Edit tour
Windows
Analysis Report
ppISxhDcpF.exe
Overview
General Information
| Sample name: | ppISxhDcpF.exerenamed because original name is a hash value |
| Original sample name: | 8dbe0f8d14496475bd0c298df8763deab33ec4a0a55880fb0b823586f65bc10a.exe |
| Analysis ID: | 1587988 |
| MD5: | e64faf30918d71691dfde574dd5a6fcb |
| SHA1: | 1d2f1edd94620404e15df9369049c3ef1b6c2761 |
| SHA256: | 8dbe0f8d14496475bd0c298df8763deab33ec4a0a55880fb0b823586f65bc10a |
| Tags: | exeGuLoaderuser-adrian__luca |
| Infos: |  |
 | |
Detection
GuLoader, MassLogger RAT
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected MassLogger RAT
Yara detected Telegram RAT
AI detected suspicious sample
Disable Task Manager(disabletaskmgr)
Disables CMD prompt
Disables the Windows task manager (taskmgr)
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Classification
- System is w10x64
ppISxhDcpF.exe (PID: 7096 cmdline: "C:\Users\ user\Deskt op\ppISxhD cpF.exe" MD5: E64FAF30918D71691DFDE574DD5A6FCB) - ppISxhDcpF.exe (PID: 4932 cmdline:
"C:\Users\ user\Deskt op\ppISxhD cpF.exe" MD5: E64FAF30918D71691DFDE574DD5A6FCB)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
{"C2 url": "https://api.telegram.org/bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendMessage"}{"EXfil Mode": "Telegram", "Telegram Token": "7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc", "Telegram Chatid": "7382809095"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| Click to see the 3 entries | ||||
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T20:10:25.952826+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49775 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:27.872981+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49789 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:29.585453+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49801 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:31.367472+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49815 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:33.195949+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49830 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:35.280818+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49842 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:38.087273+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49863 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:39.918825+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49873 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:42.687233+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49893 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:44.442650+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49906 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:52.335658+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49956 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:55.403341+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49978 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:58.416665+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 50000 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:11:00.510043+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 50006 | 149.154.167.220 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T20:10:16.856578+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.8 | 49712 | 132.226.8.169 | 80 | TCP |
| 2025-01-10T20:10:24.778471+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.8 | 49712 | 132.226.8.169 | 80 | TCP |
| 2025-01-10T20:10:27.028453+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.8 | 49784 | 132.226.8.169 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T20:10:03.127284+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.8 | 49710 | 172.217.23.110 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T20:10:25.435623+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49775 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:27.603149+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49789 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:29.349109+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49801 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:31.086496+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49815 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:32.825927+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49830 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:34.821711+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49842 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:37.780527+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49863 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:39.593758+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49873 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:42.401129+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49893 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:44.222787+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49906 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:51.846532+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49956 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:54.932118+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49978 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:58.032597+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 50000 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:11:00.155427+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 50006 | 149.154.167.220 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | ||
| Source: | Integrated Neural Analysis Model: | ||
Location Tracking | |
|---|
| Source: | DNS query: | ||
| Source: | Code function: | 5_2_3801D1EC | |
| Source: | Code function: | 5_2_3801D9D9 | |
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00405846 | |
| Source: | Code function: | 0_2_004027FB | |
| Source: | Code function: | 0_2_00406398 | |
| Source: | Code function: | 5_2_00405846 | |
| Source: | Code function: | 5_2_004027FB | |
| Source: | Code function: | 5_2_00406398 | |
| Source: | Code function: | 5_2_380103AF | |
| Source: | Code function: | 5_2_38010C28 | |
| Source: | Code function: | 5_2_3801C638 | |
| Source: | Code function: | 5_2_3801F05A | |
| Source: | Code function: | 5_2_3801B07F | |
| Source: | Code function: | 5_2_3801B930 | |
| Source: | Code function: | 5_2_3801C1F2 | |
| Source: | Code function: | 5_2_3801DA89 | |
| Source: | Code function: | 5_2_3801E339 | |
| Source: | Code function: | 5_2_3801EBF2 | |
| Source: | Code function: | 5_2_38010C1B | |
| Source: | Code function: | 5_2_3801B4F2 | |
| Source: | Code function: | 5_2_3801BDA2 | |
| Source: | Code function: | 5_2_3801DEE1 | |
| Source: | Code function: | 5_2_38010F6F | |
| Source: | Code function: | 5_2_3801E790 | |
| Source: | Code function: | 5_2_384BBDF0 | |
| Source: | Code function: | 5_2_384B8650 | |
| Source: | Code function: | 5_2_384B8650 | |
| Source: | Code function: | 5_2_384B1858 | |
| Source: | Code function: | 5_2_384B7070 | |
| Source: | Code function: | 5_2_384B4820 | |
| Source: | Code function: | 5_2_384B2108 | |
| Source: | Code function: | 5_2_384BC92F | |
| Source: | Code function: | 5_2_384B8193 | |
| Source: | Code function: | 5_2_384B29B8 | |
| Source: | Code function: | 5_2_384B3268 | |
| Source: | Code function: | 5_2_384B5208 | |
| Source: | Code function: | 5_2_384B5AB8 | |
| Source: | Code function: | 5_2_384B7B4F | |
| Source: | Code function: | 5_2_384B6368 | |
| Source: | Code function: | 5_2_384B8373 | |
| Source: | Code function: | 5_2_384B3B18 | |
| Source: | Code function: | 5_2_384B43C8 | |
| Source: | Code function: | 5_2_384BCBE7 | |
| Source: | Code function: | 5_2_384B1400 | |
| Source: | Code function: | 5_2_384B6C18 | |
| Source: | Code function: | 5_2_384B74C8 | |
| Source: | Code function: | 5_2_384B1CB0 | |
| Source: | Code function: | 5_2_384B2560 | |
| Source: | Code function: | 5_2_384B4DB0 | |
| Source: | Code function: | 5_2_384B5660 | |
| Source: | Code function: | 5_2_384B2E10 | |
| Source: | Code function: | 5_2_384B36C0 | |
| Source: | Code function: | 5_2_384B3F70 | |
| Source: | Code function: | 5_2_384B5F10 | |
| Source: | Code function: | 5_2_384B67C0 | |
| Source: | Code function: | 5_2_384B0FA8 | |
| Source: | Code function: | 5_2_389EE790 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_004052F3 | |
| Source: | Code function: | 0_2_004032A0 | |
| Source: | Code function: | 5_2_004032A0 | |
| Source: | Code function: | 0_2_00404B30 | |
| Source: | Code function: | 0_2_00407041 | |
| Source: | Code function: | 0_2_0040686A | |
| Source: | Code function: | 5_2_00407041 | |
| Source: | Code function: | 5_2_0040686A | |
| Source: | Code function: | 5_2_00404B30 | |
| Source: | Code function: | 5_2_001560E0 | |
| Source: | Code function: | 5_2_00154348 | |
| Source: | Code function: | 5_2_00158DF8 | |
| Source: | Code function: | 5_2_00155978 | |
| Source: | Code function: | 5_2_00154329 | |
| Source: | Code function: | 5_2_38017848 | |
| Source: | Code function: | 5_2_38015876 | |
| Source: | Code function: | 5_2_3801331A | |
| Source: | Code function: | 5_2_380103AF | |
| Source: | Code function: | 5_2_3801CCA0 | |
| Source: | Code function: | 5_2_3801C638 | |
| Source: | Code function: | 5_2_3801F05A | |
| Source: | Code function: | 5_2_3801B07F | |
| Source: | Code function: | 5_2_3801B930 | |
| Source: | Code function: | 5_2_3801C1F2 | |
| Source: | Code function: | 5_2_3801DA89 | |
| Source: | Code function: | 5_2_3801E339 | |
| Source: | Code function: | 5_2_3801E347 | |
| Source: | Code function: | 5_2_3801EBF2 | |
