Edit tour
Windows
Analysis Report
PAYMENT ADVICE 750013-1012449943-81347-pdf.exe
Overview
General Information
| Sample name: | PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Analysis ID: | 1578318 |
| MD5: | d0074edab5cee4b432bf2e9f075e6301 |
| SHA1: | 71a829b476596ad54566c823499b1bfdfa86ae3e |
| SHA256: | 0ff51f1bfcef0cabf76af8a2c9bb5c01aef4940a97c9b5cebe83cddf62d5be77 |
| Tags: | exeuser-lowmal3 |
| Infos: |  |
 | |
Detection
GuLoader, MassLogger RAT
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected MassLogger RAT
Yara detected Telegram RAT
AI detected suspicious sample
Disable Task Manager(disabletaskmgr)
Disables CMD prompt
Disables the Windows task manager (taskmgr)
Initial sample is a PE file and has a suspicious name
Sample has a suspicious name (potential lure to open the executable)
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Classification
- System is w10x64
PAYMENT ADVICE 750013-1012449943-81347-pdf.exe (PID: 7392 cmdline: "C:\Users\ user\Deskt op\PAYMENT ADVICE 75 0013-10124 49943-8134 7-pdf.exe" MD5: D0074EDAB5CEE4B432BF2E9F075E6301) - PAYMENT ADVICE 750013-1012449943-81347-pdf.exe (PID: 7788 cmdline:
"C:\Users\ user\Deskt op\PAYMENT ADVICE 75 0013-10124 49943-8134 7-pdf.exe" MD5: D0074EDAB5CEE4B432BF2E9F075E6301)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
{"C2 url": "https://api.telegram.org/bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendMessage"}{"EXfil Mode": "Telegram", "Telegram Token": "7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc", "Telegram Chatid": "7382809095"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| Click to see the 3 entries | ||||
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-19T15:29:05.354142+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49753 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:08.983430+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49763 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:12.557136+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49775 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:15.994860+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49783 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:19.388638+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49794 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:22.830321+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49805 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:26.346873+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49812 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:29.893929+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49823 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:34.009806+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49833 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:37.524024+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49842 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:40.967355+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49852 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:44.560481+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49861 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:47.965291+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49871 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:51.449518+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49881 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:54.981785+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49890 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:58.386641+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49899 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:30:02.640506+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49911 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:30:09.283629+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49928 | 149.154.167.220 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-19T15:28:54.921372+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49738 | 193.122.6.168 | 80 | TCP |
| 2024-12-19T15:29:03.140205+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49738 | 193.122.6.168 | 80 | TCP |
| 2024-12-19T15:29:06.968372+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49761 | 193.122.6.168 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-19T15:28:46.105933+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49736 | 172.217.17.46 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | ||
| Source: | Integrated Neural Analysis Model: | ||
Location Tracking | |
|---|
| Source: | DNS query: | ||
| Source: | Code function: | 4_2_374ED1EC | |
| Source: | Code function: | 4_2_374ED9D9 | |
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00405846 | |
| Source: | Code function: | 0_2_004027FB | |
| Source: | Code function: | 0_2_00406398 | |
| Source: | Code function: | 4_2_00405846 | |
| Source: | Code function: | 4_2_004027FB | |
| Source: | Code function: | 4_2_00406398 | |
| Source: | Code function: | 4_2_374EC638 | |
| Source: | Code function: | 4_2_374E0C28 | |
| Source: | Code function: | 4_2_374E03C4 | |
| Source: | Code function: | 4_2_374E0F6F | |
| Source: | Code function: | 4_2_374EE790 | |
| Source: | Code function: | 4_2_374EDEEF | |
| Source: | Code function: | 4_2_374EBD88 | |
| Source: | Code function: | 4_2_374E0C27 | |
| Source: | Code function: | 4_2_374EB4EC | |
| Source: | Code function: | 4_2_374EE347 | |
| Source: | Code function: | 4_2_374EEBF7 | |
| Source: | Code function: | 4_2_374EDA9C | |
| Source: | Code function: | 4_2_374EB944 | |
| Source: | Code function: | 4_2_374EC1F2 | |
| Source: | Code function: | 4_2_374EF054 | |
| Source: | Code function: | 4_2_37A88650 | |
| Source: | Code function: | 4_2_37A88650 | |
| Source: | Code function: | 4_2_37A8BDF0 | |
| Source: | Code function: | 4_2_37A80FA8 | |
| Source: | Code function: | 4_2_37A867C0 | |
| Source: | Code function: | 4_2_37A85F10 | |
| Source: | Code function: | 4_2_37A83F70 | |
| Source: | Code function: | 4_2_37A836C0 | |
| Source: | Code function: | 4_2_37A82E10 | |
| Source: | Code function: | 4_2_37A85660 | |
| Source: | Code function: | 4_2_37A84DB0 | |
| Source: | Code function: | 4_2_37A82560 | |
| Source: | Code function: | 4_2_37A81CB0 | |
| Source: | Code function: | 4_2_37A874C8 | |
| Source: | Code function: | 4_2_37A81400 | |
| Source: | Code function: | 4_2_37A86C18 | |
| Source: | Code function: | 4_2_37A8CBE7 | |
| Source: | Code function: | 4_2_37A843C8 | |
| Source: | Code function: | 4_2_37A83B18 | |
| Source: | Code function: | 4_2_37A86368 | |
| Source: | Code function: | 4_2_37A87B62 | |
| Source: | Code function: | 4_2_37A88373 | |
| Source: | Code function: | 4_2_37A85AB8 | |
| Source: | Code function: | 4_2_37A85208 | |
| Source: | Code function: | 4_2_37A83268 | |
| Source: | Code function: | 4_2_37A829B8 | |
| Source: | Code function: | 4_2_37A88193 | |
| Source: | Code function: | 4_2_37A8C92F | |
| Source: | Code function: | 4_2_37A82108 | |
| Source: | Code function: | 4_2_37A84820 | |
| Source: | Code function: | 4_2_37A87070 | |
| Source: | Code function: | 4_2_37A81858 | |
| Source: | Code function: | 4_2_37FBE7C8 | |
| Source: | Code function: | 4_2_37FBF5D8 | |
| Source: | Code function: | 4_2_37FBF316 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_004052F3 | |
System Summary | |
|---|
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Code function: | 0_2_004032A0 | |
| Source: | Code function: | 4_2_004032A0 | |
| Source: | Code function: | 0_2_00404B30 | |
| Source: | Code function: | 0_2_00407041 | |
| Source: | Code function: | 0_2_0040686A | |
| Source: | Code function: | 4_2_00407041 | |
| Source: | Code function: | 4_2_0040686A | |
| Source: | Code function: | 4_2_00404B30 | |
| Source: | Code function: | 4_2_001560E0 | |
| Source: | Code function: | 4_2_00154328 | |
| Source: | Code function: | 4_2_00158DA0 | |
| Source: | Code function: | 4_2_00155968 | |
| Source: | Code function: | 4_2_00152DD1 | |
| Source: | Code function: | 4_2_374E7628 | |
| Source: | Code function: | 4_2_374ECCA0 | |
| Source: | Code function: | 4_2_374E3327 | |
| Source: | Code function: | 4_2_374E03C4 | |
| Source: | Code function: | 4_2_374E2181 | |
| Source: | Code function: | 4_2_374EE790 | |
| Source: | Code function: | 4_2_374EC649 | |
| Source: | Code function: | 4_2_374EDEEF | |
| Source: | Code function: | 4_2_374E6E9F | |
| Source: | Code function: | 4_2_374E6EA0 | |
| Source: | Code function: | 4_2_374EBD88 | |
| Source: | Code function: | 4_2_374EB4EC | |
| Source: | Code function: | 4_2_374ECC91 | |
| Source: | Code function: | 4_2_374EE347 | |
| Source: | Code function: | 4_2_374EEBF7 | |
| Source: | Code function: | 4_2_374EDA9C | |
| Source: | Code function: | 4_2_374EB944 | |
| Source: | Code function: | 4_2_374EC1F2 | |
| Source: | Code function: | 4_2_374E7848 | |
| Source: | Code function: | 4_2_374EF054 | |
| Source: | Code function: | 4_2_37A896C8 | |
| Source: | Code function: | 4_2_37A88650 | |
| Source: | Code function: | 4_2_37A8BDF0 | |
| Source: | Code function: | 4_2_37A89D10 | |
| Source: | Code function: | 4_2_37A8A360 | |
| Source: | Code function: | 4_2_37A8BA97 | |
| Source: | Code function: | 4_2_37A8A9B0 | |
| Source: | Code function: | 4_2_37A80FA8 | |
| Source: | Code function: | 4_2_37A867B0 | |
| Source: | Code function: | 4_2_37A8AFF8 | |
| Source: | Code function: | 4_2_37A8AFF7 | |
| Source: | Code function: | 4_2_37A867C0 | |
| Source: | Code function: | 4_2_37A85F01 | |
| Source: | Code function: | 4_2_37A85F10 | |
| Source: | Code function: | 4_2_37A83F60 | |
| Source: | Code function: | 4_2_37A83F70 | |
| Source: | Code function: | 4_2_37A836C0 | |
| Source: | Code function: | 4_2_37A836C2 | |
| Source: | Code function: | 4_2_37A896C7 | |
| Source: | Code function: | 4_2_37A82E10 | |
| Source: | Code function: | 4_2_37A85660 | |
| Source: | Code function: | 4_2_37A85659 | |
| Source: | Code function: | 4_2_37A88652 | |
| Source: | Code function: | 4_2_37A84DA0 | |
| Source: | Code function: | 4_2_37A84DB0 | |
| Source: | Code function: | 4_2_37A89D0F | |
| Source: | Code function: | 4_2_37A82560 | |
| Source: | Code function: | 4_2_37A8255F | |
| Source: | Code function: | 4_2_37A81CB0 | |
| Source: | Code function: | 4_2_37A874C8 | |
| Source: | Code function: | 4_2_37A874C1 | |
| Source: | Code function: | 4_2_37A86C09 | |
| Source: | Code function: | 4_2_37A81400 | |
| Source: | Code function: | 4_2_37A86C18 | |
| Source: | Code function: | 4_2_37A843C8 | |
| Source: | Code function: | 4_2_37A83B18 | |
| Source: | Code function: | 4_2_37A83B1A | |
| Source: | Code function: | 4_2_37A86368 | |
| Source: | Code function: | 4_2_37A87B62 | |
| Source: | Code function: | 4_2_37A8A35F | |
| Source: | Code function: | 4_2_37A85AB8 | |
| Source: | Code function: | 4_2_37A85208 | |
| Source: | Code function: | 4_2_37A85207 | |
| Source: | Code function: | 4_2_37A83268 | |
| Source: | Code function: | 4_2_37A8A9AF | |
| Source: | Code function: | 4_2_37A829B8 | |
| Source: | Code function: | 4_2_37A8F12D | |
| Source: | Code function: | 4_2_37A8F130 | |
| Source: | Code function: | 4_2_37A82108 | |
| Source: | Code function: | 4_2_37A84820 | |
| Source: | Code function: | 4_2_37A84819 | |
| Source: | Code function: | 4_2_37A87070 | |
| Source: | Code function: | 4_2_37A80040 | |
| Source: | Code function: | 4_2_37A81858 | |
| Source: | Code function: | 4_2_37FBE7C8 | |
| Source: | Code function: | 4_2_37FBD66F | |
| Source: | Code function: | 4_2_37FB8328 | |
| Source: | Code function: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_004032A0 | |
| Source: | Code function: | 4_2_004032A0 | |
| Source: | Code function: | 0_2_004045B4 | |
| Source: | Code function: | 0_2_00402095 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | LNK file: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Code function: | 0_2_10001B18 | |
| Source: | Code function: | 0_2_10002E0E | |
| Source: | File created: | Jump to dropped file | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | API coverage: | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 0_2_00405846 | |
| Source: | Code function: | 0_2_004027FB | |
| Source: | Code function: | 0_2_00406398 | |
| Source: | Code function: | 4_2_00405846 | |
| Source: | Code function: | 4_2_004027FB | |
| Source: | Code function: | 4_2_00406398 | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-3943 | ||
| Source: | API call chain: | graph_0-3762 | ||
| Source: | Code function: | 4_2_0040649A | |
| Source: | Code function: | 0_2_10001B18 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00406077 | |
| Source: | Key value queried: | Jump to behavior | ||
Lowering of HIPS / PFW / Operating System Security Settings | |
|---|
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry key created or modified: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Access Token Manipulation | 1 Masquerading | 1 OS Credential Dumping | 21 Security Software Discovery | Remote Services | 1 Email Collection | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 11 Process Injection | 31 Disable or Modify Tools | LSASS Memory | 31 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 31 Virtualization/Sandbox Evasion | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | 1 Data from Local System | 1 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Access Token Manipulation | NTDS | 1 System Network Configuration Discovery | Distributed Component Object Model | 1 Clipboard Data | 3 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Process Injection | LSA Secrets | 2 File and Directory Discovery | SSH | Keylogging | 14 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Deobfuscate/Decode Files or Information | Cached Domain Credentials | 215 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 3 Obfuscated Files or Information | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 58% | ReversingLabs | Win32.Ransomware.TelegramRAT |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| drive.google.com | 172.217.17.46 | true | false | high | |
| drive.usercontent.google.com | 172.217.17.65 | true | false | high | |
