Edit tour
Windows
Analysis Report
Navan - Itinerary.pdf.scr.exe
Overview
General Information
| Sample name: | Navan - Itinerary.pdf.scr.exe |
| Analysis ID: | 1579293 |
| MD5: | 168e0d79aa66efd4c83cb8a745d6157a |
| SHA1: | 3be1e99c2d2ed7eaa72fb5ab2697d70dff14cc94 |
| SHA256: | d0a926c2882477f35996cdcc93869aa28687421d892108786e9b67033583357e |
| Tags: | exeuser-aachum |
| Infos: |   |
 | |
Detection
LummaC
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
LummaC encrypted strings found
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Uses an obfuscated file name to hide its real file extension (double extension)
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to read the clipboard data
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Sigma detected: Use Short Name Path in Command Line
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
Navan - Itinerary.pdf.scr.exe (PID: 6920 cmdline: "C:\Users\ user\Deskt op\Navan - Itinerary .pdf.scr.e xe" MD5: 168E0D79AA66EFD4C83CB8A745D6157A) 
Acrobat.exe (PID: 7424 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user ~1\AppData \Local\Tem p\NavanIti nerary.pdf " MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 7628 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7844 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 64 --field -trial-han dle=1500,i ,109560604 1611339851 1,13821033 9632587628 7,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) 
RegSvcs.exe (PID: 6748 cmdline: "C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Svcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["necklacebudi.lat", "sustainskelet.lat", "energyaffai.lat", "grannyejh.lat", "aspecteirs.lat", "rapeflowwj.lat", "crosshuaht.lat", "stem-mellows.cyou", "discokeyus.lat"], "Build id": "OPCN2M--Sergei"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
System Summary |   |
|---|
| Source: | Author: frack113, Nasreddine Bencherchali: | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-21T13:18:23.286867+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49715 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:25.926745+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49727 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:29.057008+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49745 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:31.170364+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49750 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:33.593243+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49756 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:35.898402+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49762 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:38.349929+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49768 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:42.956761+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49784 | 172.67.197.170 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-21T13:18:24.199146+0100 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.7 | 49715 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:26.691089+0100 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.7 | 49727 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:43.752592+0100 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.7 | 49784 | 172.67.197.170 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-21T13:18:24.199146+0100 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.7 | 49715 | 172.67.197.170 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-21T13:18:26.691089+0100 | 2049812 | 1 | A Network Trojan was detected | 192.168.2.7 | 49727 | 172.67.197.170 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-21T13:18:23.286867+0100 | 2058361 | 1 | Domain Observed Used for C2 Detected | 192.168.2.7 | 49715 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:25.926745+0100 | 2058361 | 1 | Domain Observed Used for C2 Detected | 192.168.2.7 | 49727 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:29.057008+0100 | 2058361 | 1 | Domain Observed Used for C2 Detected | 192.168.2.7 | 49745 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:31.170364+0100 | 2058361 | 1 | Domain Observed Used for C2 Detected | 192.168.2.7 | 49750 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:33.593243+0100 | 2058361 | 1 | Domain Observed Used for C2 Detected | 192.168.2.7 | 49756 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:35.898402+0100 | 2058361 | 1 | Domain Observed Used for C2 Detected | 192.168.2.7 | 49762 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:38.349929+0100 | 2058361 | 1 | Domain Observed Used for C2 Detected | 192.168.2.7 | 49768 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:42.956761+0100 | 2058361 | 1 | Domain Observed Used for C2 Detected | 192.168.2.7 | 49784 | 172.67.197.170 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-21T13:18:21.859167+0100 | 2058360 | 1 | Domain Observed Used for C2 Detected | 192.168.2.7 | 49217 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-21T13:18:21.706231+0100 | 2058364 | 1 | Domain Observed Used for C2 Detected | 192.168.2.7 | 60934 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-21T13:18:32.008169+0100 | 2048094 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49750 | 172.67.197.170 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-21T13:18:38.355032+0100 | 2843864 | 1 | A Network Trojan was detected | 192.168.2.7 | 49768 | 172.67.197.170 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | Code function: | 13_2_00415799 | |
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 13_2_00423860 | |
| Source: | Code function: | 13_2_0042DA53 | |
| Source: | Code function: | 13_2_0043ECA0 | |
| Source: | Code function: | 13_2_00409580 | |
| Source: | Code function: | 13_2_00409580 | |
| Source: | Code function: | 13_2_0043C767 | |
| Source: | Code function: | 13_2_0040B70C | |
| Source: | Code function: | 13_2_00415799 | |
| Source: | Code function: | 13_2_00415799 | |
| Source: | Code function: | 13_2_0042984F | |
| Source: | Code function: | 13_2_00438810 | |
| Source: | Code function: | 13_2_00438810 | |
| Source: | Code function: | 13_2_00438810 | |
| Source: | Code function: | 13_2_00438810 | |
| Source: | Code function: | 13_2_0041682D | |
| Source: | Code function: | 13_2_0041682D | |
| Source: | Code function: | 13_2_0041682D | |
| Source: | Code function: | 13_2_0041D83A | |
| Source: | Code function: | 13_2_00423086 | |
| Source: | Code function: | 13_2_00423086 | |
| Source: | Code function: | 13_2_0042B170 | |
| Source: | Code function: | 13_2_004179C1 | |
| Source: | Code function: | 13_2_0043B1D0 | |
| Source: | Code function: | 13_2_0043B1D0 | |
| Source: | Code function: | 13_2_004291DD | |
| Source: | Code function: | 13_2_004291DD | |
| Source: | Code function: | 13_2_00405990 | |
| Source: | Code function: | 13_2_00405990 | |
| Source: | Code function: | 13_2_00422190 | |
| Source: | Code function: | 13_2_00422190 | |
| Source: | Code function: | 13_2_00422190 | |
| Source: | Code function: | 13_2_0042CA49 | |
| Source: | Code function: | 13_2_00416263 | |
| Source: | Code function: | 13_2_00415220 | |
| Source: | Code function: | 13_2_00427AD3 | |
| Source: | Code function: | 13_2_0042CAD0 | |
| Source: | Code function: | 13_2_0041B2E0 | |
| Source: | Code function: | 13_2_0043CA93 | |
| Source: | Code function: | 13_2_0041CB40 | |
| Source: | Code function: | 13_2_0041CB40 | |
| Source: | Code function: | 13_2_00428B61 | |
| Source: | Code function: | 13_2_0042CB11 | |
| Source: | Code function: | 13_2_0042CB22 | |
| Source: | Code function: | 13_2_0043F330 | |
| Source: | Code function: | 13_2_0040DBD9 | |
| Source: | Code function: | 13_2_0040DBD9 | |
| Source: | Code function: | 13_2_00417380 | |
| Source: | Code function: | 13_2_0041D380 | |
| Source: | Code function: | 13_2_00426B95 | |
| Source: | Code function: | 13_2_00435450 | |
| Source: | Code function: | 13_2_00417380 | |
| Source: | Code function: | 13_2_00429C2B | |
| Source: | Code function: | 13_2_004291DD | |
| Source: | Code function: | 13_2_004291DD | |
| Source: | Code function: | 13_2_004074F0 | |
| Source: | Code function: | 13_2_004074F0 | |
| Source: | Code function: | 13_2_004385E0 | |
| Source: | Code function: | 13_2_004385E0 | |
| Source: | Code function: | 13_2_00417DEE | |
| Source: | Code function: | 13_2_00418591 | |
| Source: | Code function: | 13_2_00428D93 | |
| Source: | Code function: | 13_2_0041759F | |
| Source: | Code function: | 13_2_0041C653 | |
| Source: | Code function: | 13_2_00425E70 | |
| Source: | Code function: | 13_2_00425E30 | |
| Source: | Code function: | 13_2_0043AEC0 | |
| Source: | Code function: | 13_2_00408F50 | |
| Source: | Code function: | 13_2_00408F50 | |
| Source: | Code function: | 13_2_0042A700 | |
| Source: | Code function: | 13_2_0041BF14 | |
| Source: | Code function: | 13_2_00419F30 | |
| Source: | Code function: | 13_2_0041E7C0 | |
| Source: | Code function: | 13_2_004197C2 | |
| Source: | Code function: | 13_2_004197C2 | |
| Source: | Code function: | 13_2_004197C2 | |
| Source: | Code function: | 13_2_0042DFE9 | |
| Source: | Code function: | 13_2_0040BFFD | |
| Source: | Code function: | 13_2_0043EFB0 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 13_2_004329C0 | |
| Source: | Code function: | 13_2_004329C0 | |
System Summary | |
|---|
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00664EB1 | |
| Source: | Code function: | 13_2_00408850 | |
| Source: | Code function: | 13_2_00423860 | |
| Source: | Code function: | 13_2_004218A0 | |
| Source: | Code function: | 13_2_0042DA53 | |
| Source: | Code function: | 13_2_0043ECA0 | |
| Source: | Code function: | 13_2_00437DF0 | |
| Source: | Code function: | 13_2_00409580 | |
| Source: | Code function: | 13_2_004266D0 | |
| Source: | Code function: | 13_2_0043F720 | |
| Source: | Code function: | 13_2_00415799 | |
| Source: | Code function: | 13_2_00438810 | |
| Source: | Code function: | 13_2_0041682D | |
| Source: | Code function: | 13_2_004288CB | |
| Source: | Code function: | 13_2_0043D880 | |
| Source: | Code function: | 13_2_00430940 | |
| Source: | Code function: | 13_2_00403970 | |
| Source: | Code function: | 13_2_00420939 | |
| Source: | Code function: | 13_2_004179C1 | |
| Source: | Code function: | 13_2_004231C2 | |
| Source: | Code function: | 13_2_004241C0 | |
| Source: | Code function: | 13_2_0043B1D0 | |
| Source: | Code function: | 13_2_004291DD | |
| Source: | Code function: | 13_2_0043D980 | |
| Source: | Code function: | 13_2_00405990 | |
| Source: | Code function: | 13_2_00422190 | |
| Source: | Code function: | 13_2_0043D997 | |
| Source: | Code function: | 13_2_0043D999 | |
| Source: | Code function: | 13_2_004091B0 | |
| Source: | Code function: | 13_2_0042CA49 | |
| Source: | Code function: | 13_2_00416263 | |
| Source: | Code function: | 13_2_0040EA10 | |
| Source: | Code function: | 13_2_00415220 | |
| Source: | Code function: | 13_2_0042CAD0 | |
| Source: | Code function: | 13_2_004252DD | |
| Source: | Code function: | 13_2_0041B2E0 | |
| Source: | Code function: | 13_2_00406280 | |
| Source: | Code function: | 13_2_0043DA80 | |
| Source: | Code function: | 13_2_0041E290 | |
| Source: | Code function: | 13_2_0041CB40 | |
| Source: | Code function: | 13_2_0043D34D | |
| Source: | Code function: | 13_2_00426B50 | |
| Source: | Code function: | 13_2_0043DB60 | |
| Source: | Code function: | 13_2_00436B08 | |
| Source: | Code function: | 13_2_0042830D | |
| Source: | Code function: | 13_2_0042CB11 | |
| Source: | Code function: | 13_2_00404320 | |
| Source: | Code function: | 13_2_0042CB22 | |
| Source: | Code function: | 13_2_00425327 | |
| Source: | Code function: | 13_2_00408330 | |
| Source: | Code function: | 13_2_0043F330 | |
| Source: | Code function: | 13_2_0042A33F | |
| Source: | Code function: | 13_2_0040DBD9 | |
| Source: | Code function: | 13_2_00424380 | |
| Source: | Code function: | 13_2_0041FC75 | |
| Source: | Code function: | 13_2_0041DC00 | |
| Source: | Code function: | 13_2_00429C2B | |
| Source: | Code function: | 13_2_004291DD | |
| Source: | Code function: | 13_2_004074F0 | |
| Source: | Code function: | 13_2_0040ACF0 | |
| Source: | Code function: | 13_2_0041148F | |
| Source: | Code function: | 13_2_0042AC90 | |
| Source: | Code function: | 13_2_0040CD46 | |
| Source: | Code function: | 13_2_00437500 | |
| Source: | Code function: | 13_2_00422510 | |
| Source: | Code function: | 13_2_00417DEE | |
| Source: | Code function: | 13_2_0041759F | |
| Source: | Code function: | 13_2_00425E70 | |
| Source: | Code function: | 13_2_00436E74 | |
| Source: | Code function: | 13_2_00427603 | |
| Source: | Code function: | 13_2_00425E30 | |
| Source: | Code function: | 13_2_004286C0 | |
| Source: | Code function: | 13_2_0043AEC0 | |
| Source: | Code function: | 13_2_004236E2 | |
| Source: | Code function: | 13_2_00405EE0 | |
| Source: | Code function: | 13_2_0041DE80 | |
| Source: | Code function: | 13_2_00402F50 | |
| Source: | Code function: | 13_2_00420F50 | |
| Source: | Code function: | 13_2_00438F59 | |
| Source: | Code function: | 13_2_00406710 | |
| Source: | Code function: | 13_2_00423F20 | |
| Source: | Code function: | 13_2_00419F30 | |
| Source: | Code function: | 13_2_0041E7C0 | |
| Source: | Code function: | 13_2_004197C2 | |
| Source: | Code function: | 13_2_0042DFE9 | |
| Source: | Code function: | 13_2_0040A780 | |
| Source: | Code function: | 13_2_00411F90 | |
| Source: | Code function: | 13_2_00418792 | |
