101.44.242 | 80 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 18, 2024 09:52:23.969630957 CET | 151 | OUT | |
| Dec 18, 2024 09:52:25.762916088 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.4 | 49818 | 158.101.44.242 | 80 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 18, 2024 09:52:27.915771961 CET | 151 | OUT | |
| Dec 18, 2024 09:52:29.121165037 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.4 | 49825 | 158.101.44.242 | 80 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 18, 2024 09:52:31.319883108 CET | 151 | OUT | |
| Dec 18, 2024 09:52:32.536601067 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.4 | 49837 | 158.101.44.242 | 80 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 18, 2024 09:52:34.765850067 CET | 151 | OUT | |
| Dec 18, 2024 09:52:35.967087030 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.4 | 49849 | 158.101.44.242 | 80 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 18, 2024 09:52:38.261204004 CET | 151 | OUT | |
| Dec 18, 2024 09:52:39.591249943 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.4 | 49856 | 158.101.44.242 | 80 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 18, 2024 09:52:41.729394913 CET | 151 | OUT | |
| Dec 18, 2024 09:52:42.930677891 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.4 | 49868 | 158.101.44.242 | 80 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 18, 2024 09:52:45.106144905 CET | 151 | OUT | |
| Dec 18, 2024 09:52:46.306411982 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.4 | 49875 | 158.101.44.242 | 80 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 18, 2024 09:52:48.482367039 CET | 151 | OUT | |
| Dec 18, 2024 09:52:49.681303978 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.4 | 49887 | 158.101.44.242 | 80 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 18, 2024 09:52:51.844710112 CET | 151 | OUT | |
| Dec 18, 2024 09:52:53.042521954 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.4 | 49895 | 158.101.44.242 | 80 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 18, 2024 09:52:55.388598919 CET | 151 | OUT | |
| Dec 18, 2024 09:52:57.016340971 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.4 | 49906 | 158.101.44.242 | 80 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 18, 2024 09:52:59.192332029 CET | 151 | OUT | |
| Dec 18, 2024 09:53:00.438339949 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 17 | 192.168.2.4 | 49918 | 158.101.44.242 | 80 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 18, 2024 09:53:02.654170990 CET | 151 | OUT | |
| Dec 18, 2024 09:53:03.855438948 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 18 | 192.168.2.4 | 49926 | 158.101.44.242 | 80 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 18, 2024 09:53:06.187999010 CET | 151 | OUT | |
| Dec 18, 2024 09:53:07.397157907 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 19 | 192.168.2.4 | 49937 | 158.101.44.242 | 80 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 18, 2024 09:53:11.861773014 CET | 151 | OUT | |
| Dec 18, 2024 09:53:12.269438028 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49736 | 172.217.17.46 | 443 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-18 08:51:46 UTC | 216 | OUT | |
| 2024-12-18 08:51:47 UTC | 1920 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49737 | 172.217.17.65 | 443 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-18 08:51:48 UTC | 258 | OUT | |
| 2024-12-18 08:51:51 UTC | 4937 | IN | |
| 2024-12-18 08:51:51 UTC | 4937 | IN | |
| 2024-12-18 08:51:51 UTC | 4823 | IN | |
| 2024-12-18 08:51:51 UTC | 1324 | IN | |
| 2024-12-18 08:51:51 UTC | 1390 | IN | |
| 2024-12-18 08:51:52 UTC | 1390 | IN | |
| 2024-12-18 08:51:52 UTC | 1390 | IN | |
| 2024-12-18 08:51:52 UTC | 1390 | IN | |
| 2024-12-18 08:51:52 UTC | 1390 | IN | |
| 2024-12-18 08:51:52 UTC | 1390 | IN | |
| 2024-12-18 08:51:52 UTC | 1390 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 49739 | 172.67.177.134 | 443 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-18 08:51:56 UTC | 85 | OUT | |
| 2024-12-18 08:51:57 UTC | 884 | IN | |
| 2024-12-18 08:51:57 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.4 | 49752 | 149.154.167.220 | 443 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-18 08:52:05 UTC | 295 | OUT | |
| 2024-12-18 08:52:05 UTC | 1090 | OUT | |
| 2024-12-18 08:52:05 UTC | 388 | IN | |
| 2024-12-18 08:52:05 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.4 | 49758 | 149.154.167.220 | 443 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-18 08:52:08 UTC | 295 | OUT | |
| 2024-12-18 08:52:08 UTC | 1090 | OUT | |
| 2024-12-18 08:52:09 UTC | 388 | IN | |
| 2024-12-18 08:52:09 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.4 | 49769 | 149.154.167.220 | 443 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-18 08:52:12 UTC | 271 | OUT | |
| 2024-12-18 08:52:12 UTC | 1090 | OUT | |
| 2024-12-18 08:52:12 UTC | 388 | IN | |
| 2024-12-18 08:52:12 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.4 | 49777 | 149.154.167.220 | 443 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-18 08:52:15 UTC | 295 | OUT | |
| 2024-12-18 08:52:15 UTC | 1090 | OUT | |
| 2024-12-18 08:52:16 UTC | 388 | IN | |
| 2024-12-18 08:52:16 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.4 | 49788 | 149.154.167.220 | 443 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-18 08:52:19 UTC | 271 | OUT | |
| 2024-12-18 08:52:19 UTC | 1090 | OUT | |
| 2024-12-18 08:52:19 UTC | 388 | IN | |
| 2024-12-18 08:52:19 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.4 | 49800 | 149.154.167.220 | 443 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-18 08:52:23 UTC | 271 | OUT | |
| 2024-12-18 08:52:23 UTC | 1090 | OUT | |
| 2024-12-18 08:52:23 UTC | 388 | IN | |
| 2024-12-18 08:52:23 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.4 | 49812 | 149.154.167.220 | 443 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-18 08:52:27 UTC | 271 | OUT | |
| 2024-12-18 08:52:27 UTC | 1090 | OUT | |
| 2024-12-18 08:52:27 UTC | 388 | IN | |
| 2024-12-18 08:52:27 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.4 | 49819 | 149.154.167.220 | 443 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-18 08:52:30 UTC | 271 | OUT | |
| 2024-12-18 08:52:30 UTC | 1090 | OUT | |
| 2024-12-18 08:52:31 UTC | 388 | IN | |
| 2024-12-18 08:52:31 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.4 | 49831 | 149.154.167.220 | 443 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-18 08:52:33 UTC | 271 | OUT | |
| 2024-12-18 08:52:33 UTC | 1090 | OUT | |
| 2024-12-18 08:52:34 UTC | 388 | IN | |
| 2024-12-18 08:52:34 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.4 | 49843 | 149.154.167.220 | 443 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-18 08:52:37 UTC | 271 | OUT | |
| 2024-12-18 08:52:37 UTC | 1090 | OUT | |
| 2024-12-18 08:52:38 UTC | 388 | IN | |
| 2024-12-18 08:52:38 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.4 | 49850 | 149.154.167.220 | 443 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-18 08:52:40 UTC | 295 | OUT | |
| 2024-12-18 08:52:40 UTC | 1090 | OUT | |
| 2024-12-18 08:52:41 UTC | 388 | IN | |