| reallyfreegeoip.org | 172.67.177.134 | true | false | high | |
| api.telegram.org | 149.154.167.220 | true | false | high | |
| checkip.dyndns.com | 193.122.6.168 | true | false | high | |
| checkip.dyndns.org | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
| 193.122.6.168 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false | |
| 172.217.17.46 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
| 172.217.17.65 | drive.usercontent.google.com | United States | 15169 | GOOGLEUS | false | |
| 172.67.177.134 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1578318 |
| Start date and time: | 2024-12-19 15:27:05 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 7m 9s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 6 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/8@5/5 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.63
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: PAYMENT ADVICE 750013-1012449943-81347-pdf.exe
| Time | Type | Description |
|---|---|---|
| 09:29:01 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 149.154.167.220 | Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | DBatLoader, PureLog Stealer, Snake Keylogger | Browse | |||
| Get hash | malicious | DBatLoader, PureLog Stealer, Snake Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Can Stealer | Browse | |||
| Get hash | malicious | Can Stealer | Browse | |||
| 193.122.6.168 | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| checkip.dyndns.com | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | DBatLoader, PureLog Stealer, Snake Keylogger | Browse |
| ||
| Get hash | malicious | DBatLoader, PureLog Stealer, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| api.telegram.org | Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | DBatLoader, PureLog Stealer, Snake Keylogger | Browse |
| ||
| Get hash | malicious | DBatLoader, PureLog Stealer, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | Can Stealer | Browse |
| ||
| reallyfreegeoip.org | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| ORACLE-BMC-31898US | Get hash | malicious | Mirai, Okiru | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| TELEGRAMRU | Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | DBatLoader, PureLog Stealer, Snake Keylogger | Browse |
| ||
| Get hash | malicious | DBatLoader, PureLog Stealer, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | HTMLPhisher | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
| ||
| Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
| ||
| Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, Stealc, Vidar | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
| ||
| Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
| ||
| Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
| ||
| Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | GuLoader, RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | GuLoader, RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | GuLoader, RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | GuLoader, RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | GuLoader, RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | RHADAMANTHYS | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nsv30DA.tmp\System.dll | Get hash | malicious | GuLoader, MassLogger RAT | Browse | ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\Beclamor\Neurobiology.zen
Download File
| Process: | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 280132 |
| Entropy (8bit): | 7.780548466767351 |
| Encrypted: | false |
| SSDEEP: | 6144:tqXxyI4TO00e3P1ld0vSP8TkxWV4ZikeWPgy1gDgTJJt9:EyI4SqH8T2IYn7gP0Lt9 |
| MD5: | 7093E02FCBC0ABDC2521D25D9C579073 |
| SHA1: | D8C332B89D53FC7A59B1F91DD8F14B8548D2E720 |
| SHA-256: | 3F2E84ECB7DD1E934AA9D96C9D0AD5EAB97BF9EB1B5DBC0E69ECE18C9AF547C0 |
| SHA-512: | 3DCFDCA9A6238E3B7AF58F9D4C7E1CBB6DAFE9933B39E51159610AC8DA63DCFC3BC57841E8F72D6917EE9BD9E8D9D57C91F2930510AA842537CC0FC2CDA73043 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\Beclamor\Riprap43.gaw
Download File
| Process: | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 56641 |
| Entropy (8bit): | 1.2318917163845036 |
| Encrypted: | false |
| SSDEEP: | 384:vrBeaW6xu5Pd9GW0Zq+/HXF1qcGNMUd8phxiFQHOV7hpvZlq:t9+Pdop/306xixrlq |
| MD5: | 39C9A5F767D8C170B5CE38EA8D5734D4 |
| SHA1: | 4B4CA81EB3D093645B504004F62A269D4EACDECC |
| SHA-256: | 87A7017021050071DBE5726BF9AC505763CD923E2BDE93336CA0905802CD8D49 |
| SHA-512: | AE2D66B801251046FA4D3093391B916955B43BE75A954DD398583B1B8881A9F109F51F81D6E4FE759F83AC7B921FA89B02185013AFDE16D3C8EAB422BE89B4FF |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\Beclamor\antihemolytic.arm
Download File
| Process: | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 76414 |
| Entropy (8bit): | 4.6097551972165745 |
| Encrypted: | false |
| SSDEEP: | 768:LLekp2wTlOdtIYlK1933zKyOMQxr/C73Ja3+g2OMBkc8oQztn244bck7VfHEA/od:vr0eWxM1J3zZQ5eK2Lkc8o4b4dvyoPK |
| MD5: | F0886B66577ED608412D985493DF3928 |
| SHA1: | 23A6B0E83DD6F5D1782A59B14DC616AF7909BE80 |
| SHA-256: | 72AB5BB7924FDD333AF20EF25AA0F3AC5CEB0DBEBE70694CB1F8128FD57DA1A2 |
| SHA-512: | 4026963060F0974729E570E2BF9CDD31CDE045991406DE167FD3232D8C0EFA7D73B872BB0242CD8A5B08074513BA79018E931A6960E97984159103B7079801DD |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\Beclamor\forskansningens.txt
Download File
| Process: | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 345 |
| Entropy (8bit): | 4.241929841155785 |
| Encrypted: | false |
| SSDEEP: | 6:dvkdMOL4xnuXGNQWjMIDw1luhPB46xAJX7sBJOdkmLA8gMfArpIXbgOwQWiQJEEC:dufExIoDe1lYnGJLsBQdtL6rpIrWQkJA |
| MD5: | AE69FE0F4D1E1115BC470031E661785C |
| SHA1: | 8D3799826FE457C61C1E8EE5E3071683A8125BC5 |
| SHA-256: | 6B18768503395C809263568D3A8858810404C2B7D49DC7CB6CE5F717F5D6C7DE |
| SHA-512: | 969C0DB048EAC4A9B447A0C0C463A7983F1B4091B6206E274B9D249F8311439B6C33F5AA1EDF9CD1AA27502DA49378D3E1B45F16909C55DF830E51684E9648BE |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\Beclamor\fyldebtten.soi
Download File
| Process: | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 210366 |
| Entropy (8bit): | 1.240975322465592 |
| Encrypted: | false |
| SSDEEP: | 768:vBTwJOLxCIF0V6iLboHog6BQlsMqlN1R0pmGy30wbfq6+9GmlsNh34k0uJ/QohER:cJigyyDJnLH7zA |
| MD5: | AEF78D8D561E8802286A78AAC6C73ED6 |
| SHA1: | DDF5DA649482D0A553802827BB9F0EF64A7069E1 |
| SHA-256: | 45F24543C01C9A11CC2246A9B27569AF433EEF61C877A4E191B683315D3566BE |
| SHA-512: | 93D43C0CECADF8E1F507F8E58D2B4D92995D8F7ECF213A23559938B380033A6D0D80B0816A8D6603864F821F4FEDC988E0F79BE14C6892089178970E08DC4199 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\Beclamor\wildwestfilm.sto
Download File
| Process: | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 363811 |
| Entropy (8bit): | 1.2512349423386382 |
| Encrypted: | false |
| SSDEEP: | 768:y2f405GRYtnSLOBbyCociR2TVuEpHsVURGxwGmXjyMB+CtKDOgt9rlHF1QOs+9m5:pIuagbnK7CwVwFpYogwhUsvCq |
| MD5: | BFEA15C03AB295424981A73637A19491 |
| SHA1: | A5ADABDDC373D6B3004F96946D84B651E42D9F5C |
| SHA-256: | 83E9CE74259889DCABD39D41131F286882B224698DCDEB8D0B4074069AAA687B |
| SHA-512: | CB5969BFFAED8AF1791938E924E0CC9F876E45165F4E7EA5E9249131FACA831C0600F14BD68EF041D18C81A3FBE087970043D1B3B8A6786C1E5E5049834D4D0D |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11776 |
| Entropy (8bit): | 5.655335921632966 |
| Encrypted: | false |
| SSDEEP: | 192:eF24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol9Sl:h8QIl975eXqlWBrz7YLOl9 |
| MD5: | EE260C45E97B62A5E42F17460D406068 |
| SHA1: | DF35F6300A03C4D3D3BD69752574426296B78695 |
| SHA-256: | E94A1F7BCD7E0D532B660D0AF468EB3321536C3EFDCA265E61F9EC174B1AEF27 |
| SHA-512: | A98F350D17C9057F33E5847462A87D59CBF2AAEDA7F6299B0D49BB455E484CE4660C12D2EB8C4A0D21DF523E729222BBD6C820BF25B081BC7478152515B414B3 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1174 |
| Entropy (8bit): | 3.2610912849810236 |
| Encrypted: | false |
| SSDEEP: | 12:8wl0asXowAOcQ/tz0/CSL6/cBnwgXl341DEDeG41DED+RKQ1olfW+kjcmAajuTCh:8xLDWLrFPjPC9izZMjDpdqy |
| MD5: | F2A6FA74C25069C4241ECFBB5CB5DC84 |
| SHA1: | 42D1F79230AB3524780B520643912FCE1C3DDD26 |
| SHA-256: | DA4FC858C578D87657BFAEE4448833F732135DB5607795DC088B63B9225CB9A1 |
| SHA-512: | 61C54E52C53956122E078EE8749E3DD052AE326C673A87F92706762785C4E4EF58D6B8FE9671A21E41499E80F8C87A6643652127A08466B8B9DC45827DBB8010 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.961944712331445 |
| TrID: |
|
| File name: | PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| File size: | 460'983 bytes |
| MD5: | d0074edab5cee4b432bf2e9f075e6301 |
| SHA1: | 71a829b476596ad54566c823499b1bfdfa86ae3e |
| SHA256: | 0ff51f1bfcef0cabf76af8a2c9bb5c01aef4940a97c9b5cebe83cddf62d5be77 |
| SHA512: | cbb46e94676d3af4c058b37b906617c676f715a6915d03670b4f9b6f1c1b4618797f97a685c0baabd878ceec1db73145da657f8c5fba349ba7798680425f9128 |
| SSDEEP: | 12288:I5A5oTwRbhaR8N6U2ZD3oHFHYvNrpu7Jj1JK8s5FEeKv:Z5uwpCDmqrpu7Jj1JiceG |
| TLSH: | 7BA423008124D163E5E317710D21FFFBD4B6722A99649F5ADB08397A3D21A608C5FEEE |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P..*_...P...P..NP..*_...P...s...P...V...P..Rich.P..........................PE..L......V.................d......... |
 | |
| Icon Hash: | 3d2e0f95332b3399 |
| Entrypoint: | 0x4032a0 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x567F847F [Sun Dec 27 06:26:07 2015 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | d4b94e8ee3f620a89d114b9da4b31873 |
| Instruction |
|---|
| sub esp, 000002D4h |
| push ebp |
| push esi |
| push 00000020h |
| xor ebp, ebp |
| pop esi |
| mov dword ptr [esp+0Ch], ebp |
| push 00008001h |
| mov dword ptr [esp+0Ch], 0040A300h |
| mov dword ptr [esp+18h], ebp |
| call dword ptr [004080B0h] |
| call dword ptr [004080ACh] |
| cmp ax, 00000006h |
| je 00007FC0393F6CE3h |
| push ebp |
| call 00007FC0393F9E26h |
| cmp eax, ebp |
| je 00007FC0393F6CD9h |
| push 00000C00h |
| call eax |
| push ebx |
| push edi |
| push 0040A2F4h |
| call 00007FC0393F9DA3h |
| push 0040A2ECh |
| call 00007FC0393F9D99h |
| push 0040A2E0h |
| call 00007FC0393F9D8Fh |
| push 00000009h |
| call 00007FC0393F9DF4h |
| push 00000007h |
| call 00007FC0393F9DEDh |
| mov dword ptr [00434F04h], eax |
| call dword ptr [00408044h] |
| push ebp |
| call dword ptr [004082A8h] |
| mov dword ptr [00434FB8h], eax |
| push ebp |
| lea eax, dword ptr [esp+34h] |
| push 000002B4h |
| push eax |
| push ebp |
| push 0042B228h |
| call dword ptr [0040818Ch] |
| push 0040A2C8h |
| push 00433F00h |
| call 00007FC0393F99DAh |
| call dword ptr [004080A8h] |
| mov ebx, 0043F000h |
| push eax |
| push ebx |
| call 00007FC0393F99C8h |
| push ebp |
| call dword ptr [00408178h] |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x85c8 | 0xa0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5d000 | 0x11e0 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b8 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x637c | 0x6400 | 83ff228d6dae8dd738eb2f78afbc793f | False | 0.672421875 | data | 6.491609540807675 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8000 | 0x147c | 0x1600 | d9f9b0b330e238260616b62a7a3cac09 | False | 0.42933238636363635 | data | 4.973928345594701 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xa000 | 0x2aff8 | 0x600 | 3f2b05c8fbb8b2e4c9c89e93d30e7252 | False | 0.53125 | data | 4.133631086111171 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x35000 | 0x28000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x5d000 | 0x11e0 | 0x1200 | 20639f4e7c421f5379e2fb9ea4a1530d | False | 0.3684895833333333 | data | 4.485045860065118 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_BITMAP | 0x5d268 | 0x368 | Device independent bitmap graphic, 96 x 16 x 4, image size 768 | English | United States | 0.23623853211009174 |
| RT_ICON | 0x5d5d0 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | English | United States | 0.42473118279569894 |
| RT_DIALOG | 0x5d8b8 | 0x144 | data | English | United States | 0.5216049382716049 |
| RT_DIALOG | 0x5da00 | 0x13c | data | English | United States | 0.5506329113924051 |
| RT_DIALOG | 0x5db40 | 0x100 | data | English | United States | 0.5234375 |
| RT_DIALOG | 0x5dc40 | 0x11c | data | English | United States | 0.6056338028169014 |
| RT_DIALOG | 0x5dd60 | 0xc4 | data | English | United States | 0.5918367346938775 |
| RT_DIALOG | 0x5de28 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0x5de88 | 0x14 | data | English | United States | 1.2 |
| RT_MANIFEST | 0x5dea0 | 0x33f | XML 1.0 document, ASCII text, with very long lines (831), with no line terminators | English | United States | 0.5547533092659447 |
| DLL | Import |
|---|---|
| KERNEL32.dll | SetCurrentDirectoryW, GetFileAttributesW, GetFullPathNameW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, MoveFileW, SetFileAttributesW, GetCurrentProcess, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, CopyFileW, CompareFileTime, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, lstrcpyW, MoveFileExW, lstrcatW, GetSystemDirectoryW, LoadLibraryW, GetProcAddress, GetModuleHandleA, ExpandEnvironmentStringsW, GetShortPathNameW, SearchPathW, lstrcmpiW, SetFileTime, CloseHandle, GlobalFree, lstrcmpW, GlobalAlloc, WaitForSingleObject, GlobalUnlock, GetDiskFreeSpaceW, GetExitCodeProcess, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, lstrlenA, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW |
| USER32.dll | GetSystemMenu, SetClassLongW, IsWindowEnabled, EnableMenuItem, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, wsprintfW, ScreenToClient, GetWindowRect, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, GetDC, SetWindowTextW, PostQuitMessage, ShowWindow, GetDlgItem, IsWindow, LoadImageW, SetWindowLongW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, SetTimer, FindWindowExW, SendMessageTimeoutW, SetForegroundWindow |
| GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
| SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW |
| ADVAPI32.dll | RegDeleteKeyW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW, RegEnumValueW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
| COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
| ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-19T15:28:46.105933+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.4 | 49736 | 172.217.17.46 | 443 | TCP |
| 2024-12-19T15:28:54.921372+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.4 | 49738 | 193.122.6.168 | 80 | TCP |
| 2024-12-19T15:29:03.140205+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.4 | 49738 | 193.122.6.168 | 80 | TCP |
| 2024-12-19T15:29:05.354142+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49753 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:06.968372+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.4 | 49761 | 193.122.6.168 | 80 | TCP |
| 2024-12-19T15:29:08.983430+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49763 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:12.557136+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49775 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:15.994860+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49783 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:19.388638+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49794 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:22.830321+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49805 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:26.346873+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49812 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:29.893929+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49823 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:34.009806+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49833 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:37.524024+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49842 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:40.967355+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49852 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:44.560481+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49861 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:47.965291+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49871 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:51.449518+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49881 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:54.981785+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49890 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:58.386641+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49899 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:30:02.640506+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49911 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:30:09.283629+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49928 | 149.154.167.220 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 19, 2024 15:28:43.463437080 CET | 49736 | 443 | 192.168.2.4 | 172.217.17.46 |
| Dec 19, 2024 15:28:43.463474035 CET | 443 | 49736 | 172.217.17.46 | 192.168.2.4 |
| Dec 19, 2024 15:28:43.463675022 CET | 49736 | 443 | 192.168.2.4 | 172.217.17.46 |
| Dec 19, 2024 15:28:43.489898920 CET | 49736 | 443 | 192.168.2.4 | 172.217.17.46 |
| Dec 19, 2024 15:28:43.489921093 CET | 443 | 49736 | 172.217.17.46 | 192.168.2.4 |
| Dec 19, 2024 15:28:45.192254066 CET | 443 | 49736 | 172.217.17.46 | 192.168.2.4 |
| Dec 19, 2024 15:28:45.192416906 CET | 49736 | 443 | 192.168.2.4 | 172.217.17.46 |
| Dec 19, 2024 15:28:45.193351984 CET | 443 | 49736 | 172.217.17.46 | 192.168.2.4 |
| Dec 19, 2024 15:28:45.193408012 CET | 49736 | 443 | 192.168.2.4 | 172.217.17.46 |
| Dec 19, 2024 15:28:45.248786926 CET | 49736 | 443 | 192.168.2.4 | 172.217.17.46 |
| Dec 19, 2024 15:28:45.248831034 CET | 443 | 49736 | 172.217.17.46 | 192.168.2.4 |
| Dec 19, 2024 15:28:45.249219894 CET | 443 | 49736 | 172.217.17.46 | 192.168.2.4 |
| Dec 19, 2024 15:28:45.249274015 CET | 49736 | 443 | 192.168.2.4 | 172.217.17.46 |
| Dec 19, 2024 15:28:45.259291887 CET | 49736 | 443 | 192.168.2.4 | 172.217.17.46 |
| Dec 19, 2024 15:28:45.299437046 CET | 443 | 49736 | 172.217.17.46 | 192.168.2.4 |
| Dec 19, 2024 15:28:46.105918884 CET | 443 | 49736 | 172.217.17.46 | 192.168.2.4 |
| Dec 19, 2024 15:28:46.105998993 CET | 49736 | 443 | 192.168.2.4 | 172.217.17.46 |
| Dec 19, 2024 15:28:46.106005907 CET | 443 | 49736 | 172.217.17.46 | 192.168.2.4 |
| Dec 19, 2024 15:28:46.106053114 CET | 49736 | 443 | 192.168.2.4 | 172.217.17.46 |
| Dec 19, 2024 15:28:46.107131958 CET | 49736 | 443 | 192.168.2.4 | 172.217.17.46 |
| Dec 19, 2024 15:28:46.107155085 CET | 443 | 49736 | 172.217.17.46 | 192.168.2.4 |
| Dec 19, 2024 15:28:46.107168913 CET | 49736 | 443 | 192.168.2.4 | 172.217.17.46 |
| Dec 19, 2024 15:28:46.107482910 CET | 49736 | 443 | 192.168.2.4 | 172.217.17.46 |
| Dec 19, 2024 15:28:46.271025896 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:46.271054983 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:46.271126986 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:46.271395922 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:46.271411896 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:47.977205038 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:47.977287054 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:47.982528925 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:47.982538939 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:47.982954979 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:47.983026028 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:47.993314981 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:48.039341927 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.055335999 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.055459976 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.069309950 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.069384098 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.175196886 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.175277948 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.179153919 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.179203987 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.179225922 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.179269075 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.247142076 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.247217894 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.251178980 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.251260996 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.251269102 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.251307964 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.257347107 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.257410049 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.265585899 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.265642881 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.266732931 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.266774893 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.275347948 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.275422096 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.276819944 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.277028084 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.284706116 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.284775972 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.290450096 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.290499926 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.294451952 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.294508934 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.304095984 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.304234028 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.307405949 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.307461023 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.317852020 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.317934036 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.320967913 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.321032047 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.331788063 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.331844091 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.333673954 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.333720922 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.345447063 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.345499039 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.348474026 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.348526955 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.359086037 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.359147072 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.362185001 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.362227917 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.372612000 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.372685909 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.372694969 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.372735023 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.386457920 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.386531115 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.386537075 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.386579037 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.400007010 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.400072098 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.439383984 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.439460039 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.439466000 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.439506054 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.441307068 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.441369057 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.445732117 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.445782900 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.445786953 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.445831060 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.450126886 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.450180054 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.450185061 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.450228930 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.461097956 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.461131096 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.461158037 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.461165905 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.461185932 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.461241961 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.471405029 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.471487999 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.471493959 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.471538067 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.482336044 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.482393980 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.482400894 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.482443094 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.492485046 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.492539883 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.492547989 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.492588997 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.502410889 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.502470016 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.502494097 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.502552032 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.512821913 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.512913942 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.512918949 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.512964010 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.522361040 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.522423029 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.522428036 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.522469044 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.531696081 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.531763077 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.531768084 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.531825066 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.541418076 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.541465044 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.541471004 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.541508913 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.551048994 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.551098108 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.551103115 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.551140070 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.560548067 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.560620070 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.560626030 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.560664892 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.576034069 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.576082945 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.576087952 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.576132059 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.577372074 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.577416897 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.577534914 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.577600002 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.577604055 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.577641964 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.580410957 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.580459118 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.580462933 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.580486059 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.580507040 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.580534935 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.580575943 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.580589056 CET | 443 | 49737 | 172.217.17.65 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.580606937 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:52.580636978 CET | 49737 | 443 | 192.168.2.4 | 172.217.17.65 |