| Source: | Code function: | 5_2_3801CCA2 | |
| Source: | Code function: | 5_2_3801B4F2 | |
| Source: | Code function: | 5_2_3801BDA2 | |
| Source: | Code function: | 5_2_38017628 | |
| Source: | Code function: | 5_2_38016E91 | |
| Source: | Code function: | 5_2_38016EA0 | |
| Source: | Code function: | 5_2_3801DEE1 | |
| Source: | Code function: | 5_2_38017F60 | |
| Source: | Code function: | 5_2_3801E790 | |
| Source: | Code function: | 5_2_3801E79F | |
| Source: | Code function: | 5_2_384BA9B0 | |
| Source: | Code function: | 5_2_384BBA88 | |
| Source: | Code function: | 5_2_384BA360 | |
| Source: | Code function: | 5_2_384B9D10 | |
| Source: | Code function: | 5_2_384BBDF0 | |
| Source: | Code function: | 5_2_384B8650 | |
| Source: | Code function: | 5_2_384B96C8 | |
| Source: | Code function: | 5_2_384B1848 | |
| Source: | Code function: | 5_2_384B0040 | |
| Source: | Code function: | 5_2_384B1858 | |
| Source: | Code function: | 5_2_384B7061 | |
| Source: | Code function: | 5_2_384B7070 | |
| Source: | Code function: | 5_2_384B4820 | |
| Source: | Code function: | 5_2_384B20F8 | |
| Source: | Code function: | 5_2_384B2108 | |
| Source: | Code function: | 5_2_384BF128 | |
| Source: | Code function: | 5_2_384BF130 | |
| Source: | Code function: | 5_2_384B51F8 | |
| Source: | Code function: | 5_2_384BA9A0 | |
| Source: | Code function: | 5_2_384B29B8 | |
| Source: | Code function: | 5_2_384B3258 | |
| Source: | Code function: | 5_2_384B3268 | |
| Source: | Code function: | 5_2_384B5208 | |
| Source: | Code function: | 5_2_384BBA97 | |
| Source: | Code function: | 5_2_384B5AA8 | |
| Source: | Code function: | 5_2_384B5AB8 | |
| Source: | Code function: | 5_2_384B7B4F | |
| Source: | Code function: | 5_2_384B6358 | |
| Source: | Code function: | 5_2_384BA352 | |
| Source: | Code function: | 5_2_384B6368 | |
| Source: | Code function: | 5_2_384B3B08 | |
| Source: | Code function: | 5_2_384B3B18 | |
| Source: | Code function: | 5_2_384B43C8 | |
| Source: | Code function: | 5_2_384B6C09 | |
| Source: | Code function: | 5_2_384B1400 | |
| Source: | Code function: | 5_2_384B6C18 | |
| Source: | Code function: | 5_2_384B74C8 | |
| Source: | Code function: | 5_2_384B1CA0 | |
| Source: | Code function: | 5_2_384B74B8 | |
| Source: | Code function: | 5_2_384B1CB0 | |
| Source: | Code function: | 5_2_384B255F | |
| Source: | Code function: | 5_2_384B2550 | |
| Source: | Code function: | 5_2_384B2560 | |
| Source: | Code function: | 5_2_384B9D00 | |
| Source: | Code function: | 5_2_384B4DB2 | |
| Source: | Code function: | 5_2_384B4DB0 | |
| Source: | Code function: | 5_2_384B8640 | |
| Source: | Code function: | 5_2_384B565F | |
| Source: | Code function: | 5_2_384B5650 | |
| Source: | Code function: | 5_2_384B5660 | |
| Source: | Code function: | 5_2_384B2E00 | |
| Source: | Code function: | 5_2_384B2E10 | |
| Source: | Code function: | 5_2_384B36C2 | |
| Source: | Code function: | 5_2_384B36C0 | |
| Source: | Code function: | 5_2_384B96B8 | |
| Source: | Code function: | 5_2_384B3F72 | |
| Source: | Code function: | 5_2_384B3F70 | |
| Source: | Code function: | 5_2_384B5F10 | |
| Source: | Code function: | 5_2_384B67C0 | |
| Source: | Code function: | 5_2_384BAFE8 | |
| Source: | Code function: | 5_2_384BAFF8 | |
| Source: | Code function: | 5_2_384BAFF7 | |
| Source: | Code function: | 5_2_384B0F98 | |
| Source: | Code function: | 5_2_384B0FA8 | |
| Source: | Code function: | 5_2_384B67B0 | |
| Source: | Code function: | 5_2_389E6FA0 | |
| Source: | Code function: | 5_2_389ED608 | |
| Source: | Code function: | 5_2_389EE790 | |
| Source: | Code function: | 5_2_389E8328 | |
| Source: | Code function: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_004032A0 | |
| Source: | Code function: | 5_2_004032A0 | |
| Source: | Code function: | 0_2_004045B4 | |
| Source: | Code function: | 0_2_00402095 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | LNK file: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Code function: | 0_2_10001B18 | |
| Source: | Code function: | 0_2_10002E0E | |
| Source: | Code function: | 5_2_0015A492 | |
| Source: | Code function: | 5_2_0015A4FD | |
| Source: | File created: | Jump to dropped file | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | API coverage: | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 0_2_00405846 | |
| Source: | Code function: | 0_2_004027FB | |
| Source: | Code function: | 0_2_00406398 | |
| Source: | Code function: | 5_2_00405846 | |
| Source: | Code function: | 5_2_004027FB | |
| Source: | Code function: | 5_2_00406398 | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-3749 | ||
| Source: | API call chain: | graph_0-3931 | ||
| Source: | Code function: | 0_2_00403C41 | |
| Source: | Code function: | 0_2_10001B18 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00406077 | |
| Source: | Key value queried: | Jump to behavior | ||
Lowering of HIPS / PFW / Operating System Security Settings | |
|---|
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry key created or modified: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Access Token Manipulation | 1 Masquerading | 1 OS Credential Dumping | 21 Security Software Discovery | Remote Services | 1 Email Collection | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 11 Process Injection | 31 Disable or Modify Tools | LSASS Memory | 31 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 31 Virtualization/Sandbox Evasion | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | 1 Data from Local System | 1 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Access Token Manipulation | NTDS | 1 System Network Configuration Discovery | Distributed Component Object Model | 1 Clipboard Data | 3 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Process Injection | LSA Secrets | 2 File and Directory Discovery | SSH | Keylogging | 14 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Deobfuscate/Decode Files or Information | Cached Domain Credentials | 215 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 3 Obfuscated Files or Information | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 58% | ReversingLabs | Win32.Trojan.Guloader |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| drive.google.com | 172.217.23.110 | true | false | high | |
| drive.usercontent.google.com | 142.250.181.225 | true | false | high | |
| reallyfreegeoip.org | 104.21.96.1 | true | false | high | |
| api.telegram.org | 149.154.167.220 | true | false | high | |
| checkip.dyndns.com | 132.226.8.169 | true | false | high | |
| checkip.dyndns.org | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 172.217.23.110 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
| 132.226.8.169 | checkip.dyndns.com | United States | 16989 | UTMEMUS | false | |
| 149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
| 142.250.181.225 | drive.usercontent.google.com | United States | 15169 | GOOGLEUS | false | |
| 104.21.96.1 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1587988 |
| Start date and time: | 2025-01-10 20:07:53 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 7m 40s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 8 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | ppISxhDcpF.exerenamed because original name is a hash value |
| Original Sample Name: | 8dbe0f8d14496475bd0c298df8763deab33ec4a0a55880fb0b823586f65bc10a.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/8@5/5 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 4.245.163.56, 13.107.246.45
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: ppISxhDcpF.exe
| Time | Type | Description |
|---|---|---|
| 14:10:23 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 132.226.8.169 | Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| |
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| 149.154.167.220 | Get hash | malicious | GuLoader, MassLogger RAT | Browse | ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | MassLogger RAT | Browse | |||
| Get hash | malicious | MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| reallyfreegeoip.org | Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| api.telegram.org | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| checkip.dyndns.com | Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| TELEGRAMRU | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| UTMEMUS | Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| |
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nscAF7B.tmp\System.dll | Get hash | malicious | GuLoader, MassLogger RAT | Browse | ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\Abreaction.Abe
Download File
| Process: | C:\Users\user\Desktop\ppISxhDcpF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 253850 |
| Entropy (8bit): | 7.814291711551856 |
| Encrypted: | false |
| SSDEEP: | 6144:th5qC8VFwfWGF9gU+SSiuotrbiTK5PAjWK:v5qTwfWGDP/S+iTKxAyK |
| MD5: | A35A134475F9882F13DE626FD7FDA2E4 |
| SHA1: | FD56DEFCA8227313348EDA3287816ADD12E08EB8 |
| SHA-256: | BBD476BAF2D2BE3CF63487ACE11603B437C317FD6849FB794A8342E0108A5AD8 |
| SHA-512: | 80B4A6546629E28AA8B820BAD2E3E0AC57AC84E858ABE25C90735A8CCFE837946A6B3F00B983EB6FBDBCDF11B13822263A2E573F8D51D2DB04DD9BA0E4CCCF23 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\Needlings.Mic
Download File
| Process: | C:\Users\user\Desktop\ppISxhDcpF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 14599 |
| Entropy (8bit): | 4.542958055672668 |
| Encrypted: | false |
| SSDEEP: | 192:xrZr1+9qMultEuBh8CSs8ywUdBzB60Lct+01sJXiFhyWbSlXia1mtpt:x9r1+mlHP8ywUvc801sJXi2WbSlyASt |
| MD5: | A246367D6459D338115FB171AE048F4F |