| Source: | Code function: | 13_2_0043EFB0 | |
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 13_2_00437DF0 | |
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_0066587E | |
| Source: | Code function: | 0_2_0050C054 | |
| Source: | Code function: | 0_2_0050B040 | |
| Source: | Code function: | 0_2_0050C8FF | |
| Source: | Code function: | 0_2_0050B8EB | |
| Source: | Code function: | 0_2_0050C196 | |
| Source: | Code function: | 0_2_0050D1AA | |
| Source: | Code function: | 0_2_0050CA41 | |
| Source: | Code function: | 0_2_00507AF4 | |
| Source: | Code function: | 0_2_0050839F | |
| Source: | Code function: | 0_2_00508C52 | |
| Source: | Code function: | 0_2_005094FD | |
| Source: | Code function: | 0_2_00508D94 | |
| Source: | Code function: | 0_2_00509DA8 | |
| Source: | Code function: | 0_2_0050A653 | |
| Source: | Code function: | 0_2_0050AEFE | |
| Source: | Code function: | 0_2_00509EEA | |
| Source: | Code function: | 0_2_0050A795 | |
| Source: | Code function: | 0_2_0050B7A9 | |
| Source: | Code function: | 13_2_0043D812 | |
| Source: | Code function: | 13_2_0044346C | |
| Source: | Code function: | 13_2_004436B1 | |
| Source: | Code function: | 13_2_0043AE3E | |
| Source: | Code function: | 13_2_0044171F | |
| Source: | Code function: | 13_2_004477AA | |
Hooking and other Techniques for Hiding and Protection | |
|---|
| Source: | Static PE information: | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | API coverage: | ||
| Source: | WMI Queries: | ||
| Source: | Code function: | 0_2_005D7458 | |
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 13_2_0043C1F0 | |
| Source: | Code function: | 0_2_006653A4 | |
| Source: | Code function: | 0_2_006653A4 | |
| Source: | Code function: | 0_2_006655FE | |
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00665294 | |
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | WMI Queries: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Windows Management Instrumentation | 1 DLL Side-Loading | 311 Process Injection | 11 Masquerading | 2 OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | 1 PowerShell | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 311 Process Injection | LSASS Memory | 1 Query Registry | Remote Desktop Protocol | 41 Data from Local System | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Deobfuscate/Decode Files or Information | Security Account Manager | 31 Security Software Discovery | SMB/Windows Admin Shares | 2 Clipboard Data | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 13 Obfuscated Files or Information | NTDS | 1 Process Discovery | Distributed Component Object Model | Input Capture | 114 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 11 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 24 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 11% | Virustotal | Browse | ||
| 13% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | high | |
| raw.githubusercontent.com | 185.199.110.133 | true | false | high | |
| discokeyus.lat | 172.67.197.170 | true | false | high | |
| x1.i.lencr.org | unknown | unknown | false | high | |
| grannyejh.lat | unknown | unknown | false | high | |
| stem-mellows.cyou | unknown | unknown | true | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| true | unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | unknown | |||
| false | high | |||
| false | unknown | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 185.199.110.133 | raw.githubusercontent.com | Netherlands | 54113 | FASTLYUS | false | |
| 172.67.197.170 | discokeyus.lat | United States | 13335 | CLOUDFLARENETUS | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1579293 |
| Start date and time: | 2024-12-21 13:17:10 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 39s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 20 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Navan - Itinerary.pdf.scr.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@19/46@10/2 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.218.208.137, 50.16.47.176, 18.213.11.84, 34.237.241.83, 54.224.241.105, 162.159.61.3, 172.64.41.3, 199.232.210.172, 23.192.153.142, 23.32.239.56, 2.19.198.27, 23.32.239.9, 2.19.198.16, 13.107.246.63, 4.175.87.197, 23.218.208.109, 23.41.168.139
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, time.windows.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 07:18:23 | API Interceptor | |
| 09:00:21 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 185.199.110.133 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Metasploit | Browse |
| ||
| 172.67.197.170 | Get hash | malicious | LummaC | Browse | ||
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, Vidar, Xmrig | Browse | |||
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, Stealc, Vidar, Xmrig | Browse | |||
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, PureLog Stealer, SystemBC, zgRAT | Browse | |||
| Get hash | malicious | LummaC, Stealc | Browse | |||
| Get hash | malicious | LummaC | Browse | |||
| Get hash | malicious | LummaC | Browse | |||
| Get hash | malicious | LummaC, Stealc | Browse | |||
| Get hash | malicious | LummaC | Browse | |||
| Get hash | malicious | LummaC | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| raw.githubusercontent.com | Get hash | malicious | LummaC | Browse |
| |
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, Xmrig | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, Xmrig | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, Xmrig | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, Xmrig | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, PureLog Stealer, RHADAMANTHYS, zgRAT | Browse |
| ||
| Get hash | malicious | ScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, Vidar | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, Stealc, Vidar | Browse |
| ||
| bg.microsoft.map.fastly.net | Get hash | malicious | Python Stealer, Blank Grabber | Browse |
| |
| Get hash | malicious | AsyncRAT, DcRat | Browse |
| ||
| Get hash | malicious | PureLog Stealer, zgRAT | Browse |
| ||
| Get hash | malicious | WinSearchAbuse | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| discokeyus.lat | Get hash | malicious | LummaC | Browse |
| |
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, Xmrig | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, Vidar, Xmrig | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, Xmrig | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, PureLog Stealer, SystemBC, zgRAT | Browse |
| ||
| Get hash | malicious | LummaC, Stealc | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC, Stealc | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| FASTLYUS | Get hash | malicious | LummaC | Browse |
| |
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, Xmrig | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, Xmrig | Browse |
| ||
| Get hash | malicious | Caesium Obfuscator, STRRAT | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, Xmrig | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, Xmrig | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | LummaC | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC | Browse |
| |
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | LummaC | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, Xmrig | Browse |
| ||
| Get hash | malicious | Azorult | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, Xmrig | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, Xmrig | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, Vidar, Xmrig | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 300 |
| Entropy (8bit): | 5.215687238285235 |
| Encrypted: | false |
| SSDEEP: | 6:BLd+q2PcNwi2nKuAl9OmbnIFUt8wL3jZmw+wL3TVkwOcNwi2nKuAl9OmbjLJ:BsvLZHAahFUt8wn/+w154ZHAaSJ |
| MD5: | FE559437D7FF459BAD39ACAF86446CC5 |
| SHA1: | ABF9DB0320ACEF80B158E03311846CFEAA9EAB69 |
| SHA-256: | 346B1AAF9AB8FA281FDF2F51D12A6081A5759F077C4839AC68621A1B70AA9633 |
| SHA-512: | BE4B5BCA49D305BCF46E2DED160191613EC265450B338B0B9F7362C43F8E629EEB57E4ED6424372995470B8D0382E45DB931A8C5F9410192E053A4C0FF43D7BB |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 300 |
| Entropy (8bit): | 5.215687238285235 |
| Encrypted: | false |
| SSDEEP: | 6:BLd+q2PcNwi2nKuAl9OmbnIFUt8wL3jZmw+wL3TVkwOcNwi2nKuAl9OmbjLJ:BsvLZHAahFUt8wn/+w154ZHAaSJ |
| MD5: | FE559437D7FF459BAD39ACAF86446CC5 |
| SHA1: | ABF9DB0320ACEF80B158E03311846CFEAA9EAB69 |
| SHA-256: | 346B1AAF9AB8FA281FDF2F51D12A6081A5759F077C4839AC68621A1B70AA9633 |
| SHA-512: | BE4B5BCA49D305BCF46E2DED160191613EC265450B338B0B9F7362C43F8E629EEB57E4ED6424372995470B8D0382E45DB931A8C5F9410192E053A4C0FF43D7BB |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 344 |
| Entropy (8bit): | 5.192927140922133 |
| Encrypted: | false |
| SSDEEP: | 6:BLrq2PcNwi2nKuAl9Ombzo2jMGIFUt8wLCLZZmw+wL3kwOcNwi2nKuAl9Ombzo23:BvvLZHAa8uFUt8wEZ/+w754ZHAa8RJ |
| MD5: | 4DFA125250A501DA5A5F2460C4B83315 |
| SHA1: | F239D4907191B780EB4044EFDEF1BBE1B781C465 |
| SHA-256: | 7EFB425DFA3B36B5AEC7B92C8501FB35A30035C918B475F861426C3BB0D8E3E9 |
| SHA-512: | 45636BBCBA667A07D3DF51E9C3CCF7246976BD79759484C3D590D41D072A35EE10B76B563377A1A053B6ADB26F77B9C48C863057398897CA1C49CF15F37A3B17 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 344 |
| Entropy (8bit): | 5.192927140922133 |
| Encrypted: | false |
| SSDEEP: | 6:BLrq2PcNwi2nKuAl9Ombzo2jMGIFUt8wLCLZZmw+wL3kwOcNwi2nKuAl9Ombzo23:BvvLZHAa8uFUt8wEZ/+w754ZHAa8RJ |
| MD5: | 4DFA125250A501DA5A5F2460C4B83315 |
| SHA1: | F239D4907191B780EB4044EFDEF1BBE1B781C465 |
| SHA-256: | 7EFB425DFA3B36B5AEC7B92C8501FB35A30035C918B475F861426C3BB0D8E3E9 |
| SHA-512: | 45636BBCBA667A07D3DF51E9C3CCF7246976BD79759484C3D590D41D072A35EE10B76B563377A1A053B6ADB26F77B9C48C863057398897CA1C49CF15F37A3B17 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.974792857895216 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqsWsBdOg2H5Rcaq3QYiubSpDyP7E4TX:Y2sRdsldMH5o3QYhbSpDa7n7 |
| MD5: | B1684FC206AF7E05CB2E5A0F6628B1DB |
| SHA1: | B59538560FF28DFAC7384A6293D7F2BED22FAF2A |
| SHA-256: | 216F0380704706A7336E49FA3965DC17A6E86BB9A1880425643D48D98731F2B3 |
| SHA-512: | 87DFF78B942A413D8241537A48747379AA86126E7DAD86D2CBDFEE425E150BF0F4CB9564A67E54683E48B49D6FABCBB6FD59EE57B8392C3087B74286C81BFB63 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\b5a9ce74-f230-4109-b7bd-9657976775a4.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.974792857895216 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqsWsBdOg2H5Rcaq3QYiubSpDyP7E4TX:Y2sRdsldMH5o3QYhbSpDa7n7 |
| MD5: | B1684FC206AF7E05CB2E5A0F6628B1DB |
| SHA1: | B59538560FF28DFAC7384A6293D7F2BED22FAF2A |
| SHA-256: | 216F0380704706A7336E49FA3965DC17A6E86BB9A1880425643D48D98731F2B3 |
| SHA-512: | 87DFF78B942A413D8241537A48747379AA86126E7DAD86D2CBDFEE425E150BF0F4CB9564A67E54683E48B49D6FABCBB6FD59EE57B8392C3087B74286C81BFB63 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4099 |
| Entropy (8bit): | 5.2345427864474585 |
| Encrypted: | false |
| SSDEEP: | 96:CwNwpDGHqPySfkcr2smSX8I2OQCDh28wDtP1RHE:CwNw1GHqPySfkcigoO3h28ytP1RHE |
| MD5: | BC57888DCE730F7DA4DCABB522244CE4 |
| SHA1: | 697545C123F73EAC767CB3B13C4F7AA5147E3584 |
| SHA-256: | C5EF6272015D21DEDD66A96F25B5D87A14CAC27D36F8E9CC1C30A9E08567A9B7 |
| SHA-512: | 86C0EE49CA240DB040BA40DD185F6A4F142BDA1C2FAB02C231996B559BB9C43B1D82EBE0F3BD9DF66491103A9B285AEECFF03D7186D2A3F53C3A99A95EC71101 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 332 |
| Entropy (8bit): | 5.192355358452516 |
| Encrypted: | false |
| SSDEEP: | 6:BLiq2PcNwi2nKuAl9OmbzNMxIFUt8wLQZmw+wLILzkwOcNwi2nKuAl9OmbzNMFLJ:BWvLZHAa8jFUt8wU/+wkX54ZHAa84J |
| MD5: | 1518E0B37B09033923D90834FEEB6E17 |
| SHA1: | 5BE06BE57D184933CD78E4954DB80572ACE0F854 |
| SHA-256: | 59061EC92D5A110FED10F91C2E8185E16BDDA21C7D5FBC79291FDAADC31AB4CD |
| SHA-512: | 4CB756864DCA3E420DE8D3B22B8B1F37D9839D87393329795AF7A4652A141FFCD9DBBB281679A88A9E6764114FD360E93D76BB2279C92EC69606C51502C353A0 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 332 |
| Entropy (8bit): | 5.192355358452516 |
| Encrypted: | false |
| SSDEEP: | 6:BLiq2PcNwi2nKuAl9OmbzNMxIFUt8wLQZmw+wLILzkwOcNwi2nKuAl9OmbzNMFLJ:BWvLZHAa8jFUt8wU/+wkX54ZHAa84J |
| MD5: | 1518E0B37B09033923D90834FEEB6E17 |
| SHA1: | 5BE06BE57D184933CD78E4954DB80572ACE0F854 |
| SHA-256: | 59061EC92D5A110FED10F91C2E8185E16BDDA21C7D5FBC79291FDAADC31AB4CD |
| SHA-512: | 4CB756864DCA3E420DE8D3B22B8B1F37D9839D87393329795AF7A4652A141FFCD9DBBB281679A88A9E6764114FD360E93D76BB2279C92EC69606C51502C353A0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 86016 |
| Entropy (8bit): | 4.43857050577155 |
| Encrypted: | false |
| SSDEEP: | 384:yeaci5GaiBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:16urVgazUpUTTGt |
| MD5: | B0B6A97CC36029DC3A5E8C370BF01EA9 |
| SHA1: | 75941753F685B6263621E89E4CBF24D9BA682A7F |
| SHA-256: | AF0A7535A71684ABFAF6BCA70FF4BED748C6447EDCA4F572975344E57DB500D3 |
| SHA-512: | EE69C497C8D77DF3664EF80AA9632B677F5DF2A5449E7182C15DA92E522B1951E7C7073C8F9E2165C530F00EA00BFD117C949E39D98ABAF4B897E0297A82A010 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 3.7744859387169485 |
| Encrypted: | false |
| SSDEEP: | 48:7Mvp/E2ioyVIioy3DoWoy1CABoy1AKOioy1noy1AYoy1Wioy1hioybioyOoy1noc:7wpjuI0iAAXKQzFb9IVXEBodRBk1 |
| MD5: | 8EE0D0CC5094248E76E1550DB194AADF |
| SHA1: | D48857DBF7BF9B073F0E924EDB9D663EC8A81AD7 |
| SHA-256: | 14F6344A53189E88C36ED9E6E9209F5BCBC607C966647160EAE318848375971B |
| SHA-512: | 52FD56FF0EB905B6DB7F25BD03EEE377316F87841398FBDAA3A95BD37219552058F4ED35F388CC5D244800C1953ED893B1AD2987EEEE9C1C4971BDFB8C89E41B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1391 |