| Dec 19, 2024 15:28:53.049220085 CET | 49738 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:28:53.169481993 CET | 80 | 49738 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:28:53.169724941 CET | 49738 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:28:53.169971943 CET | 49738 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:28:53.289870977 CET | 80 | 49738 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:28:54.440159082 CET | 80 | 49738 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:28:54.462771893 CET | 49738 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:28:54.582961082 CET | 80 | 49738 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:28:54.868684053 CET | 80 | 49738 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:28:54.921371937 CET | 49738 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:28:55.599934101 CET | 49739 | 443 | 192.168.2.4 | 172.67.177.134 |
| Dec 19, 2024 15:28:55.600047112 CET | 443 | 49739 | 172.67.177.134 | 192.168.2.4 |
| Dec 19, 2024 15:28:55.600147009 CET | 49739 | 443 | 192.168.2.4 | 172.67.177.134 |
| Dec 19, 2024 15:28:55.603713036 CET | 49739 | 443 | 192.168.2.4 | 172.67.177.134 |
| Dec 19, 2024 15:28:55.603749037 CET | 443 | 49739 | 172.67.177.134 | 192.168.2.4 |
| Dec 19, 2024 15:28:56.826766968 CET | 443 | 49739 | 172.67.177.134 | 192.168.2.4 |
| Dec 19, 2024 15:28:56.826885939 CET | 49739 | 443 | 192.168.2.4 | 172.67.177.134 |
| Dec 19, 2024 15:28:56.830596924 CET | 49739 | 443 | 192.168.2.4 | 172.67.177.134 |
| Dec 19, 2024 15:28:56.830631018 CET | 443 | 49739 | 172.67.177.134 | 192.168.2.4 |
| Dec 19, 2024 15:28:56.830935001 CET | 443 | 49739 | 172.67.177.134 | 192.168.2.4 |
| Dec 19, 2024 15:28:56.834863901 CET | 49739 | 443 | 192.168.2.4 | 172.67.177.134 |
| Dec 19, 2024 15:28:56.875366926 CET | 443 | 49739 | 172.67.177.134 | 192.168.2.4 |
| Dec 19, 2024 15:28:57.276554108 CET | 443 | 49739 | 172.67.177.134 | 192.168.2.4 |
| Dec 19, 2024 15:28:57.276617050 CET | 443 | 49739 | 172.67.177.134 | 192.168.2.4 |
| Dec 19, 2024 15:28:57.276688099 CET | 49739 | 443 | 192.168.2.4 | 172.67.177.134 |
| Dec 19, 2024 15:28:57.282922029 CET | 49739 | 443 | 192.168.2.4 | 172.67.177.134 |
| Dec 19, 2024 15:29:02.683444977 CET | 49738 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:02.803522110 CET | 80 | 49738 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:03.089947939 CET | 80 | 49738 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:03.140204906 CET | 49738 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:03.233059883 CET | 49753 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:03.233107090 CET | 443 | 49753 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:03.233196020 CET | 49753 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:03.233490944 CET | 49753 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:03.233517885 CET | 443 | 49753 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:04.679495096 CET | 443 | 49753 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:04.679574013 CET | 49753 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:04.681246042 CET | 49753 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:04.681278944 CET | 443 | 49753 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:04.681535006 CET | 443 | 49753 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:04.683289051 CET | 49753 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:04.723330975 CET | 443 | 49753 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:04.723393917 CET | 49753 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:04.723421097 CET | 443 | 49753 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:05.353986025 CET | 443 | 49753 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:05.354181051 CET | 443 | 49753 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:05.354302883 CET | 49753 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:05.354531050 CET | 49753 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:05.517005920 CET | 49738 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:05.518116951 CET | 49761 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:05.637551069 CET | 80 | 49738 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:05.637620926 CET | 49738 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:05.637917042 CET | 80 | 49761 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:05.638010025 CET | 49761 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:05.638117075 CET | 49761 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:05.757831097 CET | 80 | 49761 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:06.925045013 CET | 80 | 49761 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:06.926645041 CET | 49763 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:06.926702976 CET | 443 | 49763 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:06.926799059 CET | 49763 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:06.927654028 CET | 49763 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:06.927676916 CET | 443 | 49763 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:06.968372107 CET | 49761 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:08.302198887 CET | 443 | 49763 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:08.303826094 CET | 49763 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:08.303853035 CET | 443 | 49763 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:08.303910017 CET | 49763 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:08.303917885 CET | 443 | 49763 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:08.983419895 CET | 443 | 49763 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:08.983514071 CET | 443 | 49763 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:08.983575106 CET | 49763 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:08.984253883 CET | 49763 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:08.989353895 CET | 49769 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:09.109146118 CET | 80 | 49769 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:09.109384060 CET | 49769 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:09.109477997 CET | 49769 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:09.229999065 CET | 80 | 49769 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:10.400998116 CET | 80 | 49769 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:10.402574062 CET | 49775 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:10.402617931 CET | 443 | 49775 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:10.402754068 CET | 49775 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:10.403028011 CET | 49775 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:10.403052092 CET | 443 | 49775 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:10.452872038 CET | 49769 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:11.764729977 CET | 443 | 49775 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:11.766294956 CET | 49775 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:11.766381979 CET | 443 | 49775 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:11.766449928 CET | 49775 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:11.766464949 CET | 443 | 49775 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:12.557029009 CET | 443 | 49775 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:12.557142973 CET | 443 | 49775 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:12.557209969 CET | 49775 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:12.557569027 CET | 49775 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:12.560702085 CET | 49769 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:12.561837912 CET | 49781 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:12.680895090 CET | 80 | 49769 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:12.680977106 CET | 49769 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:12.681482077 CET | 80 | 49781 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:12.681572914 CET | 49781 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:12.681716919 CET | 49781 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:12.801251888 CET | 80 | 49781 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:13.951332092 CET | 80 | 49781 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:13.952403069 CET | 49783 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:13.952450037 CET | 443 | 49783 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:13.952522993 CET | 49783 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:13.952717066 CET | 49783 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:13.952728987 CET | 443 | 49783 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:13.999728918 CET | 49781 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:15.357526064 CET | 443 | 49783 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:15.366446018 CET | 49783 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:15.366460085 CET | 443 | 49783 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:15.366508007 CET | 49783 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:15.366517067 CET | 443 | 49783 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:15.994927883 CET | 443 | 49783 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:15.995032072 CET | 443 | 49783 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:15.995102882 CET | 49783 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:15.995644093 CET | 49783 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:15.999506950 CET | 49781 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:16.000823021 CET | 49789 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:16.119807005 CET | 80 | 49781 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:16.119895935 CET | 49781 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:16.120512009 CET | 80 | 49789 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:16.120637894 CET | 49789 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:16.120825052 CET | 49789 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:16.241996050 CET | 80 | 49789 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:17.390192986 CET | 80 | 49789 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:17.391731024 CET | 49794 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:17.391798019 CET | 443 | 49794 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:17.391881943 CET | 49794 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:17.392292023 CET | 49794 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:17.392309904 CET | 443 | 49794 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:17.437277079 CET | 49789 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:18.761718988 CET | 443 | 49794 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:18.763506889 CET | 49794 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:18.763539076 CET | 443 | 49794 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:18.763602972 CET | 49794 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:18.763613939 CET | 443 | 49794 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:19.388614893 CET | 443 | 49794 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:19.388736010 CET | 443 | 49794 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:19.388792992 CET | 49794 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:19.389298916 CET | 49794 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:19.392441034 CET | 49789 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:19.393971920 CET | 49800 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:19.512500048 CET | 80 | 49789 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:19.512588978 CET | 49789 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:19.513617039 CET | 80 | 49800 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:19.513719082 CET | 49800 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:19.513865948 CET | 49800 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:19.633419037 CET | 80 | 49800 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:20.788104057 CET | 80 | 49800 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:20.789160967 CET | 49805 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:20.789192915 CET | 443 | 49805 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:20.789271116 CET | 49805 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:20.789488077 CET | 49805 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:20.789498091 CET | 443 | 49805 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:20.843534946 CET | 49800 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:22.159051895 CET | 443 | 49805 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:22.160573959 CET | 49805 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:22.160588026 CET | 443 | 49805 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:22.160645962 CET | 49805 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:22.160654068 CET | 443 | 49805 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:22.830156088 CET | 443 | 49805 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:22.830254078 CET | 443 | 49805 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:22.830293894 CET | 49805 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:22.830658913 CET | 49805 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:22.834862947 CET | 49800 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:22.835905075 