| SHA1: | 095776AA1A6C8E191C2BE7C827FBCF978987BBFB |
| SHA-256: | 6D535560BAF2D8E5098DDC441E70694853BCB3E0A7411916888754B8D2BB27BB |
| SHA-512: | 95F546C51860DC7366D613B739060A65C743784C5FFE3343FDA6421B5D7A227FB741DD64644F39B6686D95B39C2F143A8BA3B50384271A66EB14326D3E3F96B8 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\Riprap43.gaw
Download File
| Process: | C:\Users\user\Desktop\ppISxhDcpF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 56641 |
| Entropy (8bit): | 1.2318917163845036 |
| Encrypted: | false |
| SSDEEP: | 384:vrBeaW6xu5Pd9GW0Zq+/HXF1qcGNMUd8phxiFQHOV7hpvZlq:t9+Pdop/306xixrlq |
| MD5: | 39C9A5F767D8C170B5CE38EA8D5734D4 |
| SHA1: | 4B4CA81EB3D093645B504004F62A269D4EACDECC |
| SHA-256: | 87A7017021050071DBE5726BF9AC505763CD923E2BDE93336CA0905802CD8D49 |
| SHA-512: | AE2D66B801251046FA4D3093391B916955B43BE75A954DD398583B1B8881A9F109F51F81D6E4FE759F83AC7B921FA89B02185013AFDE16D3C8EAB422BE89B4FF |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\forskansningens.txt
Download File
| Process: | C:\Users\user\Desktop\ppISxhDcpF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 345 |
| Entropy (8bit): | 4.241929841155785 |
| Encrypted: | false |
| SSDEEP: | 6:dvkdMOL4xnuXGNQWjMIDw1luhPB46xAJX7sBJOdkmLA8gMfArpIXbgOwQWiQJEEC:dufExIoDe1lYnGJLsBQdtL6rpIrWQkJA |
| MD5: | AE69FE0F4D1E1115BC470031E661785C |
| SHA1: | 8D3799826FE457C61C1E8EE5E3071683A8125BC5 |
| SHA-256: | 6B18768503395C809263568D3A8858810404C2B7D49DC7CB6CE5F717F5D6C7DE |
| SHA-512: | 969C0DB048EAC4A9B447A0C0C463A7983F1B4091B6206E274B9D249F8311439B6C33F5AA1EDF9CD1AA27502DA49378D3E1B45F16909C55DF830E51684E9648BE |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\fyldebtten.soi
Download File
| Process: | C:\Users\user\Desktop\ppISxhDcpF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 210366 |
| Entropy (8bit): | 1.240975322465592 |
| Encrypted: | false |
| SSDEEP: | 768:vBTwJOLxCIF0V6iLboHog6BQlsMqlN1R0pmGy30wbfq6+9GmlsNh34k0uJ/QohER:cJigyyDJnLH7zA |
| MD5: | AEF78D8D561E8802286A78AAC6C73ED6 |
| SHA1: | DDF5DA649482D0A553802827BB9F0EF64A7069E1 |
| SHA-256: | 45F24543C01C9A11CC2246A9B27569AF433EEF61C877A4E191B683315D3566BE |
| SHA-512: | 93D43C0CECADF8E1F507F8E58D2B4D92995D8F7ECF213A23559938B380033A6D0D80B0816A8D6603864F821F4FEDC988E0F79BE14C6892089178970E08DC4199 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\nonactor\wildwestfilm.sto
Download File
| Process: | C:\Users\user\Desktop\ppISxhDcpF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 363811 |
| Entropy (8bit): | 1.2512349423386382 |
| Encrypted: | false |
| SSDEEP: | 768:y2f405GRYtnSLOBbyCociR2TVuEpHsVURGxwGmXjyMB+CtKDOgt9rlHF1QOs+9m5:pIuagbnK7CwVwFpYogwhUsvCq |
| MD5: | BFEA15C03AB295424981A73637A19491 |
| SHA1: | A5ADABDDC373D6B3004F96946D84B651E42D9F5C |
| SHA-256: | 83E9CE74259889DCABD39D41131F286882B224698DCDEB8D0B4074069AAA687B |
| SHA-512: | CB5969BFFAED8AF1791938E924E0CC9F876E45165F4E7EA5E9249131FACA831C0600F14BD68EF041D18C81A3FBE087970043D1B3B8A6786C1E5E5049834D4D0D |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\ppISxhDcpF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11776 |
| Entropy (8bit): | 5.655335921632966 |
| Encrypted: | false |
| SSDEEP: | 192:eF24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol9Sl:h8QIl975eXqlWBrz7YLOl9 |
| MD5: | EE260C45E97B62A5E42F17460D406068 |
| SHA1: | DF35F6300A03C4D3D3BD69752574426296B78695 |
| SHA-256: | E94A1F7BCD7E0D532B660D0AF468EB3321536C3EFDCA265E61F9EC174B1AEF27 |
| SHA-512: | A98F350D17C9057F33E5847462A87D59CBF2AAEDA7F6299B0D49BB455E484CE4660C12D2EB8C4A0D21DF523E729222BBD6C820BF25B081BC7478152515B414B3 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\ppISxhDcpF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1180 |
| Entropy (8bit): | 3.2745851786245974 |
| Encrypted: | false |
| SSDEEP: | 12:8wl0+sXU0v/tz0/CSL6/cBnwgXl341DEDeG41DEDWaBQ1olfW+kjcmAa/BCNfBfZ:8F7WLrFPjPKzizZM/gjqy |
| MD5: | D6B70B357B892FB3D3B9B0112691FE0B |
| SHA1: | F20667704C77D947AA23BA7E8596D74B9E18F6ED |
| SHA-256: | 75324C5518652D59C05F7BAE3EE65B92776BAB0E06562AFE1D871AA9E070DDA8 |
| SHA-512: | A80B870F8330406C9E5AE4A9D60523E5FB3E8F46EDA574D06925BE00DA66872CB3BE3C9CD39E596037EED1777D12FE68D23007F9AEC78B93856E796FBF32EB33 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.952472368369393 |
| TrID: |
|
| File name: | ppISxhDcpF.exe |
| File size: | 408'037 bytes |
| MD5: | e64faf30918d71691dfde574dd5a6fcb |
| SHA1: | 1d2f1edd94620404e15df9369049c3ef1b6c2761 |
| SHA256: | 8dbe0f8d14496475bd0c298df8763deab33ec4a0a55880fb0b823586f65bc10a |
| SHA512: | 6e2347d3dc4ff87241198db45d5f57d5aa940458de1fb2c0769feb75c595425490ac0d1f680d11b29e12583f10d2de6965dbbeca9b5ebd03471bd107b3d154fe |
| SSDEEP: | 12288:I5AU4kSPRNlGwSl/8LDaBlrgu7Jj1JK8s5FEeKK:ZV2y6HEu7Jj1Jicez |
| TLSH: | 6B9423026660D393F67217361C336F695ABBB224A6706F4B13581E5F3C23BD08E1B96D |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P..*_...P...P..NP..*_...P...s...P...V...P..Rich.P..........................PE..L......V.................d......... |
 | |
| Icon Hash: | 3d2e0f95332b3399 |
| Entrypoint: | 0x4032a0 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x567F847F [Sun Dec 27 06:26:07 2015 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | d4b94e8ee3f620a89d114b9da4b31873 |
| Instruction |
|---|
| sub esp, 000002D4h |
| push ebp |
| push esi |
| push 00000020h |
| xor ebp, ebp |
| pop esi |
| mov dword ptr [esp+0Ch], ebp |
| push 00008001h |
| mov dword ptr [esp+0Ch], 0040A300h |
| mov dword ptr [esp+18h], ebp |
| call dword ptr [004080B0h] |
| call dword ptr [004080ACh] |
| cmp ax, 00000006h |
| je 00007FB9FC7E71F3h |
| push ebp |
| call 00007FB9FC7EA336h |
| cmp eax, ebp |
| je 00007FB9FC7E71E9h |
| push 00000C00h |
| call eax |
| push ebx |
| push edi |
| push 0040A2F4h |
| call 00007FB9FC7EA2B3h |
| push 0040A2ECh |
| call 00007FB9FC7EA2A9h |
| push 0040A2E0h |
| call 00007FB9FC7EA29Fh |
| push 00000009h |
| call 00007FB9FC7EA304h |
| push 00000007h |
| call 00007FB9FC7EA2FDh |
| mov dword ptr [00434F04h], eax |
| call dword ptr [00408044h] |
| push ebp |
| call dword ptr [004082A8h] |
| mov dword ptr [00434FB8h], eax |
| push ebp |
| lea eax, dword ptr [esp+34h] |
| push 000002B4h |
| push eax |
| push ebp |
| push 0042B228h |
| call dword ptr [0040818Ch] |
| push 0040A2C8h |
| push 00433F00h |
| call 00007FB9FC7E9EEAh |
| call dword ptr [004080A8h] |
| mov ebx, 0043F000h |
| push eax |
| push ebx |
| call 00007FB9FC7E9ED8h |
| push ebp |
| call dword ptr [00408178h] |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x85c8 | 0xa0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5d000 | 0x11e0 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b8 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x637c | 0x6400 | 83ff228d6dae8dd738eb2f78afbc793f | False | 0.672421875 | data | 6.491609540807675 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8000 | 0x147c | 0x1600 | d9f9b0b330e238260616b62a7a3cac09 | False | 0.42933238636363635 | data | 4.973928345594701 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xa000 | 0x2aff8 | 0x600 | 3f2b05c8fbb8b2e4c9c89e93d30e7252 | False | 0.53125 | data | 4.133631086111171 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x35000 | 0x28000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x5d000 | 0x11e0 | 0x1200 | 20639f4e7c421f5379e2fb9ea4a1530d | False | 0.3684895833333333 | data | 4.485045860065118 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_BITMAP | 0x5d268 | 0x368 | Device independent bitmap graphic, 96 x 16 x 4, image size 768 | English | United States | 0.23623853211009174 |
| RT_ICON | 0x5d5d0 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | English | United States | 0.42473118279569894 |
| RT_DIALOG | 0x5d8b8 | 0x144 | data | English | United States | 0.5216049382716049 |
| RT_DIALOG | 0x5da00 | 0x13c | data | English | United States | 0.5506329113924051 |
| RT_DIALOG | 0x5db40 | 0x100 | data | English | United States | 0.5234375 |
| RT_DIALOG | 0x5dc40 | 0x11c | data | English | United States | 0.6056338028169014 |
| RT_DIALOG | 0x5dd60 | 0xc4 | data | English | United States | 0.5918367346938775 |
| RT_DIALOG | 0x5de28 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0x5de88 | 0x14 | data | English | United States | 1.2 |
| RT_MANIFEST | 0x5dea0 | 0x33f | XML 1.0 document, ASCII text, with very long lines (831), with no line terminators | English | United States | 0.5547533092659447 |
| DLL | Import |
|---|---|
| KERNEL32.dll | SetCurrentDirectoryW, GetFileAttributesW, GetFullPathNameW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, MoveFileW, SetFileAttributesW, GetCurrentProcess, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, CopyFileW, CompareFileTime, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, lstrcpyW, MoveFileExW, lstrcatW, GetSystemDirectoryW, LoadLibraryW, GetProcAddress, GetModuleHandleA, ExpandEnvironmentStringsW, GetShortPathNameW, SearchPathW, lstrcmpiW, SetFileTime, CloseHandle, GlobalFree, lstrcmpW, GlobalAlloc, WaitForSingleObject, GlobalUnlock, GetDiskFreeSpaceW, GetExitCodeProcess, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, lstrlenA, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW |
| USER32.dll | GetSystemMenu, SetClassLongW, IsWindowEnabled, EnableMenuItem, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, wsprintfW, ScreenToClient, GetWindowRect, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, GetDC, SetWindowTextW, PostQuitMessage, ShowWindow, GetDlgItem, IsWindow, LoadImageW, SetWindowLongW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, SetTimer, FindWindowExW, SendMessageTimeoutW, SetForegroundWindow |
| GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
| SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW |
| ADVAPI32.dll | RegDeleteKeyW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW, RegEnumValueW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
| COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
| ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T20:10:03.127284+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.8 | 49710 | 172.217.23.110 | 443 | TCP |
| 2025-01-10T20:10:16.856578+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.8 | 49712 | 132.226.8.169 | 80 | TCP |
| 2025-01-10T20:10:24.778471+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.8 | 49712 | 132.226.8.169 | 80 | TCP |
| 2025-01-10T20:10:25.435623+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49775 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:25.952826+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49775 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:27.028453+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.8 | 49784 | 132.226.8.169 | 80 | TCP |
| 2025-01-10T20:10:27.603149+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49789 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:27.872981+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49789 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:29.349109+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49801 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:29.585453+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49801 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:31.086496+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49815 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:31.367472+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49815 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:32.825927+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49830 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:33.195949+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49830 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:34.821711+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49842 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:35.280818+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49842 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:37.780527+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49863 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:38.087273+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49863 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:39.593758+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49873 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:39.918825+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49873 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:42.401129+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49893 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:42.687233+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49893 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:44.222787+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49906 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:44.442650+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49906 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:51.846532+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49956 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:52.335658+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49956 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:54.932118+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49978 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:55.403341+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49978 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:58.032597+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 50000 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:10:58.416665+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 50000 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:11:00.155427+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 50006 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T20:11:00.510043+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 50006 | 149.154.167.220 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 10, 2025 20:10:02.068053961 CET | 49710 | 443 | 192.168.2.8 | 172.217.23.110 |
| Jan 10, 2025 20:10:02.068077087 CET | 443 | 49710 | 172.217.23.110 | 192.168.2.8 |
| Jan 10, 2025 20:10:02.068243980 CET | 49710 | 443 | 192.168.2.8 | 172.217.23.110 |
| Jan 10, 2025 20:10:02.081840992 CET | 49710 | 443 | 192.168.2.8 | 172.217.23.110 |
| Jan 10, 2025 20:10:02.081857920 CET | 443 | 49710 | 172.217.23.110 | 192.168.2.8 |
| Jan 10, 2025 20:10:02.746968031 CET | 443 | 49710 | 172.217.23.110 | 192.168.2.8 |
| Jan 10, 2025 20:10:02.747072935 CET | 49710 | 443 | 192.168.2.8 | 172.217.23.110 |
| Jan 10, 2025 20:10:02.748214006 CET | 443 | 49710 | 172.217.23.110 | 192.168.2.8 |
| Jan 10, 2025 20:10:02.748266935 CET | 49710 | 443 | 192.168.2.8 | 172.217.23.110 |
| Jan 10, 2025 20:10:02.814985991 CET | 49710 | 443 | 192.168.2.8 | 172.217.23.110 |
| Jan 10, 2025 20:10:02.815010071 CET | 443 | 49710 | 172.217.23.110 | 192.168.2.8 |
| Jan 10, 2025 20:10:02.815407991 CET | 443 | 49710 | 172.217.23.110 | 192.168.2.8 |
| Jan 10, 2025 20:10:02.815566063 CET | 49710 | 443 | 192.168.2.8 | 172.217.23.110 |
| Jan 10, 2025 20:10:02.819659948 CET | 49710 | 443 | 192.168.2.8 | 172.217.23.110 |
| Jan 10, 2025 20:10:02.863341093 CET | 443 | 49710 | 172.217.23.110 | 192.168.2.8 |
| Jan 10, 2025 20:10:03.127283096 CET | 443 | 49710 | 172.217.23.110 | 192.168.2.8 |
| Jan 10, 2025 20:10:03.128015041 CET | 49710 | 443 | 192.168.2.8 | 172.217.23.110 |
| Jan 10, 2025 20:10:03.128040075 CET | 443 | 49710 | 172.217.23.110 | 192.168.2.8 |
| Jan 10, 2025 20:10:03.128089905 CET | 49710 | 443 | 192.168.2.8 | 172.217.23.110 |
| Jan 10, 2025 20:10:03.128581047 CET | 443 | 49710 | 172.217.23.110 | 192.168.2.8 |
| Jan 10, 2025 20:10:03.128624916 CET | 443 | 49710 | 172.217.23.110 | 192.168.2.8 |
| Jan 10, 2025 20:10:03.128654957 CET | 49710 | 443 | 192.168.2.8 | 172.217.23.110 |
| Jan 10, 2025 20:10:03.128673077 CET | 49710 | 443 | 192.168.2.8 | 172.217.23.110 |
| Jan 10, 2025 20:10:03.362884998 CET | 49710 | 443 | 192.168.2.8 | 172.217.23.110 |
| Jan 10, 2025 20:10:03.362906933 CET | 443 | 49710 | 172.217.23.110 | 192.168.2.8 |
| Jan 10, 2025 20:10:03.479206085 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:03.479253054 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:03.479367018 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:03.479631901 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:03.479640007 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:04.350295067 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:04.350429058 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:04.360094070 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:04.360110998 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:04.360611916 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:04.360738993 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:04.364423990 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:04.407341003 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.381390095 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.381618977 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.383585930 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.383810997 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.389138937 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.389334917 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.389343977 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.389403105 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.391097069 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.391334057 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.485079050 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.485282898 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.485373020 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.485399961 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.485399961 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.485414982 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.485428095 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.485512972 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.485519886 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.485835075 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.490200996 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.490324974 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.490334034 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.490426064 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.494482994 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.494560957 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.494568110 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.494626045 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.496092081 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.496171951 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.496220112 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.496372938 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.498053074 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.498158932 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.498166084 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.498259068 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.504312038 