| 2024-12-18 08:52:41 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.4 | 49862 | 149.154.167.220 | 443 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-18 08:52:44 UTC | 295 | OUT | |
| 2024-12-18 08:52:44 UTC | 1090 | OUT | |
| 2024-12-18 08:52:44 UTC | 388 | IN | |
| 2024-12-18 08:52:44 UTC | 536 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.4 | 49869 | 149.154.167.220 | 443 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-18 08:52:47 UTC | 271 | OUT | |
| 2024-12-18 08:52:47 UTC | 1090 | OUT | |
| 2024-12-18 08:52:48 UTC | 388 | IN | |
| 2024-12-18 08:52:48 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.4 | 49881 | 149.154.167.220 | 443 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-18 08:52:51 UTC | 271 | OUT | |
| 2024-12-18 08:52:51 UTC | 1090 | OUT | |
| 2024-12-18 08:52:51 UTC | 388 | IN | |
| 2024-12-18 08:52:51 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 17 | 192.168.2.4 | 49889 | 149.154.167.220 | 443 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-18 08:52:54 UTC | 271 | OUT | |
| 2024-12-18 08:52:54 UTC | 1090 | OUT | |
| 2024-12-18 08:52:55 UTC | 388 | IN | |
| 2024-12-18 08:52:55 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 18 | 192.168.2.4 | 49900 | 149.154.167.220 | 443 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-18 08:52:58 UTC | 295 | OUT | |
| 2024-12-18 08:52:58 UTC | 1090 | OUT | |
| 2024-12-18 08:52:59 UTC | 388 | IN | |
| 2024-12-18 08:52:59 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 19 | 192.168.2.4 | 49912 | 149.154.167.220 | 443 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-18 08:53:01 UTC | 295 | OUT | |
| 2024-12-18 08:53:01 UTC | 1090 | OUT | |
| 2024-12-18 08:53:02 UTC | 388 | IN | |
| 2024-12-18 08:53:02 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 20 | 192.168.2.4 | 49920 | 149.154.167.220 | 443 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-18 08:53:05 UTC | 271 | OUT | |
| 2024-12-18 08:53:05 UTC | 1090 | OUT | |
| 2024-12-18 08:53:06 UTC | 388 | IN | |
| 2024-12-18 08:53:06 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 21 | 192.168.2.4 | 49931 | 149.154.167.220 | 443 | 2692 | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-18 08:53:08 UTC | 271 | OUT | |
| 2024-12-18 08:53:08 UTC | 1090 | OUT | |
| 2024-12-18 08:53:09 UTC | 388 | IN | |
| 2024-12-18 08:53:09 UTC | 535 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 03:51:03 |
| Start date: | 18/12/2024 |
| Path: | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 501'968 bytes |
| MD5 hash: | 65EEA9949B624401EA78AAF28072AB3F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 03:51:36 |
| Start date: | 18/12/2024 |
| Path: | C:\Users\user\Desktop\RFQ December-January Forcast and TCL.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 501'968 bytes |
| MD5 hash: | 65EEA9949B624401EA78AAF28072AB3F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 21.4% |
| Dynamic/Decrypted Code Coverage: | 13.9% |
| Signature Coverage: | 20.8% |
| Total number of Nodes: | 1517 |
| Total number of Limit Nodes: | 47 |
Graph
Function 004032A0 Relevance: 89.7, APIs: 32, Strings: 19, Instructions: 401stringfilecomCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404B30 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406077 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 207stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405846 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406398 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004027FB Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040389E Relevance: 47.5, APIs: 14, Strings: 13, Instructions: 215stringregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401767 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004025E5 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 151fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040237B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004063BF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405128 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401FC3 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401B37 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401DDC Relevance: 3.0, APIs: 2, Instructions: 21COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405C2A Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405700 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100028A4 Relevance: 2.7, APIs: 2, Instructions: 156memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402786 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040229D Relevance: 1.5, APIs: 1, Instructions: 25COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405CDC Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405CAD Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100027C7 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040159B Relevance: 1.5, APIs: 1, Instructions: 18COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040414E Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403258 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 1000121B Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004052F3 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004045B4 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040686A Relevance: .3, Instructions: 334COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407041 Relevance: .3, Instructions: 300COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004042B6 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 207windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405D84 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100022D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404180 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404A7E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D04 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100024A9 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402537 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100018A9 Relevance: 7.7, APIs: 5, Instructions: 189COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100015FF Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401CFA Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404970 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401BDF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F22 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405A09 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D8A Relevance: 6.0, APIs: 4, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405B11 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405735 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405A55 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405B8F Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 11.2% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 2.2% |
| Total number of Nodes: | 278 |
| Total number of Limit Nodes: | 15 |
Graph