| Entropy (8bit): | 7.705940075877404 |
| Encrypted: | false |
| SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
| MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
| SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
| SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
| SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71954 |
| Entropy (8bit): | 7.996617769952133 |
| Encrypted: | true |
| SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
| MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
| SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
| SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
| SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 192 |
| Entropy (8bit): | 2.764745823915414 |
| Encrypted: | false |
| SSDEEP: | 3:kkFklRDIfllXlE/HT8k8l1NNX8RolJuRdxLlGB9lQRYwpDdt:kKET8bNMa8RdWBwRd |
| MD5: | 155D8AC98DCEE8510D434D2FC3D835DF |
| SHA1: | 1F8687A71B3D63B99259771ACE4C67D1C4EEAE6F |
| SHA-256: | F1ECABD593852BFC07700FB90BC3BD08D5916E0F902CE535C94B8A7FD7A86764 |
| SHA-512: | 204D4361206D1CCBA0FD055C30B3DE55426B72BE26CBF376E305FD58E917F1570698F688043BB9A3F3C338902BA1EAAE29435743CEFFC94BDA228BBC7E2A2DC1 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 328 |
| Entropy (8bit): | 3.2478978672539016 |
| Encrypted: | false |
| SSDEEP: | 6:kK9SM9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:ODImsLNkPlE99SNxAhUe/3 |
| MD5: | C558DE50FA8C952C20AF68FA4C7207D8 |
| SHA1: | 57C572275A933A97E6CE50ED9D450C223D5599C1 |
| SHA-256: | 7DBCD64FD9C935A869FE40594DE96BC9B94865596A8DC5C38B08E01E8105DB5F |
| SHA-512: | 185F153D1439AA30E292B13657B8BEEFEE525B3FE43ABA05325EC284FC137EA4FF10EA4CEB80573BDD25A49309FD5CEC28BC107FF1D9A5510ACD9EBD98A4D101 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.368302406762061 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDwUQDbvnWWsGiIPEeOF0YrDoAvJM3g98kUwPeUkwRe9:YvXKXlQ/RsdTeOwGMbLUkee9 |
| MD5: | D9309B3D5E70847270C34C185D11A13C |
| SHA1: | 5DD10887AE1C9F0806B7F3B30F55FC492A32FC9F |
| SHA-256: | FEFA95719B81E9EAB7BA3DCDF4FF8A8AF416E5DE29BD0C3B7C4A91780F51A4CB |
| SHA-512: | 58ABC74D750DC2416788BE29D041C4A53455850ADF378AC46F9A9853F37909C35F7B1FBE87CFA738760A524AA59043818C8851FDE9233A96A8CF7B3370D5F5FF |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.305311604982493 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDwUQDbvnWWsGiIPEeOF0YrDoAvJfBoTfXpnrPeUkwRe9:YvXKXlQ/RsdTeOwGWTfXcUkee9 |
| MD5: | 7A580FE4830D3E8B6FF795EF466B3B04 |
| SHA1: | 6DE29C1246F0FCB74A98389CD6DB2EC12748C5AA |
| SHA-256: | 00F1FA39F48DFD4DDD5C29165925564294B917FA3332DDF7E23CEBE183E15587 |
| SHA-512: | DBAB3DC9F9D42EF3A6BA102740798363B97A498991D661E91683314CD396CCBBEF2DEA33C9EFC3BF304D5F963987B568B168C2C63C45B9CE7C6E062E121CC58D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.2850709326394885 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDwUQDbvnWWsGiIPEeOF0YrDoAvJfBD2G6UpnrPeUkwRe9:YvXKXlQ/RsdTeOwGR22cUkee9 |
| MD5: | C69AB56370A73D775B37AC39CEFA16B0 |
| SHA1: | 790254F656E80A69F58573B63C7D701C036220E8 |
| SHA-256: | 720895F37C697DEBE369ADB86A5E0AD27C6A75EC9CFA5C7EFD5B53621A0CC076 |
| SHA-512: | 37DBFDCEBBA617A2CF4814ECBD89EFE6FA542F5FFEBAF3915E379608602A00FAA05AF45A95D5074F2A0AEEF8118B9997FE8F33B0B141BD5627041B30CD4225DF |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.355354008879855 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDwUQDbvnWWsGiIPEeOF0YrDoAvJfPmwrPeUkwRe9:YvXKXlQ/RsdTeOwGH56Ukee9 |
| MD5: | 75E402F5913507B087185CC279D1D27E |
| SHA1: | 5CB43D17823C3D183F49A83C54C4482379692B8E |
| SHA-256: | 94129D28F65D7D54D591F85C73DDC11E4697B9D87F1327A2F270BF28986D16E1 |
| SHA-512: | 1E05FC1DC8D41355CCFE5F5C53D1CA621EE6D9E445287D5F65F57114F0EB9180563529606D9A116AF453E890573C5DB43E62B07310E772354A937823B750E667 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1123 |
| Entropy (8bit): | 5.688074461508651 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XOpmeOtpLgE9cQx8LennAvzBvkn0RCmK8czOCCSv11:YvFUe6hgy6SAFv5Ah8cv/v11 |
| MD5: | 546263140FF2D12545E90F7780108796 |
| SHA1: | 6AF3D3AD5510A74B23E540C0844CD8DC515478CB |
| SHA-256: | C8314C3B95915CD333EA91842A30B9CA0A2B802DCDBAA326B78CEF9086B7929A |
| SHA-512: | 6A81AAA38F5A5B20B4A5605991F74BB0B1729143F2CB04EE3A726B170C9087411F9AEFEB43C6DB3B3DA95E03C4CB0253A5E9119ADFADF4B6626A7C7B5A45575A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.289961464100969 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDwUQDbvnWWsGiIPEeOF0YrDoAvJf8dPeUkwRe9:YvXKXlQ/RsdTeOwGU8Ukee9 |
| MD5: | 4F48D0A6204187CC897A80C96A05AC56 |
| SHA1: | E78361AFBD918C90C8576991243C908823794083 |
| SHA-256: | B3C857AE92818E0278EF3FDAB359D3C50D91265774586A206A09D635E1FC2F2E |
| SHA-512: | 472C06B986E0D9544B9EE64652BB01971A72764697DFD45F76ADE3230C2E429633E111D17A0E5C52CD7491B121EBDB937529A4D8C1EF11D29B84F5B70F8C8422 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.293690608639471 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDwUQDbvnWWsGiIPEeOF0YrDoAvJfQ1rPeUkwRe9:YvXKXlQ/RsdTeOwGY16Ukee9 |
| MD5: | 8C44F3CE2AB1067E27D84F8E5BE9B8E6 |
| SHA1: | E4AE253E4F8D1D7835679EEC0B65054476660DC3 |
| SHA-256: | 88F04407D4999FDA39C78879E9BBEA09BD78674CF452292DAEB41C4999CBDEF3 |
| SHA-512: | 8941E076C9D9A46C80849289B5307E8F3CDC29EA0EDD77FDAA838E35923C57EAEA7018EDC6CBDE83F33C95F5371AF9410FAC65AD73BCAF2B9DD835D25375F142 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.307530915653901 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDwUQDbvnWWsGiIPEeOF0YrDoAvJfFldPeUkwRe9:YvXKXlQ/RsdTeOwGz8Ukee9 |
| MD5: | 7CA02BAC5DA8B8FEE0D458D1BAF96C95 |
| SHA1: | 9662D613CB2219A92A6F62DF9726D2B4CE64BA49 |
| SHA-256: | 184503A6A69BED1EC33FC0C986AC4F13D553E4A3D1C81782D6DBA7D293B36C7A |
| SHA-512: | 0F6B66050DA7FE623744E11A44938AB840A2B6EA0F24053A515C11AC4DA35D2BD51548BC590C6D10D6B2BC64C4C023F2270902D1377C1388DA97C7B0914CBEFA |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.314991479935972 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDwUQDbvnWWsGiIPEeOF0YrDoAvJfzdPeUkwRe9:YvXKXlQ/RsdTeOwGb8Ukee9 |
| MD5: | A5F8818CBF75B5E8176B339CA9C80F34 |
| SHA1: | 14230EA2DF95585F168AA3B8ADCC76C41F0A3E28 |
| SHA-256: | 5C2CA826DA5CD2554A23A8FEB90279AA861AAA0E6D7B92791126E16F804E125F |
| SHA-512: | D85814341ECAA4D57D1C1B674B5A57E7FEA09235E14FA5603671417945CDB3B60BA547C010941B44F6838CE91E9924331978BDA86E59CBB126DC7C9AFC3DA97A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.295544451616595 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDwUQDbvnWWsGiIPEeOF0YrDoAvJfYdPeUkwRe9:YvXKXlQ/RsdTeOwGg8Ukee9 |
| MD5: | 71A2B07746E789BADB7128134632EFCE |
| SHA1: | 96A465D67C729FC7DBD3A4F730465BD287AF71E9 |
| SHA-256: | 95487ABCBE9193F598E666F967BD6B96341342CE1E80003DB5E20BCF6CD91DF6 |
| SHA-512: | 6D537626E5ADEC1865C4591ED06F7F685D77192DBAF3EB03246C367D2B6849F6785CEDD7D7CA4AC5E24B4BEA0A432D8966C55254A18723D22720A2F66E4C5B86 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 284 |
| Entropy (8bit): | 5.282097735306699 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDwUQDbvnWWsGiIPEeOF0YrDoAvJf+dPeUkwRe9:YvXKXlQ/RsdTeOwG28Ukee9 |
| MD5: | 72870551D8ED610B2CB985E5F064C3C3 |
| SHA1: | 50261C78578B440111DD1207FEA55A75B6E088E4 |
| SHA-256: | A14377931C5F16BBA61BB8F853F986E2BF8EE8D2E08AF43B53F7F6F407B22995 |
| SHA-512: | 8BCC97F05CB598C2E8F773A081D13A4CA41D3A046906123327A91820B061245A9764B2BEAAD35CF52528FE0F9C7BF6B0AC4E14AE3FEB069D4994AD78A37706F2 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.279122171616117 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDwUQDbvnWWsGiIPEeOF0YrDoAvJfbPtdPeUkwRe9:YvXKXlQ/RsdTeOwGDV8Ukee9 |
| MD5: | EC4922B7A5D248AC6B3FF92B429DD0AF |
| SHA1: | A74702F7F590BFC20FA9F3B207AD2FBB63917CF8 |
| SHA-256: | 58D35D5D04E631B2C3F46A481BBD41229CF3C92614F5B5F7B446F8055721942A |
| SHA-512: | 7C07E887BAF9011A11B8ECA07342AB5176B07C8D1226F410AE9EA0A2CA377475C21AFBE441A37D3D8B50C4A37CE1681D45047B2D4C13A3AB62AA9D4B3CB06C88 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.283711952809029 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDwUQDbvnWWsGiIPEeOF0YrDoAvJf21rPeUkwRe9:YvXKXlQ/RsdTeOwG+16Ukee9 |
| MD5: | 3387E5523A00055583575A8DA12E5CB5 |
| SHA1: | 4EABD700DB6F02840CFAE0BE787FBD0D6B80DB0D |
| SHA-256: | 3F02CD9AD385D79CAF85C747267AF6202E36813F596B856DDCF2C8924ADAB932 |
| SHA-512: | 3838572CA9E86170909E6A4E80CEF3616286A0CAF9DDF4176B6B514253042277657BF27D379B48A1C6AA6C9E0900C0B35412F52D24F903F267D48909E20782AB |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1090 |
| Entropy (8bit): | 5.66515960230052 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XOpmeOVamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSv11:YvFUeoBgkDMUJUAh8cvMv11 |
| MD5: | 2E9C5EB6F26B71F34B6129C00FC5C97B |
| SHA1: | 747EDE1B4B5117CBFF0107B5F90A996CD0F74403 |
| SHA-256: | 5BDC83F1770A6853EC2403990FE6481721CB945B176ACEAA329B438A21B4808A |
| SHA-512: | 0FED3770FB31DFBA91FAD785F8FEB34DA16B6ACAE533AFA72FDBEA1A1922F1F1E56E8238E98B05EFCE235D9E135F59D5354BC0B079C2659600895C522D29BFFA |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.25877333196114 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDwUQDbvnWWsGiIPEeOF0YrDoAvJfshHHrPeUkwRe9:YvXKXlQ/RsdTeOwGUUUkee9 |
| MD5: | F763609D1963CF285583AA701C0C94EF |
| SHA1: | 23EB1B7510C4FED8E7F703680AF5DB8ED50AEE41 |
| SHA-256: | 57EB6EF436C214DC945CD180A108F7035FCDD19B62D7C1067D863F2E07B2CDB4 |
| SHA-512: | 6579744686234DABDF36AB9FDC797E2A602600E0DBB070DE79554112E96ADF8B8B753A184B420961FFB7472130FF4A87EA4316BAC7EE0359369A5B590D02ED27 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 282 |
| Entropy (8bit): | 5.2851015732841855 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDwUQDbvnWWsGiIPEeOF0YrDoAvJTqgFCrPeUkwRe9:YvXKXlQ/RsdTeOwGTq16Ukee9 |
| MD5: | 810C20979954D095F8AC51A9FF9B8618 |
| SHA1: | E3823E5852F4DA58B4523BC187CD2781E6D77DA6 |
| SHA-256: | B2DFA7875F67FD2176D11FA350F3B14F57110B6A594C6CB1DD3057CCDE54C070 |
| SHA-512: | 13CA28DC32F134C757F620A65EFC8AF17AFC0327C64EB50748A4AB3E9903266DED1B143D31C7FDEEA8F3DAD9B271B45FE83C77EBF948C74CCAE5E685215205B7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2814 |
| Entropy (8bit): | 5.1404691602982 |
| Encrypted: | false |
| SSDEEP: | 48:YuN8lTeKO8wxZWw+/3Ox+S6pfl4sEHcIM+U60xx9mF1Q5:xeZOZOex+XpIMz6S+G |
| MD5: | 89BBB11270ACB9F34F3A3FB51030E2E1 |
| SHA1: | 36B34BA9F326CE0AC1F0AC506BA66D95FE585E7D |
| SHA-256: | A72802D59737250D3503E6F81362465CA19D47BA1F050D3BEE6657B78B363831 |
| SHA-512: | 99B538A9522BA3B667CEC81A0B95198E012DE20CB1DE5E9F885E074110B75BF62BB91D0F047C21DF74F101748ECEE87B3EC83D5D32DF9E947A345CD054B9C253 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 1.4528630978436816 |
| Encrypted: | false |
| SSDEEP: | 48:TGufl2GL7msCvrBd6dHtbGIbPe0K3+fDy2dskgliS:lNVmsw3SHtbDbPe0K3+fDZdc |
| MD5: | 2448926F0072D88536F66D5E31DB3C55 |
| SHA1: | 492609647A25EDE07CBDE8F6FF0C7FEEA2525985 |
| SHA-256: | 4B046DCA0098367632329206A8F13AFCFAB1B71D55952412EA5447572962722C |
| SHA-512: | FD63CCF2560B33EB01318681B27243B801DB2683AC5F7F3F83C084216A3C85DD56FE8FF43D55DEFB22C8D763FAD518101ACCDE2FBAF73E904ADE5C9559A493C2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.958166157587978 |
| Encrypted: | false |
| SSDEEP: | 48:7MmrvrBd6dHtbGIbPe0K3+fDy2dskVTqFl2GL7msQ:7H3SHtbDbPe0K3+fDZdTKVmsQ |
| MD5: | 2CF0FF8F905CB622260954247AF5CD3F |
| SHA1: | B307F186E77CFF7EA3AA6993E4E1D3557B042AE6 |
| SHA-256: | 293C80CE23AD85D542DF0A61BAD73175FD90853AEC4D51127C38F0F943D98D7B |
| SHA-512: | 2DB48ED9853DFFA6E2B2B130A650DDA56336226F7FF34E4CA8609C7B53254955FBA7E88B6EE48911F62F2A760FA18F0AAFADE30567A24FF22748BD9899721138 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 66726 |
| Entropy (8bit): | 5.392739213842091 |
| Encrypted: | false |
| SSDEEP: | 768:RNOpblrU6TBH44ADKZEgTaF0Yw9wYJQ6YXZSal+qeM0PdYyu:6a6TZ44ADETaF0YUpJPYizdK |
| MD5: | 90A0AD810D46DAD2045D9E32E4FF2FFA |
| SHA1: | 9D20AEB291C9310FACFACE8FB469C736F6D86696 |
| SHA-256: | AE32C1E0C14CE94F887EF8F29E8323E20E0FB0E3F864A2AED152E8B1CB61C493 |
| SHA-512: | 3E4E27DB37DE63A202D5014ECE6919B092DC571F7763619F14A9096CB587788533949257625DBCA8E768BBDA81E7923298DA1ECB063E0A92D1A8B66D9A455354 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\NavanItinerary[1].pdf
Download File
| Process: | C:\Users\user\Desktop\Navan - Itinerary.pdf.scr.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 51800 |
| Entropy (8bit): | 7.644473294145779 |
| Encrypted: | false |
| SSDEEP: | 768:yaBT4Xd/H2AZAyXOKmd8iOK5ZezAr5MUXs6dcoboWopxasKk48WoGQICpVMRtJHi:0XaPEaAHjlO4Bsl52QAVZFKdtTvyh |
| MD5: | 0AEE57F18680198E40AA2A6B37D2EB7E |
| SHA1: | 222695CE34141FF67BC730F534A363A47CE9791D |
| SHA-256: | EFEEBFD836442C3C6D011F68D0A8B48F0323AF49F60C53243341703122CC5A07 |
| SHA-512: | DC7C1DB22E7F6A0AC2A1831C6652CFD8A96C9D5B64D50775822D20DA1193EF4134CECEFF23AED3AC5A6CE8C3E754B3FCF54313650807623A50E55A4E5DC76749 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.505069684106714 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8dk3le:Qw946cPbiOxDlbYnuRK/g |
| MD5: | AD96510CAEB5728F05242EA3FE281C45 |
| SHA1: | 8BD49AC5DBA8C04F946CEC8AF5EF9F741CF82E90 |
| SHA-256: | 329CA326E45C05B9BB8CB45EBB9360B7B39E7B1DAEB3E97D89869ED525812E56 |
| SHA-512: | B69FCC5A814A62035222A85A52314499EAB8262E17BC1BFE87A23ED8AB647A8BE4E0141B7710519246EE99CDCC86A2BE465AEC1A8336195BD1ADB0100999F75B |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\Navan - Itinerary.pdf.scr.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 51800 |
| Entropy (8bit): | 7.644473294145779 |
| Encrypted: | false |
| SSDEEP: | 768:yaBT4Xd/H2AZAyXOKmd8iOK5ZezAr5MUXs6dcoboWopxasKk48WoGQICpVMRtJHi:0XaPEaAHjlO4Bsl52QAVZFKdtTvyh |