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.504492044 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.504499912 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.504606009 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.510902882 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.510984898 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.511002064 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.511054993 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.517267942 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.517369986 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.517421961 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.517577887 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.524003983 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.524092913 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.524123907 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.524189949 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.530339003 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.530410051 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.530417919 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.530467987 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.537069082 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.537164927 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.537206888 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.537261009 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.543894053 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.544352055 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.575489998 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.575637102 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.575644970 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.575690985 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.575699091 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.575737953 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.575745106 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.575805902 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.575824976 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.576028109 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.577023983 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.577107906 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.577115059 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.577164888 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.583683968 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.583827019 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.583837986 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.583925009 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.583931923 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.584011078 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.590029001 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.590114117 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.590203047 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.590326071 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.596306086 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.596415997 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.596431971 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.596533060 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.602874994 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.603038073 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.603045940 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.603143930 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.609577894 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.609700918 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.609709024 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.609802008 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.615922928 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.616008997 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.616027117 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.616074085 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.623084068 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.623173952 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.623254061 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.623337984 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.628303051 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.628359079 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.628371000 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.628423929 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.634377003 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.634438038 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.634447098 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.634531021 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.639687061 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.639784098 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.639791965 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.639924049 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.646691084 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.646766901 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.646779060 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.646810055 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.651304007 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.651381016 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.651388884 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.651437998 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.661539078 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.661601067 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.661623955 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.661631107 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.661642075 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.661690950 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.661746979 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.661807060 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.661886930 CET | 443 | 49711 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 20:10:07.661911964 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:07.661930084 CET | 49711 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 20:10:08.436422110 CET | 49712 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:08.441303015 CET | 80 | 49712 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:08.441468954 CET | 49712 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:08.441741943 CET | 49712 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:08.446553946 CET | 80 | 49712 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:15.467886925 CET | 80 | 49712 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:15.473562956 CET | 49712 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:15.478375912 CET | 80 | 49712 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:16.811794996 CET | 80 | 49712 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:16.856578112 CET | 49712 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:17.168979883 CET | 49747 | 443 | 192.168.2.8 | 104.21.96.1 |
| Jan 10, 2025 20:10:17.169018984 CET | 443 | 49747 | 104.21.96.1 | 192.168.2.8 |
| Jan 10, 2025 20:10:17.169118881 CET | 49747 | 443 | 192.168.2.8 | 104.21.96.1 |
| Jan 10, 2025 20:10:17.172512054 CET | 49747 | 443 | 192.168.2.8 | 104.21.96.1 |
| Jan 10, 2025 20:10:17.172533989 CET | 443 | 49747 | 104.21.96.1 | 192.168.2.8 |
| Jan 10, 2025 20:10:17.670507908 CET | 443 | 49747 | 104.21.96.1 | 192.168.2.8 |
| Jan 10, 2025 20:10:17.670586109 CET | 49747 | 443 | 192.168.2.8 | 104.21.96.1 |
| Jan 10, 2025 20:10:17.674273968 CET | 49747 | 443 | 192.168.2.8 | 104.21.96.1 |
| Jan 10, 2025 20:10:17.674288034 CET | 443 | 49747 | 104.21.96.1 | 192.168.2.8 |
| Jan 10, 2025 20:10:17.674653053 CET | 443 | 49747 | 104.21.96.1 | 192.168.2.8 |
| Jan 10, 2025 20:10:17.678981066 CET | 49747 | 443 | 192.168.2.8 | 104.21.96.1 |
| Jan 10, 2025 20:10:17.719330072 CET | 443 | 49747 | 104.21.96.1 | 192.168.2.8 |
| Jan 10, 2025 20:10:17.811728954 CET | 443 | 49747 | 104.21.96.1 | 192.168.2.8 |
| Jan 10, 2025 20:10:17.811887026 CET | 443 | 49747 | 104.21.96.1 | 192.168.2.8 |
| Jan 10, 2025 20:10:17.811954021 CET | 49747 | 443 | 192.168.2.8 | 104.21.96.1 |
| Jan 10, 2025 20:10:17.818126917 CET | 49747 | 443 | 192.168.2.8 | 104.21.96.1 |