CET | 49810 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:22.958167076 CET | 80 | 49800 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:22.958206892 CET | 80 | 49810 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:22.958250046 CET | 49800 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:22.958282948 CET | 49810 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:22.958538055 CET | 49810 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:23.078020096 CET | 80 | 49810 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:24.227775097 CET | 80 | 49810 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:24.231177092 CET | 49812 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:24.231199026 CET | 443 | 49812 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:24.231266975 CET | 49812 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:24.231586933 CET | 49812 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:24.231595039 CET | 443 | 49812 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:24.281076908 CET | 49810 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:25.597345114 CET | 443 | 49812 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:25.599064112 CET | 49812 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:25.599078894 CET | 443 | 49812 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:25.599123001 CET | 49812 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:25.599132061 CET | 443 | 49812 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:26.346916914 CET | 443 | 49812 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:26.347018003 CET | 443 | 49812 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:26.347179890 CET | 49812 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:26.347506046 CET | 49812 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:26.350353003 CET | 49810 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:26.360110044 CET | 49818 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:26.470743895 CET | 80 | 49810 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:26.470817089 CET | 49810 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:26.479871988 CET | 80 | 49818 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:26.480067968 CET | 49818 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:26.480266094 CET | 49818 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:26.599811077 CET | 80 | 49818 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:27.748338938 CET | 80 | 49818 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:27.749540091 CET | 49823 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:27.749634027 CET | 443 | 49823 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:27.749712944 CET | 49823 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:27.750204086 CET | 49823 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:27.750240088 CET | 443 | 49823 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:27.796770096 CET | 49818 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:29.146543026 CET | 443 | 49823 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:29.151590109 CET | 49823 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:29.151623011 CET | 443 | 49823 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:29.151689053 CET | 49823 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:29.151705980 CET | 443 | 49823 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:29.893965006 CET | 443 | 49823 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:29.894083977 CET | 443 | 49823 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:29.894146919 CET | 49823 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:29.894501925 CET | 49823 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:29.897831917 CET | 49818 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:29.898998022 CET | 49828 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:30.018729925 CET | 80 | 49818 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:30.018767118 CET | 80 | 49828 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:30.018825054 CET | 49818 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:30.018940926 CET | 49828 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:30.018979073 CET | 49828 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:30.139017105 CET | 80 | 49828 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:31.745843887 CET | 80 | 49828 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:31.747040987 CET | 49833 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:31.747082949 CET | 443 | 49833 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:31.747149944 CET | 49833 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:31.747446060 CET | 49833 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:31.747461081 CET | 443 | 49833 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:31.796761036 CET | 49828 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:33.107414007 CET | 443 | 49833 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:33.109046936 CET | 49833 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:33.109076977 CET | 443 | 49833 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:33.109144926 CET | 49833 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:33.109152079 CET | 443 | 49833 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:34.009871006 CET | 443 | 49833 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:34.009985924 CET | 443 | 49833 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:34.010046005 CET | 49833 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:34.010380030 CET | 49833 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:34.014065027 CET | 49828 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:34.015343904 CET | 49839 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:34.134607077 CET | 80 | 49828 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:34.134712934 CET | 49828 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:34.135241032 CET | 80 | 49839 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:34.135329962 CET | 49839 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:34.135602951 CET | 49839 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:34.255230904 CET | 80 | 49839 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:35.403703928 CET | 80 | 49839 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:35.407824039 CET | 49842 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:35.407862902 CET | 443 | 49842 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:35.407927036 CET | 49842 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:35.408277988 CET | 49842 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:35.408288956 CET | 443 | 49842 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:35.453079939 CET | 49839 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:36.800019026 CET | 443 | 49842 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:36.801769972 CET | 49842 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:36.801801920 CET | 443 | 49842 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:36.801876068 CET | 49842 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:36.801881075 CET | 443 | 49842 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:37.524077892 CET | 443 | 49842 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:37.524159908 CET | 443 | 49842 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:37.524235964 CET | 49842 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:37.524660110 CET | 49842 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:37.527884007 CET | 49839 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:37.529294014 CET | 49847 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:37.647975922 CET | 80 | 49839 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:37.648046017 CET | 49839 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:37.648952007 CET | 80 | 49847 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:37.649034977 CET | 49847 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:37.649194002 CET | 49847 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:37.768717051 CET | 80 | 49847 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:38.917552948 CET | 80 | 49847 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:38.927001953 CET | 49852 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:38.927037954 CET | 443 | 49852 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:38.927105904 CET | 49852 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:38.931056023 CET | 49852 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:38.931071997 CET | 443 | 49852 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:38.970222950 CET | 49847 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:40.297007084 CET | 443 | 49852 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:40.298779011 CET | 49852 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:40.298841953 CET | 443 | 49852 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:40.298962116 CET | 49852 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:40.298994064 CET | 443 | 49852 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:40.967377901 CET | 443 | 49852 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:40.967499971 CET | 443 | 49852 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:40.967587948 CET | 49852 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:40.968149900 CET | 49852 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:40.974240065 CET | 49847 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:40.975558996 CET | 49856 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:41.094160080 CET | 80 | 49847 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:41.094240904 CET | 49847 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:41.095118046 CET | 80 | 49856 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:41.095213890 CET | 49856 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:41.095355034 CET | 49856 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:41.214972973 CET | 80 | 49856 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:42.380191088 CET | 80 | 49856 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:42.381520987 CET | 49861 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:42.381617069 CET | 443 | 49861 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:42.381714106 CET | 49861 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:42.382023096 CET | 49861 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:42.382061005 CET | 443 | 49861 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:42.421916962 CET | 49856 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:43.749286890 CET | 443 | 49861 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:43.751251936 CET | 49861 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:43.751281977 CET | 443 | 49861 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:43.751351118 CET | 49861 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:43.751368999 CET | 443 | 49861 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:44.560483932 CET | 443 | 49861 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:44.562026978 CET | 443 | 49861 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:44.562123060 CET | 49861 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:44.562490940 CET | 49861 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:44.565524101 CET | 49856 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:44.566706896 CET | 49867 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:44.686254978 CET | 80 | 49856 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:44.686351061 CET | 49856 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:44.686682940 CET | 80 | 49867 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:44.686752081 CET | 49867 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:44.686892986 CET | 49867 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:44.806343079 CET | 80 | 49867 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:45.954668999 CET | 80 | 49867 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:45.955997944 CET | 49871 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:45.956028938 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:45.956088066 CET | 49871 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:45.956371069 CET | 49871 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:45.956387043 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:46.000056982 CET | 49867 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:47.318901062 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:47.320544958 CET | 49871 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:47.320566893 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:47.320621014 CET | 49871 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:47.320631027 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:47.965348959 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:47.965435028 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:47.965497017 CET | 49871 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:47.965878010 CET | 49871 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:47.969084024 CET | 49867 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:47.970197916 CET | 49876 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:48.089138031 CET | 80 | 49867 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:48.089205027 CET | 49867 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:48.089745998 CET | 80 | 49876 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:48.089818001 CET | 49876 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:48.089977026 CET | 49876 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:48.209642887 CET | 80 | 49876 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:49.357676029 CET | 80 | 49876 