| MD5: | 0AEE57F18680198E40AA2A6B37D2EB7E |
| SHA1: | 222695CE34141FF67BC730F534A363A47CE9791D |
| SHA-256: | EFEEBFD836442C3C6D011F68D0A8B48F0323AF49F60C53243341703122CC5A07 |
| SHA-512: | DC7C1DB22E7F6A0AC2A1831C6652CFD8A96C9D5B64D50775822D20DA1193EF4134CECEFF23AED3AC5A6CE8C3E754B3FCF54313650807623A50E55A4E5DC76749 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-21 07-18-19-461.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.386483451061953 |
| Encrypted: | false |
| SSDEEP: | 384:A2+jkjVj8jujXj+jPjghjKj0jLjmF/FRFO7t75NsXNsbNsgNssNsNNsaNsliNsTY:AXg5IqTS7Mh+oXChrYhFiQHXiz1W60ID |
| MD5: | F49CA270724D610D1589E217EA78D6D1 |
| SHA1: | 22D43D4BB9BDC1D1DEA734399D2D71E264AA3DD3 |
| SHA-256: | D2FFBB2EF8FCE09991C2EFAA91B6784497E8C55845807468A3385CF6029A2F8D |
| SHA-512: | 181B42465DE41E298329CBEB80181CBAB77CFD1701DBA31E61B2180B483BC35E2EFAFFA14C98F1ED0EDDE67F997EE4219C5318CE846BB0116A908FB2EAB61D29 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 15114 |
| Entropy (8bit): | 5.348881625341943 |
| Encrypted: | false |
| SSDEEP: | 384:hJ7ojBHNCviYan1JhniLPa2bP8IRBDToE3R71dbM60Wb2DU1F6rij0jxVqVcViV/:o1rgKgl |
| MD5: | 9B15F79060C6713F3C72F5C7D4E93F79 |
| SHA1: | 0B2B45E96904B402F9785D5071AE9042B93E6C1D |
| SHA-256: | E163505A16DEE09EDFDC30C4E26B97E2C00525C442D443CB8F99B9862B789872 |
| SHA-512: | 5AE33500B50D2652C3B145D7B886D20DCB22338A151301E98DD8FE5A8E12A761869563B36B65549BFF3CB26398BBB2D04538A6CD0B1BDCFB02E46EA7E0362E16 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 35721 |
| Entropy (8bit): | 5.413580340410339 |
| Encrypted: | false |
| SSDEEP: | 768:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRldy0+AyxkHBDgRh9gRA99pm5UpcoOc0ZP:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRf |
| MD5: | FB57767CC45479F61C43507C4D49478D |
| SHA1: | BC346CF224159144383E8C5A9DCB64FC18474EBA |
| SHA-256: | 94D92C269DADB6DAC1B71F1CD643B5ACAFA26A1BF75DA6D8817F3F0A210E2E7B |
| SHA-512: | C7406CDF09655ADC79298AE40205EC6A2BA968A9960FBB49F3863800AB7F012439D13B35578E1D2708A9E97BBAE52DDBA072146D59FF545C6240D205811EC2EB |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/VR9WL07oXGZnYIGNPJNdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:tR9WLxXGZnZGh3mlind9i4ufFXpAXkru |
| MD5: | 9D85D4B75E446857CE3D750299B2AF1A |
| SHA1: | 3CD9576D0A07B9E4454F4FF4DDF8D18EFBB764B4 |
| SHA-256: | D3C44F50FD2912C92DAF009689B221515709E00C839A8DA425078C96F2D6053A |
| SHA-512: | 1C63A091EF404FC446F1A789D33258FE9F6AD25C80375CADADF0829BC5DCD70A16A8E30E664D0A02F39E7A3D10B9E56AD7F9CA9D733A877726C1DD043B14842F |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/xbdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJi7oW:Jb3mlind9i4ufFXpAXkrfUs0jWLaGZDI |
| MD5: | 1B0B46EF76AC75C2C91FA043AFA150CD |
| SHA1: | A8544CE2FC62DFC7AC592F5F567DBE9A623F8410 |
| SHA-256: | 12B1773B522EE9AEC4F3AACCB353C370F87E2FDBB7D1F5F966DFE04A15F9A398 |
| SHA-512: | B0DFAFEDE6CC1DB69F1755F13B58C42BE6260BB1265CCCEA61CAC24CA43AB595E36A0D673FAA92E5BAE979A60DDAD4B4179AB216B6357F487F0752AA88043FE9 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.203723789172425 |
| TrID: |
|
| File name: | Navan - Itinerary.pdf.scr.exe |
| File size: | 1'638'400 bytes |
| MD5: | 168e0d79aa66efd4c83cb8a745d6157a |
| SHA1: | 3be1e99c2d2ed7eaa72fb5ab2697d70dff14cc94 |
| SHA256: | d0a926c2882477f35996cdcc93869aa28687421d892108786e9b67033583357e |
| SHA512: | cd4f3bba409070f2d693bf087f1839b88bc2eb6388ac9fe75ce638bd389b9b61e6c3eeeb138fdab239b2e129e59989f8a771d892fefe888a2150db6d7a28e650 |
| SSDEEP: | 24576:J/ahPeSMObBX48FD/Onzpb5kWuWPcHYF+Xe61PVLpCeRseo4nEc+vi2oflSOhOSl:J/ahPL/B48t/OttkSA4pOSOpAdcB |
| TLSH: | 3975B654F6AB5222E0533EF4187F23669261A830303ECE57F0446E5654D133AEB9FDAB |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\^.W.?...?...?...Ga..?.......?.......?.......?.......?..h....?...?...?.......?.......?.......?..Rich.?..........PE..L.....fg... |
 | |
| Icon Hash: | 1c1889ca9b2dc79b |
| Entrypoint: | 0x564c49 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x676618CC [Sat Dec 21 01:24:28 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 6 |
| OS Version Minor: | 0 |
| File Version Major: | 6 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 6 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 8f05acdfcf958ad49d502159c452d8a0 |
| Instruction |
|---|
| call 00007F8D1CC37EB8h |
| jmp 00007F8D1CC3769Fh |
| push ebp |
| mov ebp, esp |
| mov eax, dword ptr [ebp+08h] |
| push esi |
| mov ecx, dword ptr [eax+3Ch] |
| add ecx, eax |
| movzx eax, word ptr [ecx+14h] |
| lea edx, dword ptr [ecx+18h] |
| add edx, eax |
| movzx eax, word ptr [ecx+06h] |
| imul esi, eax, 28h |
| add esi, edx |
| jmp 00007F8D1CC37837h |
| mov ecx, dword ptr [edx+0Ch] |
| cmp dword ptr [ebp+0Ch], ecx |
| jc 00007F8D1CC3782Ch |
| mov eax, dword ptr [edx+08h] |
| add eax, ecx |
| cmp dword ptr [ebp+0Ch], eax |
| jc 00007F8D1CC3782Eh |
| add edx, 28h |
| cmp edx, esi |
| jne 00007F8D1CC37809h |
| xor eax, eax |
| pop esi |
| pop ebp |
| ret |
| mov eax, edx |
| jmp 00007F8D1CC3781Bh |
| push esi |
| call 00007F8D1CC3817Ch |
| test eax, eax |
| je 00007F8D1CC37842h |
| mov eax, dword ptr fs:[00000018h] |
| mov esi, 0057225Ch |
| mov edx, dword ptr [eax+04h] |
| jmp 00007F8D1CC37826h |
| cmp edx, eax |
| je 00007F8D1CC37832h |
| xor eax, eax |
| mov ecx, edx |
| lock cmpxchg dword ptr [esi], ecx |
| test eax, eax |
| jne 00007F8D1CC37812h |
| xor al, al |
| pop esi |
| ret |
| mov al, 01h |
| pop esi |
| ret |
| push ebp |
| mov ebp, esp |
| cmp dword ptr [ebp+08h], 00000000h |
| jne 00007F8D1CC37829h |
| mov byte ptr [00572260h], 00000001h |
| call 00007F8D1CC379FAh |
| call 00007F8D1CC37E89h |
| test al, al |
| jne 00007F8D1CC37826h |
| xor al, al |
| pop ebp |
| ret |
| call 00007F8D1CC37E7Ch |
| test al, al |
| jne 00007F8D1CC3782Ch |
| push 00000000h |
| call 00007F8D1CC37E71h |
| pop ecx |
| jmp 00007F8D1CC3780Bh |
| mov al, 01h |
| pop ebp |
| ret |
| push ebp |
| mov ebp, esp |
| cmp byte ptr [00572261h], 00000000h |
| je 00007F8D1CC37826h |
| mov al, 01h |
| pop ebp |
| ret |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x17318c | 0x104 | .idata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x174000 | 0x91c8 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x17e000 | 0x14e3c | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x16cd90 | 0x38 | .data |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x16ce00 | 0x18 | .data |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x16ccd0 | 0x40 | .data |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x173000 | 0x184 | .idata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x16a723 | 0x16a800 | 696dd121d58c6d04a28cc81258cdb8f5 | False | 0.3342544450431034 | data | 6.004719987583057 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .data | 0x16c000 | 0x65d4 | 0x6400 | 858b2ea462e8c05314963b79f45e20e8 | False | 0.2690625 | data | 4.367866622411197 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .idata | 0x173000 | 0xdd8 | 0xe00 | 8dda1530378a2027ab77c74ea2449135 | False | 0.41573660714285715 | data | 5.432830471357009 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .rsrc | 0x174000 | 0x91c8 | 0x9200 | 21b9f4f2eaeb905775d4a7cd568d7cc8 | False | 0.713693279109589 | data | 7.110296856296312 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x17e000 | 0x14e3c | 0x15000 | 70b896765e3c4dd5e37b69fb8a92d71f | False | 0.6722005208333334 | data | 6.822543440648515 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0x174160 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 3779 x 3779 px/m | Russian | Russia | 0.7296099290780141 |
| RT_ICON | 0x1745c8 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2304, resolution 3779 x 3779 px/m | Russian | Russia | 0.535655737704918 |
| RT_ICON | 0x174f50 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 3779 x 3779 px/m | Russian | Russia | 0.43597560975609756 |
| RT_ICON | 0x175ff8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 3779 x 3779 px/m | Russian | Russia | 0.3233402489626556 |
| RT_ICON | 0x1785a0 | 0x4bd3 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | Russian | Russia | 0.996754417598269 |
| RT_GROUP_ICON | 0x17d178 | 0x4c | data | Russian | Russia | 0.7763157894736842 |
| DLL | Import |
|---|---|
| KERNEL32.dll | LoadLibraryA, QueryPerformanceFrequency, CreateFileW, GetSystemInfo, GetProcAddress, FreeLibrary, QueryPerformanceCounter, GetTempPathW, WriteFile, CloseHandle, GetModuleHandleW, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, GetCurrentProcess, TerminateProcess |
| SHELL32.dll | ShellExecuteW |
| MSVCP140.dll | ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z, ?good@ios_base@std@@QBE_NXZ, ?uncaught_exceptions@std@@YAHXZ, ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A, ?_Xlength_error@std@@YAXPBD@Z, ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ, ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ, ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z, ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z, ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z, ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z |
| WININET.dll | InternetOpenUrlW, InternetOpenW, InternetReadFile, InternetCloseHandle |
| VCRUNTIME140.dll | __current_exception, memcpy, memchr, _CxxThrowException, __std_exception_destroy, __CxxFrameHandler3, memcmp, memmove, __current_exception_context, _except_handler4_common, __std_exception_copy, memset |
| api-ms-win-crt-stdio-l1-1-0.dll | __stdio_common_vswprintf_s, __p__commode, _set_fmode |
| api-ms-win-crt-heap-l1-1-0.dll | malloc, _callnewh, _set_new_mode, free |
| api-ms-win-crt-utility-l1-1-0.dll | rand, srand |
| api-ms-win-crt-time-l1-1-0.dll | _time64 |
| api-ms-win-crt-runtime-l1-1-0.dll | _exit, exit, _initterm_e, _initterm, _get_narrow_winmain_command_line, _initialize_narrow_environment, _configure_narrow_argv, _set_app_type, _seh_filter_exe, terminate, _cexit, _c_exit, _register_thread_local_exe_atexit_callback, _controlfp_s, _initialize_onexit_table, _invalid_parameter_noinfo_noreturn, _register_onexit_function, _crt_atexit |
| api-ms-win-crt-locale-l1-1-0.dll | _configthreadlocale |
| api-ms-win-crt-math-l1-1-0.dll | __setusermatherr, ceil |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| Russian | Russia |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-21T13:18:21.706231+0100 | 2058364 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat) | 1 | 192.168.2.7 | 60934 | 1.1.1.1 | 53 | UDP |
| 2024-12-21T13:18:21.859167+0100 | 2058360 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat) | 1 | 192.168.2.7 | 49217 | 1.1.1.1 | 53 | UDP |
| 2024-12-21T13:18:23.286867+0100 | 2058361 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) | 1 | 192.168.2.7 | 49715 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:23.286867+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49715 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:24.199146+0100 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.7 | 49715 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:24.199146+0100 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.7 | 49715 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:25.926745+0100 | 2058361 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) | 1 | 192.168.2.7 | 49727 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:25.926745+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49727 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:26.691089+0100 | 2049812 | ET MALWARE Lumma Stealer Related Activity M2 | 1 | 192.168.2.7 | 49727 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:26.691089+0100 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.7 | 49727 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:29.057008+0100 | 2058361 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) | 1 | 192.168.2.7 | 49745 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:29.057008+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49745 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:31.170364+0100 | 2058361 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) | 1 | 192.168.2.7 | 49750 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:31.170364+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49750 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:32.008169+0100 | 2048094 | ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration | 1 | 192.168.2.7 | 49750 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:33.593243+0100 | 2058361 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) | 1 | 192.168.2.7 | 49756 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:33.593243+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49756 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:35.898402+0100 | 2058361 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) | 1 | 192.168.2.7 | 49762 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:35.898402+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49762 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:38.349929+0100 | 2058361 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) | 1 | 192.168.2.7 | 49768 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:38.349929+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49768 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:38.355032+0100 | 2843864 | ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 | 1 | 192.168.2.7 | 49768 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:42.956761+0100 | 2058361 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) | 1 | 192.168.2.7 | 49784 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:42.956761+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49784 | 172.67.197.170 | 443 | TCP |