| Jan 10, 2025 20:10:23.277862072 CET | 49712 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:23.282666922 CET | 80 | 49712 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:24.731668949 CET | 80 | 49712 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:24.744261026 CET | 49775 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:24.744312048 CET | 443 | 49775 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:24.744448900 CET | 49775 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:24.745083094 CET | 49775 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:24.745112896 CET | 443 | 49775 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:24.778470993 CET | 49712 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:25.389677048 CET | 443 | 49775 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:25.389789104 CET | 49775 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:25.391685009 CET | 49775 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:25.391700029 CET | 443 | 49775 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:25.392061949 CET | 443 | 49775 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:25.393709898 CET | 49775 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:25.435333014 CET | 443 | 49775 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:25.435476065 CET | 49775 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:25.435497999 CET | 443 | 49775 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:25.952838898 CET | 443 | 49775 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:25.953865051 CET | 443 | 49775 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:25.953944921 CET | 49775 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:25.954322100 CET | 49775 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:26.121433020 CET | 49712 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:26.122807026 CET | 49784 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:26.126503944 CET | 80 | 49712 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:26.126811981 CET | 49712 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:26.127635956 CET | 80 | 49784 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:26.127715111 CET | 49784 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:26.127875090 CET | 49784 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:26.132590055 CET | 80 | 49784 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:26.973731041 CET | 80 | 49784 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:26.975493908 CET | 49789 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:26.975522041 CET | 443 | 49789 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:26.975840092 CET | 49789 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:26.976229906 CET | 49789 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:26.976252079 CET | 443 | 49789 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:27.028453112 CET | 49784 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:27.599653959 CET | 443 | 49789 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:27.602999926 CET | 49789 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:27.603012085 CET | 443 | 49789 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:27.603065968 CET | 49789 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:27.603072882 CET | 443 | 49789 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:27.873028994 CET | 443 | 49789 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:27.873143911 CET | 443 | 49789 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:27.873205900 CET | 49789 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:27.873598099 CET | 49789 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:27.878254890 CET | 49795 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:27.883023024 CET | 80 | 49795 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:27.883147001 CET | 49795 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:27.883239031 CET | 49795 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:27.888006926 CET | 80 | 49795 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:28.721793890 CET | 80 | 49795 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:28.723330021 CET | 49801 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:28.723356009 CET | 443 | 49801 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:28.723469019 CET | 49801 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:28.723929882 CET | 49801 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:28.723943949 CET | 443 | 49801 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:28.762835026 CET | 49795 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:29.342309952 CET | 443 | 49801 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:29.348925114 CET | 49801 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:29.348949909 CET | 443 | 49801 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:29.349050045 CET | 49801 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:29.349056005 CET | 443 | 49801 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:29.585510969 CET | 443 | 49801 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:29.585596085 CET | 443 | 49801 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:29.585653067 CET | 49801 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:29.586146116 CET | 49801 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:29.589509010 CET | 49795 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:29.590518951 CET | 49807 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:29.594521999 CET | 80 | 49795 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:29.594707966 CET | 49795 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:29.595454931 CET | 80 | 49807 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:29.595542908 CET | 49807 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:29.595670938 CET | 49807 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:29.600712061 CET | 80 | 49807 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:30.451816082 CET | 80 | 49807 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:30.453001976 CET | 49815 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:30.453036070 CET | 443 | 49815 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:30.453151941 CET | 49815 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:30.453372002 CET | 49815 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:30.453396082 CET | 443 | 49815 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:30.497242928 CET | 49807 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:31.084652901 CET | 443 | 49815 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:31.086347103 CET | 49815 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:31.086368084 CET | 443 | 49815 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:31.086420059 CET | 49815 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:31.086431026 CET | 443 | 49815 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:31.367506981 CET | 443 | 49815 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:31.367578983 CET | 443 | 49815 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:31.367705107 CET | 49815 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:31.368185043 CET | 49815 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:31.371581078 CET | 49807 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:31.372925997 CET | 49822 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:31.376590014 CET | 80 | 49807 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:31.376683950 CET | 49807 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:31.377759933 CET | 80 | 49822 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:31.377861977 CET | 49822 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:31.378396034 CET | 49822 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:31.383136034 CET | 80 | 49822 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:32.206562996 CET | 80 | 49822 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:32.209081888 CET | 49830 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:32.209132910 CET | 443 | 49830 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:32.209286928 CET | 49830 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:32.209621906 CET | 49830 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:32.209640980 CET | 443 | 49830 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:32.262866974 CET | 49822 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:32.823715925 CET | 443 | 49830 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:32.825794935 CET | 49830 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:32.825803995 CET | 443 | 49830 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:32.825891972 CET | 49830 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:32.825896978 CET | 443 | 49830 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:33.195987940 CET | 443 | 49830 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:33.196073055 CET | 443 | 49830 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:33.196140051 CET | 49830 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:33.271519899 CET | 49830 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:33.285835028 CET | 49822 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:33.286832094 CET | 49836 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:33.290844917 CET | 80 | 49822 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:33.291079998 CET | 49822 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:33.291728020 CET | 80 | 49836 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:33.291934013 CET | 49836 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:33.291934013 CET | 49836 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:33.296879053 CET | 80 | 49836 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:34.176112890 CET | 80 | 49836 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:34.177448034 CET | 49842 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:34.177486897 CET | 443 | 49842 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:34.177546978 CET | 49842 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:34.177939892 CET | 49842 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:34.177949905 CET | 443 | 49842 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:34.231601000 CET | 49836 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:34.819117069 CET | 443 | 