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:49.359297037 CET | 49881 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:49.359338045 CET | 443 | 49881 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:49.359464884 CET | 49881 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:49.359844923 CET | 49881 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:49.359854937 CET | 443 | 49881 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:49.410893917 CET | 49876 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:50.727823019 CET | 443 | 49881 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:50.740391016 CET | 49881 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:50.740406036 CET | 443 | 49881 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:50.740466118 CET | 49881 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:50.740474939 CET | 443 | 49881 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:51.449529886 CET | 443 | 49881 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:51.449614048 CET | 443 | 49881 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:51.449659109 CET | 49881 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:51.450086117 CET | 49881 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:51.453392982 CET | 49876 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:51.454554081 CET | 49887 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:51.574354887 CET | 80 | 49887 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:51.574548006 CET | 49887 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:51.574583054 CET | 49887 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:51.581950903 CET | 80 | 49876 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:51.582014084 CET | 49876 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:51.694212914 CET | 80 | 49887 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:52.841837883 CET | 80 | 49887 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:52.843235970 CET | 49890 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:52.843302011 CET | 443 | 49890 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:52.843399048 CET | 49890 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:52.843666077 CET | 49890 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:52.843699932 CET | 443 | 49890 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:52.890763044 CET | 49887 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:54.208961964 CET | 443 | 49890 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:54.211007118 CET | 49890 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:54.211034060 CET | 443 | 49890 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:54.211146116 CET | 49890 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:54.211153030 CET | 443 | 49890 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:54.981803894 CET | 443 | 49890 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:54.982104063 CET | 443 | 49890 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:54.982168913 CET | 49890 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:54.982413054 CET | 49890 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:54.985542059 CET | 49887 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:54.986360073 CET | 49895 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:55.105473042 CET | 80 | 49887 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:55.105540037 CET | 49887 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:55.105843067 CET | 80 | 49895 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:55.105917931 CET | 49895 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:55.106069088 CET | 49895 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:55.225630999 CET | 80 | 49895 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:56.376523018 CET | 80 | 49895 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:56.377909899 CET | 49899 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:56.377953053 CET | 443 | 49899 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:56.378019094 CET | 49899 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:56.378310919 CET | 49899 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:56.378320932 CET | 443 | 49899 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:56.422182083 CET | 49895 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:57.739906073 CET | 443 | 49899 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:57.741616964 CET | 49899 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:57.741631031 CET | 443 | 49899 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:57.741745949 CET | 49899 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:57.741750956 CET | 443 | 49899 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:58.386661053 CET | 443 | 49899 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:58.386760950 CET | 443 | 49899 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:29:58.386811972 CET | 49899 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:58.387341022 CET | 49899 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:29:58.390372992 CET | 49895 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:58.391381979 CET | 49905 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:58.510598898 CET | 80 | 49895 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:58.510689974 CET | 49895 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:58.511270046 CET | 80 | 49905 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:29:58.511354923 CET | 49905 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:58.511513948 CET | 49905 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:29:58.631036043 CET | 80 | 49905 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:30:00.399445057 CET | 80 | 49905 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:30:00.400696993 CET | 49911 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:30:00.400799990 CET | 443 | 49911 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:30:00.400881052 CET | 49911 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:30:00.401190996 CET | 49911 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:30:00.401230097 CET | 443 | 49911 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:30:00.453327894 CET | 49905 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:30:01.799906969 CET | 443 | 49911 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:30:01.801517963 CET | 49911 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:30:01.801549911 CET | 443 | 49911 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:30:01.801615000 CET | 49911 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:30:01.801625967 CET | 443 | 49911 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:30:02.640518904 CET | 443 | 49911 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:30:02.642007113 CET | 443 | 49911 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:30:02.642081976 CET | 49911 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:30:02.673069954 CET | 49911 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:30:02.750102043 CET | 49905 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:30:02.796205044 CET | 49917 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:30:02.870014906 CET | 80 | 49905 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:30:02.870089054 CET | 49905 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:30:02.916043043 CET | 80 | 49917 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:30:02.916126966 CET | 49917 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:30:02.917160034 CET | 49917 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:30:03.036664009 CET | 80 | 49917 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:30:07.227844000 CET | 80 | 49917 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:30:07.232034922 CET | 49928 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:30:07.232122898 CET | 443 | 49928 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:30:07.232218027 CET | 49928 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:30:07.232530117 CET | 49928 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:30:07.232562065 CET | 443 | 49928 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:30:07.281519890 CET | 49917 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:30:08.596633911 CET | 443 | 49928 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:30:08.599138975 CET | 49928 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:30:08.599160910 CET | 443 | 49928 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:30:08.599201918 CET | 49928 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:30:08.599212885 CET | 443 | 49928 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:30:09.283654928 CET | 443 | 49928 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:30:09.283735037 CET | 443 | 49928 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:30:09.283777952 CET | 49928 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:30:09.284161091 CET | 49928 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:30:09.288836002 CET | 49917 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:30:09.290319920 CET | 49934 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:30:09.408832073 CET | 80 | 49917 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:30:09.408953905 CET | 49917 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:30:09.409900904 CET | 80 | 49934 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:30:09.409982920 CET | 49934 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:30:09.410159111 CET | 49934 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:30:09.529779911 CET | 80 | 49934 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:30:11.925851107 CET | 80 | 49761 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:30:11.926085949 CET | 49761 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:30:13.822424889 CET | 80 | 49934 | 193.122.6.168 | 192.168.2.4 |
| Dec 19, 2024 15:30:13.823016882 CET | 49945 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:30:13.823056936 CET | 443 | 49945 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:30:13.823137999 CET | 49945 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:30:13.823385000 CET | 49945 | 443 | 192.168.2.4 | 149.154.167.220 |
| Dec 19, 2024 15:30:13.823394060 CET | 443 | 49945 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:30:13.875391960 CET | 49934 | 80 | 192.168.2.4 | 193.122.6.168 |
| Dec 19, 2024 15:30:15.184931040 CET | 443 | 49945 | 149.154.167.220 | 192.168.2.4 |
| Dec 19, 2024 15:30:15.234741926 CET | 49945 | 443 | 192.168.2.4 | 149.154.167.220 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 19, 2024 15:28:43.310990095 CET | 57249 | 53 | 192.168.2.4 | 1.1.1.1 |
| Dec 19, 2024 15:28:43.448050976 CET | 53 | 57249 | 1.1.1.1 | 192.168.2.4 |
| Dec 19, 2024 15:28:46.132462978 CET | 50045 | 53 | 192.168.2.4 | 1.1.1.1 |
| Dec 19, 2024 15:28:46.270205975 CET | 53 | 50045 | 1.1.1.1 | 192.168.2.4 |
| Dec 19, 2024 15:28:52.903795958 CET | 59772 | 53 | 192.168.2.4 | 1.1.1.1 |
| Dec 19, 2024 15:28:53.043029070 CET | 53 | 59772 | 1.1.1.1 | 192.168.2.4 |
| Dec 19, 2024 15:28:55.147900105 CET | 55681 | 53 | 192.168.2.4 | 1.1.1.1 |
| Dec 19, 2024 15:28:55.598881960 CET | 53 | 55681 | 1.1.1.1 | 192.168.2.4 |
| Dec 19, 2024 15:29:03.095367908 CET | 49915 | 53 | 192.168.2.4 | 1.1.1.1 |
| Dec 19, 2024 15:29:03.232485056 CET | 53 | 49915 | 1.1.1.1 | 192.168.2.4 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Dec 19, 2024 15:28:43.310990095 CET | 192.168.2.4 | 1.1.1.1 | 0xbcde | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 19, 2024 15:28:46.132462978 CET | 192.168.2.4 | 1.1.1.1 | 0x20a7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 19, 2024 15:28:52.903795958 CET | 192.168.2.4 | 1.1.1.1 | 0x7c72 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 19, 2024 15:28:55.147900105 CET | 192.168.2.4 | 1.1.1.1 | 0xc4cb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 19, 2024 15:29:03.095367908 CET | 192.168.2.4 | 1.1.1.1 | 0x11e2 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Dec 19, 2024 15:28:43.448050976 CET | 1.1.1.1 | 192.168.2.4 | 0xbcde | No error (0) | 172.217.17.46 | A (IP address) | IN (0x0001) | false | ||
| Dec 19, 2024 15:28:46.270205975 CET | 1.1.1.1 | 192.168.2.4 | 0x20a7 | No error (0) | 172.217.17.65 | A (IP address) | IN (0x0001) | false | ||
| Dec 19, 2024 15:28:53.043029070 CET | 1.1.1.1 | 192.168.2.4 | 0x7c72 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Dec 19, 2024 15:28:53.043029070 CET | 1.1.1.1 | 192.168.2.4 | 0x7c72 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Dec 19, 2024 15:28:53.043029070 CET | 1.1.1.1 | 192.168.2.4 | 0x7c72 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Dec 19, 2024 15:28:53.043029070 CET | 1.1.1.1 | 192.168.2.4 | 0x7c72 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
| Dec 19, 2024 15:28:53.043029070 CET | 1.1.1.1 | 192.168.2.4 | 0x7c72 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Dec 19, 2024 15:28:53.043029070 CET | 1.1.1.1 | 192.168.2.4 | 0x7c72 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
| Dec 19, 2024 15:28:55.598881960 CET | 1.1.1.1 | 192.168.2.4 | 0xc4cb | No error (0) | 172.67.177.134 | A (IP address) | IN (0x0001) | false | ||
| Dec 19, 2024 15:28:55.598881960 CET | 1.1.1.1 | 192.168.2.4 | 0xc4cb | No error (0) | 104.21.67.152 | A (IP address) | IN (0x0001) | false | ||
| Dec 19, 2024 15:29:03.232485056 CET | 1.1.1.1 | 192.168.2.4 | 0x11e2 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49738 | 193.122.6.168 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:28:53.169971943 CET | 151 | OUT | |
| Dec 19, 2024 15:28:54.440159082 CET | 321 | IN | |
| Dec 19, 2024 15:28:54.462771893 CET | 127 | OUT | |
| Dec 19, 2024 15:28:54.868684053 CET | 321 | IN | |
| Dec 19, 2024 15:29:02.683444977 CET | 127 | OUT | |
| Dec 19, 2024 15:29:03.089947939 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49761 | 193.122.6.168 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:29:05.638117075 CET | 127 | OUT | |