| 2024-12-21T13:18:43.752592+0100 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.7 | 49784 | 172.67.197.170 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 21, 2024 13:18:14.362648010 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:14.362677097 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:14.362746954 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:14.392345905 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:14.392368078 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:15.606420994 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:15.606528044 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:15.708201885 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:15.708228111 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:15.708575010 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:15.708647966 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:15.723675966 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:15.767338037 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.037965059 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.038063049 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.038090944 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.038122892 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.038146019 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.038163900 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.038232088 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.038255930 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.046406031 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.046471119 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.046547890 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.047975063 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.054909945 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.056513071 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.056519985 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.060096025 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.063092947 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.063158989 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.063195944 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.063294888 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.157898903 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.157994986 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.158090115 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.158181906 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.230325937 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.230436087 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.230459929 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.230515003 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.235595942 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.235657930 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.235697031 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.235744953 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.243365049 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.243438005 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.243478060 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.243537903 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.251243114 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.251303911 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.259054899 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.259119987 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.259179115 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.259228945 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.266815901 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.266884089 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.266978025 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.267041922 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.274638891 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.274709940 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.274725914 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.274779081 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.282346010 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.282407045 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.282439947 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.282512903 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.290293932 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.290369987 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.297971964 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.298049927 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.298062086 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.298120022 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.304076910 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.304140091 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.304164886 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.304219007 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.309977055 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.310036898 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.310086012 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.310163021 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.316294909 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.316359997 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.321978092 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.322041035 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.349836111 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.349946976 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.349967957 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.350048065 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.350058079 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.350105047 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.350135088 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.350184917 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.350208998 CET | 49700 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.350223064 CET | 443 | 49700 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.694973946 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.695008993 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:16.695175886 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.695431948 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:16.695450068 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:17.945722103 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:17.945796013 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:17.946405888 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:17.946420908 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:17.946624994 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:17.946631908 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.487654924 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.487814903 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.487829924 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.487873077 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.487909079 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.487919092 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.488218069 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.496027946 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.496272087 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.501220942 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.501358986 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.501370907 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.501498938 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.509635925 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.511920929 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.511931896 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.512011051 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.517918110 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.518027067 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.518218040 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.518300056 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.607878923 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.608129978 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.608151913 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.608256102 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.687714100 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.687885046 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.691318989 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.691442966 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.691468954 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.691606998 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.697446108 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.697779894 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.704941988 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.705118895 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.705132008 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.706260920 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.712697983 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.713212013 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.713221073 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.713279963 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.720369101 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.720725060 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.720733881 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.720959902 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.728157043 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.728341103 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.735924006 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.736139059 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.736149073 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.736633062 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.743575096 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.743802071 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.743810892 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.743896008 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.749553919 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.749706984 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.749722004 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.749828100 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.755631924 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.756009102 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.761462927 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.761698008 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.761706114 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.763284922 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.767482996 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.767569065 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.767591953 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.768239021 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.773560047 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.773739100 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.773746967 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.774152040 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.902044058 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.902057886 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.902098894 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.902178049 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.902203083 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.902298927 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.902327061 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.930543900 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.930562019 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.930850983 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.930865049 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.930953979 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.958589077 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.958607912 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.958765984 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.958765984 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:18.958784103 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:18.958856106 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.073527098 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.073596001 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.073704958 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.073719978 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.073770046 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.074182034 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.093802929 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.093849897 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.094006062 