49842 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:34.821281910 CET | 49842 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:34.821300030 CET | 443 | 49842 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:34.821626902 CET | 49842 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:34.821635008 CET | 443 | 49842 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:35.280838966 CET | 443 | 49842 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:35.280926943 CET | 443 | 49842 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:35.281065941 CET | 49842 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:35.281761885 CET | 49842 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:35.285209894 CET | 49836 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:35.290234089 CET | 80 | 49836 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:35.291738987 CET | 49836 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:35.291980028 CET | 49853 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:35.296857119 CET | 80 | 49853 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:35.297465086 CET | 49853 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:35.297606945 CET | 49853 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:35.302392960 CET | 80 | 49853 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:37.120876074 CET | 80 | 49853 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:37.122415066 CET | 49863 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:37.122468948 CET | 443 | 49863 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:37.122621059 CET | 49863 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:37.122936964 CET | 49863 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:37.122948885 CET | 443 | 49863 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:37.169269085 CET | 49853 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:37.778386116 CET | 443 | 49863 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:37.780277014 CET | 49863 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:37.780293941 CET | 443 | 49863 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:37.780450106 CET | 49863 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:37.780457020 CET | 443 | 49863 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:38.087276936 CET | 443 | 49863 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:38.087367058 CET | 443 | 49863 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:38.087485075 CET | 49863 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:38.088026047 CET | 49863 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:38.091250896 CET | 49853 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:38.092231989 CET | 49868 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:38.096241951 CET | 80 | 49853 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:38.096304893 CET | 49853 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:38.097031116 CET | 80 | 49868 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:38.097100019 CET | 49868 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:38.097207069 CET | 49868 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:38.101916075 CET | 80 | 49868 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:38.951761961 CET | 80 | 49868 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:38.953154087 CET | 49873 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:38.953190088 CET | 443 | 49873 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:38.953280926 CET | 49873 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:38.953644991 CET | 49873 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:38.953654051 CET | 443 | 49873 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:38.997246981 CET | 49868 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:39.591800928 CET | 443 | 49873 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:39.593600988 CET | 49873 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:39.593614101 CET | 443 | 49873 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:39.593671083 CET | 49873 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:39.593678951 CET | 443 | 49873 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:39.918872118 CET | 443 | 49873 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:39.918934107 CET | 443 | 49873 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:39.919033051 CET | 49873 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:39.920973063 CET | 49873 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:39.924530029 CET | 49868 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:39.925581932 CET | 49880 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:39.929466963 CET | 80 | 49868 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:39.929512978 CET | 49868 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:39.930382967 CET | 80 | 49880 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:39.930687904 CET | 49880 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:39.930825949 CET | 49880 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:39.935595989 CET | 80 | 49880 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:41.786953926 CET | 80 | 49880 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:41.790889025 CET | 49893 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:41.790941000 CET | 443 | 49893 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:41.791027069 CET | 49893 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:41.791301012 CET | 49893 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:41.791321993 CET | 443 | 49893 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:41.841020107 CET | 49880 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:42.399158955 CET | 443 | 49893 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:42.400973082 CET | 49893 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:42.400993109 CET | 443 | 49893 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:42.401052952 CET | 49893 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:42.401067019 CET | 443 | 49893 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:42.687439919 CET | 443 | 49893 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:42.687593937 CET | 443 | 49893 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:42.687709093 CET | 49893 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:42.688222885 CET | 49893 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:42.691878080 CET | 49880 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:42.692106009 CET | 49900 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:42.696903944 CET | 80 | 49880 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:42.697063923 CET | 80 | 49900 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:42.697155952 CET | 49880 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:42.697181940 CET | 49900 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:42.697278976 CET | 49900 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:42.702121973 CET | 80 | 49900 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:43.579401016 CET | 80 | 49900 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:43.580868006 CET | 49906 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:43.580897093 CET | 443 | 49906 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:43.580970049 CET | 49906 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:43.581273079 CET | 49906 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:43.581285954 CET | 443 | 49906 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:43.622351885 CET | 49900 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:44.220510960 CET | 443 | 49906 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:44.222399950 CET | 49906 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:44.222415924 CET | 443 | 49906 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:44.222472906 CET | 49906 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:44.222493887 CET | 443 | 49906 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:44.442672014 CET | 443 | 49906 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:44.442871094 CET | 443 | 49906 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:44.442951918 CET | 49906 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:44.443243980 CET | 49906 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:44.446712971 CET | 49900 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:44.447504997 CET | 49912 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:44.451787949 CET | 80 | 49900 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:44.452176094 CET | 49900 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:44.452347994 CET | 80 | 49912 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:44.452615023 CET | 49912 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:44.452672958 CET | 49912 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:44.457468033 CET | 80 | 49912 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:48.349817038 CET | 80 | 49912 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:48.362682104 CET | 49938 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:48.367621899 CET | 80 | 49938 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:48.367727995 CET | 49938 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:48.367818117 CET | 49938 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:48.372816086 CET | 80 | 49938 