| Dec 19, 2024 15:29:06.925045013 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 49769 | 193.122.6.168 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:29:09.109477997 CET | 151 | OUT | |
| Dec 19, 2024 15:29:10.400998116 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.4 | 49781 | 193.122.6.168 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:29:12.681716919 CET | 151 | OUT | |
| Dec 19, 2024 15:29:13.951332092 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.4 | 49789 | 193.122.6.168 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:29:16.120825052 CET | 151 | OUT | |
| Dec 19, 2024 15:29:17.390192986 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.4 | 49800 | 193.122.6.168 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:29:19.513865948 CET | 151 | OUT | |
| Dec 19, 2024 15:29:20.788104057 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.4 | 49810 | 193.122.6.168 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:29:22.958538055 CET | 151 | OUT | |
| Dec 19, 2024 15:29:24.227775097 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.4 | 49818 | 193.122.6.168 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:29:26.480266094 CET | 151 | OUT | |
| Dec 19, 2024 15:29:27.748338938 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.4 | 49828 | 193.122.6.168 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:29:30.018979073 CET | 151 | OUT | |
| Dec 19, 2024 15:29:31.745843887 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.4 | 49839 | 193.122.6.168 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:29:34.135602951 CET | 151 | OUT | |
| Dec 19, 2024 15:29:35.403703928 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.4 | 49847 | 193.122.6.168 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:29:37.649194002 CET | 151 | OUT | |
| Dec 19, 2024 15:29:38.917552948 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.4 | 49856 | 193.122.6.168 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:29:41.095355034 CET | 151 | OUT | |
| Dec 19, 2024 15:29:42.380191088 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.4 | 49867 | 193.122.6.168 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:29:44.686892986 CET | 151 | OUT | |
| Dec 19, 2024 15:29:45.954668999 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.4 | 49876 | 193.122.6.168 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:29:48.089977026 CET | 151 | OUT | |
| Dec 19, 2024 15:29:49.357676029 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.4 | 49887 | 193.122.6.168 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:29:51.574583054 CET | 151 | OUT | |
| Dec 19, 2024 15:29:52.841837883 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.4 | 49895 | 193.122.6.168 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:29:55.106069088 CET | 151 | OUT | |
| Dec 19, 2024 15:29:56.376523018 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.4 | 49905 | 193.122.6.168 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:29:58.511513948 CET | 151 | OUT | |
| Dec 19, 2024 15:30:00.399445057 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 17 | 192.168.2.4 | 49917 | 193.122.6.168 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:30:02.917160034 CET | 151 | OUT | |
| Dec 19, 2024 15:30:07.227844000 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 18 | 192.168.2.4 | 49934 | 193.122.6.168 | 80 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:30:09.410159111 CET | 151 | OUT | |
| Dec 19, 2024 15:30:13.822424889 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49736 | 172.217.17.46 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:28:45 UTC | 216 | OUT | |
| 2024-12-19 14:28:46 UTC | 1920 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49737 | 172.217.17.65 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:28:47 UTC | 258 | OUT | |
| 2024-12-19 14:28:52 UTC | 4921 | IN | |
| 2024-12-19 14:28:52 UTC | 4921 | IN | |
| 2024-12-19 14:28:52 UTC | 4855 | IN | |
| 2024-12-19 14:28:52 UTC | 1323 | IN | |
| 2024-12-19 14:28:52 UTC | 1390 | IN | |
| 2024-12-19 14:28:52 UTC | 1390 | IN | |
| 2024-12-19 14:28:52 UTC | 1390 | IN | |
| 2024-12-19 14:28:52 UTC | 1390 | IN | |
| 2024-12-19 14:28:52 UTC | 1390 | IN | |
| 2024-12-19 14:28:52 UTC | 1390 | IN | |
| 2024-12-19 14:28:52 UTC | 1390 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 49739 | 172.67.177.134 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:28:56 UTC | 85 | OUT | |
| 2024-12-19 14:28:57 UTC | 876 | IN | |
| 2024-12-19 14:28:57 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.4 | 49753 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:29:04 UTC | 295 | OUT | |
| 2024-12-19 14:29:04 UTC | 1090 | OUT | |
| 2024-12-19 14:29:05 UTC | 388 | IN | |
| 2024-12-19 14:29:05 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.4 | 49763 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:29:08 UTC | 295 | OUT | |
| 2024-12-19 14:29:08 UTC | 1090 | OUT | |
| 2024-12-19 14:29:08 UTC | 388 | IN | |
| 2024-12-19 14:29:08 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.4 | 49775 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:29:11 UTC | 271 | OUT | |
| 2024-12-19 14:29:11 UTC | 1090 | OUT | |
| 2024-12-19 14:29:12 UTC | 388 | IN | |
| 2024-12-19 14:29:12 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.4 | 49783 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:29:15 UTC | 271 | OUT | |
| 2024-12-19 14:29:15 UTC | 1090 | OUT | |
| 2024-12-19 14:29:15 UTC | 388 | IN | |
| 2024-12-19 14:29:15 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.4 | 49794 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:29:18 UTC | 295 | OUT | |
| 2024-12-19 14:29:18 UTC | 1090 | OUT | |
| 2024-12-19 14:29:19 UTC | 388 | IN | |
| 2024-12-19 14:29:19 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.4 | 49805 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:29:22 UTC | 295 | OUT | |
| 2024-12-19 14:29:22 UTC | 1090 | OUT | |
| 2024-12-19 14:29:22 UTC | 388 | IN | |
| 2024-12-19 14:29:22 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.4 | 49812 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:29:25 UTC | 295 | OUT | |
| 2024-12-19 14:29:25 UTC | 1090 | OUT | |
| 2024-12-19 14:29:26 UTC | 388 | IN | |
| 2024-12-19 14:29:26 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.4 | 49823 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:29:29 UTC | 295 | OUT | |
| 2024-12-19 14:29:29 UTC | 1090 | OUT | |
| 2024-12-19 14:29:29 UTC | 388 | IN | |
| 2024-12-19 14:29:29 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.4 | 49833 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:29:33 UTC | 295 | OUT | |
| 2024-12-19 14:29:33 UTC | 1090 | OUT | |
| 2024-12-19 14:29:34 UTC | 388 | IN | |
| 2024-12-19 14:29:34 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.4 | 49842 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:29:36 UTC | 295 | OUT | |
| 2024-12-19 14:29:36 UTC | 1090 | OUT | |
| 2024-12-19 14:29:37 UTC | 388 | IN | |
| 2024-12-19 14:29:37 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.4 | 49852 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:29:40 UTC | 295 | OUT | |
| 2024-12-19 14:29:40 UTC | 1090 | OUT | |
| 2024-12-19 14:29:40 UTC | 388 | IN | |
| 2024-12-19 14:29:40 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.4 | 49861 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:29:43 UTC | 295 | OUT | |
| 2024-12-19 14:29:43 UTC | 1090 | OUT | |
| 2024-12-19 14:29:44 UTC | 388 | IN | |
| 2024-12-19 14:29:44 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.4 | 49871 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:29:47 UTC | 295 | OUT | |
| 2024-12-19 14:29:47 UTC | 1090 | OUT | |
| 2024-12-19 14:29:47 UTC | 388 | IN | |
| 2024-12-19 14:29:47 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.4 | 49881 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:29:50 UTC | 295 | OUT | |
| 2024-12-19 14:29:50 UTC | 1090 | OUT | |
| 2024-12-19 14:29:51 UTC | 388 | IN | |
| 2024-12-19 14:29:51 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 17 | 192.168.2.4 | 49890 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:29:54 UTC | 271 | OUT | |
| 2024-12-19 14:29:54 UTC | 1090 | OUT | |
| 2024-12-19 14:29:54 UTC | 388 | IN | |
| 2024-12-19 14:29:54 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 18 | 192.168.2.4 | 49899 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:29:57 UTC | 271 | OUT | |
| 2024-12-19 14:29:57 UTC | 1090 | OUT | |
| 2024-12-19 14:29:58 UTC | 388 | IN | |
| 2024-12-19 14:29:58 UTC | 542 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 19 | 192.168.2.4 | 49911 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:30:01 UTC | 295 | OUT | |
| 2024-12-19 14:30:01 UTC | 1090 | OUT | |
| 2024-12-19 14:30:02 UTC | 388 | IN | |
| 2024-12-19 14:30:02 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 20 | 192.168.2.4 | 49928 | 149.154.167.220 | 443 | 7788 | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:30:08 UTC | 295 | OUT | |
| 2024-12-19 14:30:08 UTC | 1090 | OUT | |
| 2024-12-19 14:30:09 UTC | 388 | IN | |
| 2024-12-19 14:30:09 UTC | 542 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 09:28:02 |
| Start date: | 19/12/2024 |
| Path: | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 460'983 bytes |
| MD5 hash: | D0074EDAB5CEE4B432BF2E9F075E6301 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 09:28:36 |
| Start date: | 19/12/2024 |
| Path: | C:\Users\user\Desktop\PAYMENT ADVICE 750013-1012449943-81347-pdf.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 460'983 bytes |
| MD5 hash: | D0074EDAB5CEE4B432BF2E9F075E6301 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 21.2% |
| Dynamic/Decrypted Code Coverage: | 13.9% |
| Signature Coverage: | 20.8% |
| Total number of Nodes: | 1517 |
| Total number of Limit Nodes: | 46 |
Graph
Function 004032A0 Relevance: 89.7, APIs: 32, Strings: 19, Instructions: 401stringfilecomCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404B30 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406077 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 207stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405846 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406398 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004027FB Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040389E Relevance: 47.5, APIs: 14, Strings: 13, Instructions: 215stringregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401767 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004025E5 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 151fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040237B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004063BF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405128 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401FC3 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401DDC Relevance: 3.0, APIs: 2, Instructions: 21COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405C2A Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405700 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100028A4 Relevance: 2.7, APIs: 2, Instructions: 156memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402786 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040229D Relevance: 1.5, APIs: 1, Instructions: 25COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405CDC Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405CAD Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100027C7 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040159B Relevance: 1.5, APIs: 1, Instructions: 18COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040414E Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403258 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 1000121B Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004052F3 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004045B4 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040686A Relevance: .3, Instructions: 334COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407041 Relevance: .3, Instructions: 300COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004042B6 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 207windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405D84 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100022D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404180 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404A7E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D04 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100024A9 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402537 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100018A9 Relevance: 7.7, APIs: 5, Instructions: 189COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100015FF Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401CFA Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404970 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401BDF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F22 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405A09 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D8A Relevance: 6.0, APIs: 4, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405B11 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405735 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405A55 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405B8F Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 10.7% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 2.7% |
| Total number of Nodes: | 222 |
| Total number of Limit Nodes: | 15 |
Graph