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.094006062 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.094018936 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.094224930 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.113539934 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.113585949 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.113702059 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.113702059 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.113712072 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.120165110 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.130167007 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.130235910 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.130357027 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.130357027 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.130373955 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.131961107 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.149142981 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.149193048 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.149327040 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.149327040 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.149342060 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.152296066 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.166855097 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.166899920 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.167061090 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.167061090 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.167077065 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.172276974 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.186073065 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.186122894 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.186167955 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.186182976 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.186253071 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.186253071 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.277466059 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.277520895 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.277748108 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.277748108 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.277765989 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.277816057 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.291249037 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.291294098 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.291348934 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.291363955 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.291435003 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.302464008 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.302509069 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.302584887 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.302602053 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.302666903 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.302666903 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.314776897 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.314821005 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.314873934 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.314887047 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.314951897 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.326129913 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.326195955 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.326253891 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.326266050 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.326340914 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.326340914 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.338360071 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.338387012 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.338493109 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.338505983 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.338532925 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.338629961 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.350318909 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.350372076 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.350497961 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.350516081 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.350533962 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.350596905 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.460386038 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.460453987 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.460505009 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.460519075 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.460575104 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.460575104 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.469017982 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.469063997 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.469100952 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.469115019 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.469166040 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.469166040 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.477488041 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.477534056 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.477612019 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.477612019 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.477626085 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.477682114 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.484754086 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.484800100 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.484841108 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.484853983 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.484873056 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.484955072 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.489319086 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.489376068 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.489396095 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.489408016 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.489455938 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.489455938 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.489514112 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:19.489665031 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.682475090 CET | 49701 | 443 | 192.168.2.7 | 185.199.110.133 |
| Dec 21, 2024 13:18:19.682507992 CET | 443 | 49701 | 185.199.110.133 | 192.168.2.7 |
| Dec 21, 2024 13:18:22.061521053 CET | 49715 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:22.061575890 CET | 443 | 49715 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:22.061683893 CET | 49715 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:22.062884092 CET | 49715 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:22.062899113 CET | 443 | 49715 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:23.286782026 CET | 443 | 49715 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:23.286866903 CET | 49715 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:23.291019917 CET | 49715 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:23.291029930 CET | 443 | 49715 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:23.291430950 CET | 443 | 49715 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:23.499352932 CET | 443 | 49715 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:23.499433994 CET | 49715 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:23.533401012 CET | 49715 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:23.533401012 CET | 49715 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:23.533518076 CET | 443 | 49715 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:24.199095964 CET | 443 | 49715 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:24.199189901 CET | 443 | 49715 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:24.199460983 CET | 49715 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:24.571177006 CET | 49715 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:24.571192980 CET | 443 | 49715 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:24.571233988 CET | 49715 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:24.571239948 CET | 443 | 49715 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:24.697623968 CET | 49727 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:24.697669983 CET | 443 | 49727 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:24.697819948 CET | 49727 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:24.704668045 CET | 49727 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:24.704687119 CET | 443 | 49727 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:25.926665068 CET | 443 | 49727 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:25.926744938 CET | 49727 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:25.991889000 CET | 49727 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:25.991929054 CET | 443 | 49727 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:25.992686033 CET | 443 | 49727 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:25.994462013 CET | 49727 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:25.994501114 CET | 49727 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:25.994626999 CET | 443 | 49727 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:26.691142082 CET | 443 | 49727 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:26.691270113 CET | 443 | 49727 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:26.691330910 CET | 49727 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:26.691350937 CET | 443 | 49727 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:26.691553116 CET | 443 | 49727 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:26.691607952 CET | 49727 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:26.691617012 CET | 443 | 49727 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:26.691737890 CET | 443 | 49727 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:26.691836119 CET | 443 | 49727 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:26.691967964 CET | 49727 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:26.691978931 CET | 443 | 49727 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:26.692023039 CET | 49727 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:26.699248075 CET | 443 | 49727 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:26.712037086 CET | 443 | 49727 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:26.712091923 CET | 49727 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:26.712111950 CET | 443 | 49727 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:26.810986996 CET | 443 | 49727 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:26.811136961 CET | 49727 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:26.811161041 CET | 443 | 49727 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:26.886573076 CET | 443 | 49727 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:26.886646032 CET | 49727 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:26.886670113 CET | 443 | 49727 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:26.886698961 CET | 443 | 49727 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:26.886894941 CET | 443 | 49727 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:26.886980057 CET | 49727 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:26.982439995 CET | 49727 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:26.982480049 CET | 443 | 49727 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:26.982500076 CET | 49727 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:26.982507944 CET | 443 | 49727 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:27.367425919 CET | 49745 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:27.367485046 CET | 443 | 49745 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:27.367567062 CET | 49745 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:27.368267059 CET | 49745 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:27.368284941 CET | 443 | 49745 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:29.056907892 CET | 443 | 49745 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:29.057008028 CET | 49745 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:29.089711905 CET | 49745 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:29.089734077 CET | 443 | 49745 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:29.090694904 CET | 443 | 49745 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:29.128771067 CET | 49745 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:29.128992081 CET | 49745 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:29.129045010 CET | 443 | 49745 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:29.907058001 CET | 443 | 49745 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:29.907356977 CET | 443 | 49745 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:29.907768965 CET | 49745 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:29.909080982 CET | 49745 