Function 00118DA0 Relevance: 7.4, Strings: 5, Instructions: 1138COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00115F90 Relevance: 5.4, Strings: 4, Instructions: 443COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001127B9 Relevance: 3.2, Strings: 2, Instructions: 695COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00115968 Relevance: 3.0, Strings: 2, Instructions: 511COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00114328 Relevance: 2.7, Strings: 2, Instructions: 195COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B2E790 Relevance: 2.0, Strings: 1, Instructions: 764COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0BDF0 Relevance: 2.0, Strings: 1, Instructions: 758COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B08650 Relevance: .7, Instructions: 709COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36A5C638 Relevance: .3, Instructions: 321COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36A503AF Relevance: .3, Instructions: 272COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36A50C28 Relevance: .2, Instructions: 220COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36A50C1A Relevance: .2, Instructions: 220COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B09D10 Relevance: .2, Instructions: 219COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0A360 Relevance: .2, Instructions: 219COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B096C8 Relevance: .2, Instructions: 218COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0A9B0 Relevance: .2, Instructions: 218COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36A50F6F Relevance: .2, Instructions: 202COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0BA88 Relevance: .2, Instructions: 195COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0BA97 Relevance: .2, Instructions: 191COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0A9A0 Relevance: .2, Instructions: 171COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B08640 Relevance: .2, Instructions: 170COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B096B8 Relevance: .2, Instructions: 164COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B2F2DE Relevance: .2, Instructions: 154COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0C92F Relevance: .2, Instructions: 153COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B09D00 Relevance: .1, Instructions: 117COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0A352 Relevance: .1, Instructions: 109COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001166B8 Relevance: 10.5, Strings: 8, Instructions: 456COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B20970 Relevance: 6.1, APIs: 4, Instructions: 137threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B20980 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001119B8 Relevance: 5.3, Strings: 4, Instructions: 321COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00114F00 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00115460 Relevance: 2.7, Strings: 2, Instructions: 228COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00118D90 Relevance: 2.7, Strings: 2, Instructions: 190COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0D548 Relevance: 2.6, Strings: 2, Instructions: 149COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00117EC0 Relevance: 2.6, Strings: 2, Instructions: 109COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00118D19 Relevance: 2.5, Strings: 2, Instructions: 44COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B200B0 Relevance: 1.6, APIs: 1, Instructions: 149COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B20104 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B20110 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B21DC0 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B20BC0 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B20BC8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B2C560 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B2D3E8 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B2E6C9 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B22018 Relevance: 1.5, APIs: 1, Instructions: 45timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B22020 Relevance: 1.5, APIs: 1, Instructions: 44timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B2E6D0 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00110B29 Relevance: 1.5, Strings: 1, Instructions: 203COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00110B30 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00119EB0 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00118BF0 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0E7F4 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0F090 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0C175 Relevance: .3, Instructions: 322COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0C173 Relevance: .3, Instructions: 319COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00116C98 Relevance: .2, Instructions: 201COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0011AF90 Relevance: .2, Instructions: 199COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0FAB0 Relevance: .2, Instructions: 189COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0C4CF Relevance: .2, Instructions: 155COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B07920 Relevance: .1, Instructions: 147COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0CC28 Relevance: .1, Instructions: 145COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00113168 Relevance: .1, Instructions: 134COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B08721 Relevance: .1, Instructions: 130COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001192C3 Relevance: .1, Instructions: 126COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00114620 Relevance: .1, Instructions: 101COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00118B4B Relevance: .1, Instructions: 89COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0CF68 Relevance: .1, Instructions: 88COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00116F40 Relevance: .1, Instructions: 87COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0FAA1 Relevance: .1, Instructions: 86COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0011B1B7 Relevance: .1, Instructions: 86COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001118C8 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0CF59 Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001152C8 Relevance: .1, Instructions: 74COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B07922 Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD030 Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00110EC8 Relevance: .1, Instructions: 70COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0B9A9 Relevance: .1, Instructions: 69COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00114611 Relevance: .1, Instructions: 68COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0011324D Relevance: .1, Instructions: 68COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001117B8 Relevance: .1, Instructions: 66COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00118729 Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001152B8 Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0011FE60 Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0011B2E0 Relevance: .1, Instructions: 60COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0B9C7 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0B9C8 