Function 00154328 Relevance: 6.4, Strings: 5, Instructions: 193COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158DA0 Relevance: 6.1, Strings: 4, Instructions: 1133COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001560E0 Relevance: 5.3, Strings: 4, Instructions: 339COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00155968 Relevance: 3.0, Strings: 2, Instructions: 512COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37FBE7C8 Relevance: 2.0, Strings: 1, Instructions: 764COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A8BDF0 Relevance: 2.0, Strings: 1, Instructions: 758COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37FBD66F Relevance: 1.9, APIs: 1, Instructions: 366COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A89D10 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A8A360 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A896C8 Relevance: 1.5, Strings: 1, Instructions: 218COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A8A9B0 Relevance: 1.5, Strings: 1, Instructions: 218COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A896C7 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A8A9AF Relevance: 1.4, Strings: 1, Instructions: 158COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A88650 Relevance: .7, Instructions: 709COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 374EC638 Relevance: .3, Instructions: 300COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 374E03C4 Relevance: .3, Instructions: 265COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 374E0C28 Relevance: .2, Instructions: 220COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 374E0C27 Relevance: .2, Instructions: 217COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 374E0F6F Relevance: .2, Instructions: 202COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A8BA97 Relevance: .2, Instructions: 191COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A88652 Relevance: .2, Instructions: 162COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37FBF316 Relevance: .2, Instructions: 154COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A8C92F Relevance: .2, Instructions: 153COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A89D0F Relevance: .1, Instructions: 102COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A8A35F Relevance: .1, Instructions: 102COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001566B8 Relevance: 10.5, Strings: 8, Instructions: 475COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37FB0980 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001519B8 Relevance: 5.6, Strings: 4, Instructions: 563COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A8D548 Relevance: 5.2, Strings: 4, Instructions: 151COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A87920 Relevance: 3.9, Strings: 3, Instructions: 147COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00154F00 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00155460 Relevance: 2.7, Strings: 2, Instructions: 229COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158D90 Relevance: 2.7, Strings: 2, Instructions: 189COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00152C88 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00157EC0 Relevance: 2.6, Strings: 2, Instructions: 103COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A87922 Relevance: 2.6, Strings: 2, Instructions: 72COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158D19 Relevance: 2.5, Strings: 2, Instructions: 44COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37FB0104 Relevance: 1.6, APIs: 1, Instructions: 120COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37FB0110 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37FB1DC0 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37FB0BC0 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37FB0BC8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37FBD3E8 Relevance: 1.5, APIs: 1, Instructions: 48comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37FB2018 Relevance: 1.5, APIs: 1, Instructions: 48timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37FBE700 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37FBC560 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37FB2020 Relevance: 1.5, APIs: 1, Instructions: 44timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37FBE708 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00150B23 Relevance: 1.5, Strings: 1, Instructions: 205COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00150B30 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A8FAB0 Relevance: 1.4, Strings: 1, Instructions: 189COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00159EB0 Relevance: 1.4, Strings: 1, Instructions: 118COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A8FAA1 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A8CF68 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A8CF59 Relevance: 1.3, Strings: 1, Instructions: 80COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A895E8 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A8C175 Relevance: .3, Instructions: 322COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A8C173 Relevance: .3, Instructions: 319COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00156C98 Relevance: .2, Instructions: 201COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015AF90 Relevance: .2, Instructions: 200COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A8DD21 Relevance: .2, Instructions: 183COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A8C4CF Relevance: .2, Instructions: 155COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A8CC28 Relevance: .1, Instructions: 147COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00153168 Relevance: .1, Instructions: 134COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A88721 Relevance: .1, Instructions: 130COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001592C3 Relevance: .1, Instructions: 124COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00155F90 Relevance: .1, Instructions: 113COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158BF0 Relevance: .1, Instructions: 104COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015B1B7 Relevance: .1, Instructions: 102COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00154620 Relevance: .1, Instructions: 101COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158B4B Relevance: .1, Instructions: 88COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00156F40 Relevance: .1, Instructions: 87COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FE60 Relevance: .1, Instructions: 82COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015B2E0 Relevance: .1, Instructions: 79COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001518C8 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001552C8 Relevance: .1, Instructions: 74COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD030 Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00154611 Relevance: .1, Instructions: 70COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00150EC8 Relevance: .1, Instructions: 68COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015324D Relevance: .1, Instructions: 68COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158729 Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001552B8 Relevance: .1, Instructions: 64COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001517B8 Relevance: .1, Instructions: 64COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015B3B0 Relevance: .1, Instructions: 60COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A8B9C8 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A8B9C7 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A8CE50 Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD02B Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00154E5F Relevance: .1, Instructions: 52COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A8E7F4 Relevance: .0, Instructions: 50COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015B2F0 Relevance: .0, Instructions: 49COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FC3E Relevance: .0, Instructions: 44COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A8CE60 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A89608 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015B158 Relevance: .0, Instructions: 31COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FE10 Relevance: .0, Instructions: 31COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00151877 Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FE20 Relevance: .0, Instructions: 23COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A89438 Relevance: .0, Instructions: 22COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FF21 Relevance: .0, Instructions: 20COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00151888 Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A8CF30 Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001556FF Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A8D095 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00159F6D Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FF30 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A895D8 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A8BD48 Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00155710 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A894B4 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015B2C3 Relevance: .0, Instructions: 8COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FFC8 Relevance: .0, Instructions: 4COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004032A0 Relevance: 77.4, APIs: 32, Strings: 12, Instructions: 401stringfilecomCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404B30 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A8AFF8 Relevance: 23.0, Strings: 18, Instructions: 461COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405846 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 148filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A8AFF7 Relevance: 12.9, Strings: 10, Instructions: 361COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A87B62 Relevance: 1.8, Strings: 1, Instructions: 595COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A88193 Relevance: 1.4, Strings: 1, Instructions: 193COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A88373 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 374EBD88 Relevance: .3, Instructions: 277COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 374EE790 Relevance: .3, Instructions: 273COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A80FA8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A867C0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A85F10 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A83F70 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A836C0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A82E10 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A85660 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A84DB0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A82560 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A81CB0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A874C8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A81400 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A86C18 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A843C8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A83B18 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A86368 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A85AB8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A85208 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A83268 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A829B8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A82108 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A84820 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A87070 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A81858 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 374EDEEF Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 374EE347 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 374EEBF7 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 374EC1F2 Relevance: .3, Instructions: 267COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 374EB4EC Relevance: .3, Instructions: 265COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 374EDA9C Relevance: .3, Instructions: 265COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 374EB944 Relevance: .3, Instructions: 265COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 374EF054 Relevance: .3, Instructions: 265COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37FBF5D8 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A8CBE7 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004052F3 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004042B6 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 207windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040389E Relevance: 37.0, APIs: 13, Strings: 8, Instructions: 215stringregistryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405D84 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004045B4 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406077 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 207stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404180 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004025E5 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 151fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404A7E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D04 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401CFA Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D56 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404970 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401BDF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004063BF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34libraryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405683 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D8A Relevance: 6.0, APIs: 4, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405128 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405735 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00151A40 Relevance: 5.1, Strings: 4, Instructions: 95COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001558E8 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405B8F Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|