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:29.909094095 CET | 443 | 49745 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:29.950427055 CET | 49750 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:29.950485945 CET | 443 | 49750 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:29.950568914 CET | 49750 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:29.953866959 CET | 49750 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:29.953902960 CET | 443 | 49750 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:31.170263052 CET | 443 | 49750 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:31.170363903 CET | 49750 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:31.172086000 CET | 49750 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:31.172106028 CET | 443 | 49750 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:31.172362089 CET | 443 | 49750 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:31.180527925 CET | 49750 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:31.180773973 CET | 49750 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:31.180840015 CET | 443 | 49750 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:31.180955887 CET | 49750 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:31.227365971 CET | 443 | 49750 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:32.008224964 CET | 443 | 49750 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:32.008449078 CET | 443 | 49750 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:32.008645058 CET | 49750 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:32.013927937 CET | 49750 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:32.013962984 CET | 443 | 49750 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:32.371221066 CET | 49756 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:32.371252060 CET | 443 | 49756 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:32.371335030 CET | 49756 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:32.372092962 CET | 49756 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:32.372123003 CET | 443 | 49756 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:33.593112946 CET | 443 | 49756 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:33.593242884 CET | 49756 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:33.595158100 CET | 49756 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:33.595166922 CET | 443 | 49756 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:33.596122980 CET | 443 | 49756 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:33.605659962 CET | 49756 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:33.605917931 CET | 49756 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:33.605963945 CET | 443 | 49756 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:33.606311083 CET | 49756 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:33.606323004 CET | 443 | 49756 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:34.569575071 CET | 443 | 49756 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:34.569806099 CET | 443 | 49756 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:34.570111036 CET | 49756 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:34.570322037 CET | 49756 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:34.570339918 CET | 443 | 49756 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:34.681658983 CET | 49762 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:34.681705952 CET | 443 | 49762 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:34.681865931 CET | 49762 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:34.682285070 CET | 49762 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:34.682300091 CET | 443 | 49762 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:35.898298979 CET | 443 | 49762 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:35.898401976 CET | 49762 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:35.904836893 CET | 49762 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:35.904860020 CET | 443 | 49762 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:35.905167103 CET | 443 | 49762 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:35.906920910 CET | 49762 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:35.907038927 CET | 49762 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:35.907044888 CET | 443 | 49762 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:36.685497999 CET | 443 | 49762 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:36.685769081 CET | 443 | 49762 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:36.685873032 CET | 49762 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:36.686002970 CET | 49762 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:36.686017036 CET | 443 | 49762 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:37.129431009 CET | 49768 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:37.129487038 CET | 443 | 49768 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:37.129965067 CET | 49768 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:37.129965067 CET | 49768 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:37.130002022 CET | 443 | 49768 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:38.349828005 CET | 443 | 49768 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:38.349929094 CET | 49768 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:38.351685047 CET | 49768 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:38.351695061 CET | 443 | 49768 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:38.352261066 CET | 443 | 49768 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:38.353733063 CET | 49768 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:38.354568005 CET | 49768 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:38.354608059 CET | 443 | 49768 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:38.354696989 CET | 49768 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:38.354723930 CET | 443 | 49768 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:38.354818106 CET | 49768 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:38.354892015 CET | 443 | 49768 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:38.355025053 CET | 49768 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:38.355046988 CET | 443 | 49768 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:38.355178118 CET | 49768 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:38.355201960 CET | 443 | 49768 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:38.355356932 CET | 49768 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:38.355385065 CET | 443 | 49768 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:38.355393887 CET | 49768 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:38.355663061 CET | 49768 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:38.355695963 CET | 49768 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:38.403331041 CET | 443 | 49768 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:38.403491974 CET | 49768 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:38.403537989 CET | 49768 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:38.447366953 CET | 443 | 49768 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:41.734683990 CET | 443 | 49768 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:41.734760046 CET | 443 | 49768 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:41.734891891 CET | 49768 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:41.735065937 CET | 49768 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:41.735083103 CET | 443 | 49768 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:41.741308928 CET | 49784 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:41.741326094 CET | 443 | 49784 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:41.741509914 CET | 49784 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:41.741849899 CET | 49784 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:41.741863966 CET | 443 | 49784 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:42.956662893 CET | 443 | 49784 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:42.956760883 CET | 49784 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:42.974689960 CET | 49784 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:42.974701881 CET | 443 | 49784 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:42.975483894 CET | 443 | 49784 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:42.995738983 CET | 49784 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:42.995754957 CET | 49784 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:42.995805979 CET | 443 | 49784 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:43.752666950 CET | 443 | 49784 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:43.752932072 CET | 443 | 49784 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:43.752996922 CET | 49784 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:43.753148079 CET | 49784 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:43.753158092 CET | 443 | 49784 | 172.67.197.170 | 192.168.2.7 |
| Dec 21, 2024 13:18:43.753169060 CET | 49784 | 443 | 192.168.2.7 | 172.67.197.170 |
| Dec 21, 2024 13:18:43.753173113 CET | 443 | 49784 | 172.67.197.170 | 192.168.2.7 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 21, 2024 13:18:14.215208054 CET | 61872 | 53 | 192.168.2.7 | 1.1.1.1 |
| Dec 21, 2024 13:18:14.352375984 CET | 53 | 61872 | 1.1.1.1 | 192.168.2.7 |
| Dec 21, 2024 13:18:21.471757889 CET | 58991 | 53 | 192.168.2.7 | 1.1.1.1 |
| Dec 21, 2024 13:18:21.697307110 CET | 53 | 58991 | 1.1.1.1 | 192.168.2.7 |
| Dec 21, 2024 13:18:21.706231117 CET | 60934 | 53 | 192.168.2.7 | 1.1.1.1 |
| Dec 21, 2024 13:18:21.844022036 CET | 53 | 60934 | 1.1.1.1 | 192.168.2.7 |
| Dec 21, 2024 13:18:21.859167099 CET | 49217 | 53 | 192.168.2.7 | 1.1.1.1 |
| Dec 21, 2024 13:18:21.997839928 CET | 53 | 49217 | 1.1.1.1 | 192.168.2.7 |
| Dec 21, 2024 13:18:27.309855938 CET | 57168 | 53 | 192.168.2.7 | 1.1.1.1 |
| Dec 21, 2024 13:18:40.506823063 CET | 62719 | 53 | 192.168.2.7 | 1.1.1.1 |
| Dec 21, 2024 13:18:54.038906097 CET | 54171 | 53 | 192.168.2.7 | 1.1.1.1 |
| Dec 21, 2024 13:19:18.164113998 CET | 56434 | 53 | 192.168.2.7 | 1.1.1.1 |
| Dec 21, 2024 13:19:42.242022991 CET | 63396 | 53 | 192.168.2.7 | 1.1.1.1 |
| Dec 21, 2024 13:20:06.335791111 CET | 58648 | 53 | 192.168.2.7 | 1.1.1.1 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Dec 21, 2024 13:18:14.215208054 CET | 192.168.2.7 | 1.1.1.1 | 0xedf1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 21, 2024 13:18:21.471757889 CET | 192.168.2.7 | 1.1.1.1 | 0xf1a9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 21, 2024 13:18:21.706231117 CET | 192.168.2.7 | 1.1.1.1 | 0xcce | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 21, 2024 13:18:21.859167099 CET | 192.168.2.7 | 1.1.1.1 | 0xb6ba | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 21, 2024 13:18:27.309855938 CET | 192.168.2.7 | 1.1.1.1 | 0xb7f9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 21, 2024 13:18:40.506823063 CET | 192.168.2.7 | 1.1.1.1 | 0x5f5f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 21, 2024 13:18:54.038906097 CET | 192.168.2.7 | 1.1.1.1 | 0x2fe4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 21, 2024 13:19:18.164113998 CET | 192.168.2.7 | 1.1.1.1 | 0xb890 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 21, 2024 13:19:42.242022991 CET | 192.168.2.7 | 1.1.1.1 | 0x9a92 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 21, 2024 13:20:06.335791111 CET | 192.168.2.7 | 1.1.1.1 | 0x3920 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Dec 21, 2024 13:18:14.352375984 CET | 1.1.1.1 | 192.168.2.7 | 0xedf1 | No error (0) | 185.199.110.133 | A (IP address) | IN (0x0001) | false | ||
| Dec 21, 2024 13:18:14.352375984 CET | 1.1.1.1 | 192.168.2.7 | 0xedf1 | No error (0) | 185.199.108.133 | A (IP address) | IN (0x0001) | false | ||
| Dec 21, 2024 13:18:14.352375984 CET | 1.1.1.1 | 192.168.2.7 | 0xedf1 | No error (0) | 185.199.109.133 | A (IP address) | IN (0x0001) | false | ||
| Dec 21, 2024 13:18:14.352375984 CET | 1.1.1.1 | 192.168.2.7 | 0xedf1 | No error (0) | 185.199.111.133 | A (IP address) | IN (0x0001) | false | ||
| Dec 21, 2024 13:18:21.697307110 CET | 1.1.1.1 | 192.168.2.7 | 0xf1a9 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Dec 21, 2024 13:18:21.844022036 CET | 1.1.1.1 | 192.168.2.7 | 0xcce | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Dec 21, 2024 13:18:21.997839928 CET | 1.1.1.1 | 192.168.2.7 | 0xb6ba | No error (0) | 172.67.197.170 | A (IP address) | IN (0x0001) | false | ||
| Dec 21, 2024 13:18:21.997839928 CET | 1.1.1.1 | 192.168.2.7 | 0xb6ba | No error (0) | 104.21.21.99 | A (IP address) | IN (0x0001) | false | ||
| Dec 21, 2024 13:18:25.669167995 CET | 1.1.1.1 | 192.168.2.7 | 0x476 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
| Dec 21, 2024 13:18:25.669167995 CET | 1.1.1.1 | 192.168.2.7 | 0x476 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
| Dec 21, 2024 13:18:27.549725056 CET | 1.1.1.1 | 192.168.2.7 | 0xb7f9 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Dec 21, 2024 13:18:40.644925117 CET | 1.1.1.1 | 192.168.2.7 | 0x5f5f | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Dec 21, 2024 13:18:54.276952028 CET | 1.1.1.1 | 192.168.2.7 | 0x2fe4 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Dec 21, 2024 13:19:18.389977932 CET | 1.1.1.1 | 192.168.2.7 | 0xb890 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Dec 21, 2024 13:19:42.463949919 CET | 1.1.1.1 | 192.168.2.7 | 0x9a92 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Dec 21, 2024 13:20:06.729669094 CET | 1.1.1.1 | 192.168.2.7 | 0x3920 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.7 | 49700 | 185.199.110.133 | 443 | 6920 | C:\Users\user\Desktop\Navan - Itinerary.pdf.scr.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-21 12:18:15 UTC | 156 | OUT | |