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0EC1A Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD02B Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00114E5F Relevance: .1, Instructions: 52COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0CE50 Relevance: .0, Instructions: 50COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0011B2F0 Relevance: .0, Instructions: 49COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00114664 Relevance: .0, Instructions: 44COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0011FC38 Relevance: .0, Instructions: 42COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0CE60 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B095E8 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0D4C8 Relevance: .0, Instructions: 37COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B09608 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0011B158 Relevance: .0, Instructions: 32COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0011FE12 Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00111877 Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0011FE20 Relevance: .0, Instructions: 23COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00111888 Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001156FF Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0011FF22 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0CF30 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0D095 Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00119F6D Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B095D8 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0011FF30 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0BD48 Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B094B4 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00115710 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0011B2C3 Relevance: .0, Instructions: 9COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0011FFC8 Relevance: .0, Instructions: 4COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004032A0 Relevance: 77.4, APIs: 32, Strings: 12, Instructions: 401stringfilecomCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404B30 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405846 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 148filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0AFF8 Relevance: 11.7, Strings: 9, Instructions: 461COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0AFE8 Relevance: 11.6, Strings: 9, Instructions: 366COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0AFF7 Relevance: 11.6, Strings: 9, Instructions: 361COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B07B4F Relevance: 1.9, Strings: 1, Instructions: 609COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36A5BD88 Relevance: .3, Instructions: 275COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36A5B07F Relevance: .3, Instructions: 275COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36A5F042 Relevance: .3, Instructions: 275COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36A5DEE1 Relevance: .3, Instructions: 273COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36A5E790 Relevance: .3, Instructions: 272COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36A5DA89 Relevance: .3, Instructions: 272COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36A5E339 Relevance: .3, Instructions: 272COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36A5EBF2 Relevance: .3, Instructions: 269COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B036C0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B02E10 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B05660 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B00FA8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B067C0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B05F10 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B03F70 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B01CB0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B074C8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B06C18 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B01400 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B04DB0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B02560 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B05AB8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B05208 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B03268 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B043C8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B03B18 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B06368 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B04820 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B07070 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B01858 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B029B8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B02108 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36A5C1F2 Relevance: .3, Instructions: 267COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36A5B4EC Relevance: .3, Instructions: 265COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36A5B944 Relevance: .3, Instructions: 265COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B08193 Relevance: .2, Instructions: 193COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B08373 Relevance: .1, Instructions: 116COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B2F5A0 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36B0CBE7 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004052F3 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004042B6 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 207windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040389E Relevance: 37.0, APIs: 13, Strings: 8, Instructions: 215stringregistryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405D84 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004045B4 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406077 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 207stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404180 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004025E5 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 151fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404A7E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D04 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401CFA Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D56 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404970 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401BDF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004063BF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34libraryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405683 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D8A Relevance: 6.0, APIs: 4, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405128 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405735 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00111A40 Relevance: 5.1, Strings: 4, Instructions: 98COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001158E8 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405B8F Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|