| 2024-12-21 12:18:16 UTC | 899 | IN | |
| 2024-12-21 12:18:16 UTC | 1378 | IN | |
| 2024-12-21 12:18:16 UTC | 1378 | IN | |
| 2024-12-21 12:18:16 UTC | 1378 | IN | |
| 2024-12-21 12:18:16 UTC | 1378 | IN | |
| 2024-12-21 12:18:16 UTC | 1378 | IN | |
| 2024-12-21 12:18:16 UTC | 1378 | IN | |
| 2024-12-21 12:18:16 UTC | 1378 | IN | |
| 2024-12-21 12:18:16 UTC | 1378 | IN | |
| 2024-12-21 12:18:16 UTC | 1378 | IN | |
| 2024-12-21 12:18:16 UTC | 1378 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.7 | 49701 | 185.199.110.133 | 443 | 6920 | C:\Users\user\Desktop\Navan - Itinerary.pdf.scr.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-21 12:18:17 UTC | 155 | OUT | |
| 2024-12-21 12:18:18 UTC | 902 | IN | |
| 2024-12-21 12:18:18 UTC | 1378 | IN | |
| 2024-12-21 12:18:18 UTC | 1378 | IN | |
| 2024-12-21 12:18:18 UTC | 1378 | IN | |
| 2024-12-21 12:18:18 UTC | 1378 | IN | |
| 2024-12-21 12:18:18 UTC | 1378 | IN | |
| 2024-12-21 12:18:18 UTC | 1378 | IN | |
| 2024-12-21 12:18:18 UTC | 1378 | IN | |
| 2024-12-21 12:18:18 UTC | 1378 | IN | |
| 2024-12-21 12:18:18 UTC | 1378 | IN | |
| 2024-12-21 12:18:18 UTC | 1378 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.7 | 49715 | 172.67.197.170 | 443 | 6748 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-21 12:18:23 UTC | 261 | OUT | |
| 2024-12-21 12:18:23 UTC | 8 | OUT | |
| 2024-12-21 12:18:24 UTC | 1123 | IN | |
| 2024-12-21 12:18:24 UTC | 7 | IN | |
| 2024-12-21 12:18:24 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.7 | 49727 | 172.67.197.170 | 443 | 6748 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-21 12:18:25 UTC | 262 | OUT | |
| 2024-12-21 12:18:25 UTC | 48 | OUT | |
| 2024-12-21 12:18:26 UTC | 1129 | IN | |
| 2024-12-21 12:18:26 UTC | 240 | IN | |
| 2024-12-21 12:18:26 UTC | 1369 | IN | |
| 2024-12-21 12:18:26 UTC | 1369 | IN | |
| 2024-12-21 12:18:26 UTC | 1369 | IN | |
| 2024-12-21 12:18:26 UTC | 911 | IN | |
| 2024-12-21 12:18:26 UTC | 1369 | IN | |
| 2024-12-21 12:18:26 UTC | 1369 | IN | |
| 2024-12-21 12:18:26 UTC | 1369 | IN | |
| 2024-12-21 12:18:26 UTC | 1369 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.7 | 49745 | 172.67.197.170 | 443 | 6748 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-21 12:18:29 UTC | 276 | OUT | |
| 2024-12-21 12:18:29 UTC | 12821 | OUT | |
| 2024-12-21 12:18:29 UTC | 1136 | IN | |
| 2024-12-21 12:18:29 UTC | 20 | IN | |
| 2024-12-21 12:18:29 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.7 | 49750 | 172.67.197.170 | 443 | 6748 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-21 12:18:31 UTC | 273 | OUT | |
| 2024-12-21 12:18:31 UTC | 15035 | OUT | |
| 2024-12-21 12:18:32 UTC | 1139 | IN | |
| 2024-12-21 12:18:32 UTC | 20 | IN | |
| 2024-12-21 12:18:32 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.7 | 49756 | 172.67.197.170 | 443 | 6748 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-21 12:18:33 UTC | 281 | OUT | |
| 2024-12-21 12:18:33 UTC | 15331 | OUT | |
| 2024-12-21 12:18:33 UTC | 5077 | OUT | |
| 2024-12-21 12:18:34 UTC | 1139 | IN | |
| 2024-12-21 12:18:34 UTC | 20 | IN | |
| 2024-12-21 12:18:34 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.7 | 49762 | 172.67.197.170 | 443 | 6748 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-21 12:18:35 UTC | 273 | OUT | |
| 2024-12-21 12:18:35 UTC | 1235 | OUT | |
| 2024-12-21 12:18:36 UTC | 1130 | IN | |
| 2024-12-21 12:18:36 UTC | 20 | IN | |
| 2024-12-21 12:18:36 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.7 | 49768 | 172.67.197.170 | 443 | 6748 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-21 12:18:38 UTC | 277 | OUT | |
| 2024-12-21 12:18:38 UTC | 15331 | OUT | |
| 2024-12-21 12:18:38 UTC | 15331 | OUT | |
| 2024-12-21 12:18:38 UTC | 15331 | OUT | |
| 2024-12-21 12:18:38 UTC | 15331 | OUT | |
| 2024-12-21 12:18:38 UTC | 15331 | OUT | |
| 2024-12-21 12:18:38 UTC | 15331 | OUT | |
| 2024-12-21 12:18:38 UTC | 15331 | OUT | |
| 2024-12-21 12:18:38 UTC | 15331 | OUT | |
| 2024-12-21 12:18:38 UTC | 15331 | OUT | |
| 2024-12-21 12:18:38 UTC | 15331 | OUT | |
| 2024-12-21 12:18:41 UTC | 1137 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.7 | 49784 | 172.67.197.170 | 443 | 6748 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-21 12:18:42 UTC | 262 | OUT | |
| 2024-12-21 12:18:42 UTC | 83 | OUT | |
| 2024-12-21 12:18:43 UTC | 1122 | IN | |
| 2024-12-21 12:18:43 UTC | 54 | IN | |
| 2024-12-21 12:18:43 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 07:18:03 |
| Start date: | 21/12/2024 |
| Path: | C:\Users\user\Desktop\Navan - Itinerary.pdf.scr.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x500000 |
| File size: | 1'638'400 bytes |
| MD5 hash: | 168E0D79AA66EFD4C83CB8A745D6157A |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 9 |
| Start time: | 07:18:15 |
| Start date: | 21/12/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff702560000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 10 |
| Start time: | 07:18:16 |
| Start date: | 21/12/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6c3ff0000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 12 |
| Start time: | 07:18:17 |
| Start date: | 21/12/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6c3ff0000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 13 |
| Start time: | 07:18:19 |
| Start date: | 21/12/2024 |
| Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xcf0000 |
| File size: | 45'984 bytes |
| MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 6.6% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 2.3% |
| Total number of Nodes: | 87 |
| Total number of Limit Nodes: | 8 |
Graph
Function 005D7458 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0066488D Relevance: 6.1, APIs: 4, Instructions: 59COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006631B6 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00663250 Relevance: 1.3, APIs: 1, Instructions: 42COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006653A4 Relevance: 9.1, APIs: 6, Instructions: 70COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00665294 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00664EB1 Relevance: 1.7, APIs: 1, Instructions: 242COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0066275A Relevance: 7.6, APIs: 5, Instructions: 142COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00663824 Relevance: 7.6, APIs: 5, Instructions: 112COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006624A6 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00662D4F Relevance: 5.1, APIs: 4, Instructions: 69COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 8.8% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 38.5% |
| Total number of Nodes: | 314 |
| Total number of Limit Nodes: | 8 |
Graph
Function 00437DF0 Relevance: 28.6, APIs: 11, Strings: 5, Instructions: 640memorycomCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00415799 Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 492encryptionCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00409580 Relevance: 9.2, Strings: 7, Instructions: 442COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408850 Relevance: 7.7, APIs: 5, Instructions: 194threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043C1F0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043C767 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B70C Relevance: 1.3, Strings: 1, Instructions: 61COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043ECA0 Relevance: .3, Instructions: 272COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00433CDF Relevance: 3.0, APIs: 2, Instructions: 47COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042E4A9 Relevance: 1.6, APIs: 1, Instructions: 106COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00436145 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043C2C8 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043C180 Relevance: 1.5, APIs: 1, Instructions: 35memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043169A Relevance: 1.5, APIs: 1, Instructions: 23COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00430469 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040C550 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040C583 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043AAA0 Relevance: 1.5, APIs: 1, Instructions: 13memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043AA80 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041CB40 Relevance: 10.7, Strings: 8, Instructions: 658COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408F50 Relevance: 9.0, Strings: 7, Instructions: 223COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041E7C0 Relevance: 5.8, Strings: 4, Instructions: 779COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042CA49 Relevance: 5.3, Strings: 4, Instructions: 302COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042CB22 Relevance: 5.3, Strings: 4, Instructions: 299COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042CAD0 Relevance: 5.3, Strings: 4, Instructions: 295COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042CB11 Relevance: 5.3, Strings: 4, Instructions: 271COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00417DEE Relevance: 4.7, Strings: 3, Instructions: 998COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041759F Relevance: 4.4, Strings: 3, Instructions: 671COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041D380 Relevance: 4.2, Strings: 3, Instructions: 453COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042DFE9 Relevance: 4.1, Strings: 3, Instructions: 332COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041B2E0 Relevance: 4.0, Strings: 3, Instructions: 231COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040DBD9 Relevance: 3.0, Strings: 2, Instructions: 528COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004179C1 Relevance: 2.8, Strings: 2, Instructions: 327COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00418591 Relevance: 2.6, Strings: 2, Instructions: 115COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043B1D0 Relevance: 1.9, Strings: 1, Instructions: 653COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00425E30 Relevance: 1.7, Strings: 1, Instructions: 431COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00438810 Relevance: 1.7, Strings: 1, Instructions: 426COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00416263 Relevance: 1.7, Strings: 1, Instructions: 405COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042B170 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041D83A Relevance: 1.5, Strings: 1, Instructions: 224COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00417380 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00428B61 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041682D Relevance: .8, Instructions: 761COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004074F0 Relevance: .6, Instructions: 611COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004197C2 Relevance: .6, Instructions: 596COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004291DD Relevance: .5, Instructions: 549COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405990 Relevance: .4, Instructions: 448COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00415220 Relevance: .4, Instructions: 436COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00426B95 Relevance: .4, Instructions: 356COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043F330 Relevance: .3, Instructions: 349COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00422190 Relevance: .3, Instructions: 330COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043EFB0 Relevance: .3, Instructions: 320COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00429C2B Relevance: .3, Instructions: 298COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043AEC0 Relevance: .2, Instructions: 237COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004385E0 Relevance: .2, Instructions: 192COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00425E70 Relevance: .2, Instructions: 186COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041BF14 Relevance: .1, Instructions: 68COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00435450 Relevance: .1, Instructions: 64COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042A700 Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00428D93 Relevance: .0, Instructions: 41COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043CA93 Relevance: .0, Instructions: 29COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00423086 Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00427AD3 Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041C653 Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040BFFD Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042984F Relevance: .0, Instructions: 8COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00431715 Relevance: 36.9, APIs: 1, Strings: 20, Instructions: 154memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004312D1 Relevance: 36.9, APIs: 1, Strings: 20, Instructions: 150memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|