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:48.403565884 CET | 49912 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:51.216351986 CET | 80 | 49938 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:51.216979027 CET | 49912 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:51.217618942 CET | 49956 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:51.217659950 CET | 443 | 49956 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:51.217736959 CET | 49956 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:51.218308926 CET | 49956 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:51.218322039 CET | 443 | 49956 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:51.223210096 CET | 80 | 49912 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:51.223299026 CET | 49912 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:51.263012886 CET | 49938 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:51.844357014 CET | 443 | 49956 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:51.846219063 CET | 49956 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:51.846237898 CET | 443 | 49956 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:51.846483946 CET | 49956 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:51.846489906 CET | 443 | 49956 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:52.335654974 CET | 443 | 49956 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:52.335747957 CET | 443 | 49956 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:52.335834026 CET | 49956 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:52.336338043 CET | 49956 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:52.339668989 CET | 49938 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:52.340902090 CET | 49963 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:52.344711065 CET | 80 | 49938 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:52.344885111 CET | 49938 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:52.345763922 CET | 80 | 49963 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:52.345829010 CET | 49963 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:52.345976114 CET | 49963 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:52.350846052 CET | 80 | 49963 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:54.302759886 CET | 80 | 49963 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:54.304452896 CET | 49978 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:54.304487944 CET | 443 | 49978 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:54.304577112 CET | 49978 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:54.304868937 CET | 49978 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:54.304883003 CET | 443 | 49978 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:54.356754065 CET | 49963 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:54.930381060 CET | 443 | 49978 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:54.931937933 CET | 49978 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:54.931973934 CET | 443 | 49978 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:54.932034016 CET | 49978 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:54.932049036 CET | 443 | 49978 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:55.403397083 CET | 443 | 49978 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:55.403486013 CET | 443 | 49978 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:55.403609991 CET | 49978 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:55.404192924 CET | 49978 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:55.407728910 CET | 49963 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:55.408931971 CET | 49986 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:55.413933039 CET | 80 | 49963 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:55.413950920 CET | 80 | 49986 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:55.414010048 CET | 49963 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:55.414043903 CET | 49986 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:55.414172888 CET | 49986 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:55.418890953 CET | 80 | 49986 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:57.265990019 CET | 80 | 49986 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:57.272813082 CET | 50000 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:57.272871017 CET | 443 | 50000 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:57.273052931 CET | 50000 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:57.273598909 CET | 50000 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:57.273627043 CET | 443 | 50000 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:57.309880018 CET | 49986 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:57.954406977 CET | 443 | 50000 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:57.997415066 CET | 50000 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:58.032275915 CET | 50000 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:58.032300949 CET | 443 | 50000 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:58.032507896 CET | 50000 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:58.032516956 CET | 443 | 50000 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:58.416729927 CET | 443 | 50000 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:58.416821957 CET | 443 | 50000 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:58.416882038 CET | 50000 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:58.417366982 CET | 50000 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:58.421036005 CET | 49986 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:58.422161102 CET | 50005 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:58.426095009 CET | 80 | 49986 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:58.426152945 CET | 49986 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:58.427059889 CET | 80 | 50005 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:58.427124023 CET | 50005 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:58.427280903 CET | 50005 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:10:58.432113886 CET | 80 | 50005 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:59.518470049 CET | 80 | 50005 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:10:59.520168066 CET | 50006 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:59.520211935 CET | 443 | 50006 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:59.520287037 CET | 50006 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:59.520675898 CET | 50006 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:10:59.520689011 CET | 443 | 50006 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:10:59.560065985 CET | 50005 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:11:00.151015043 CET | 443 | 50006 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:11:00.154905081 CET | 50006 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:11:00.154923916 CET | 443 | 50006 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:11:00.154983044 CET | 50006 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:11:00.154990911 CET | 443 | 50006 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:11:00.510075092 CET | 443 | 50006 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:11:00.510164022 CET | 443 | 50006 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 20:11:00.510298014 CET | 50006 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:11:00.523283958 CET | 50006 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 20:11:00.655781984 CET | 50005 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:11:00.656738997 CET | 50007 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:11:00.660893917 CET | 80 | 50005 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:11:00.660978079 CET | 50005 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:11:00.661516905 CET | 80 | 50007 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:11:00.661609888 CET | 50007 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:11:00.661761045 CET | 50007 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:11:00.666636944 CET | 80 | 50007 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:11:03.670681000 CET | 80 | 50007 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:11:03.716152906 CET | 50007 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:11:06.070677996 CET | 50008 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:11:06.075577021 CET | 80 | 50008 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:11:06.075689077 CET | 50008 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:11:06.075757980 CET | 50008 | 80 | 192.168.2.8 | 132.226.8.169 |
| Jan 10, 2025 20:11:06.080523968 CET | 80 | 50008 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:11:06.892231941 CET | 80 | 50008 | 132.226.8.169 | 192.168.2.8 |
| Jan 10, 2025 20:11:06.934931993 CET | 50008 | 80 | 192.168.2.8 | 132.226.8.169 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 10, 2025 20:10:02.042330980 CET | 49344 | 53 | 192.168.2.8 | 1.1.1.1 |
| Jan 10, 2025 20:10:02.050014973 CET | 53 | 49344 | 1.1.1.1 | 192.168.2.8 |
| Jan 10, 2025 20:10:03.468735933 CET | 58599 | 53 | 192.168.2.8 | 1.1.1.1 |
| Jan 10, 2025 20:10:03.476792097 CET | 53 | 58599 | 1.1.1.1 | 192.168.2.8 |
| Jan 10, 2025 20:10:08.423079967 CET | 60512 | 53 | 192.168.2.8 | 1.1.1.1 |
| Jan 10, 2025 20:10:08.429940939 CET | 53 | 60512 | 1.1.1.1 | 192.168.2.8 |
| Jan 10, 2025 20:10:17.159981966 CET | 58298 | 53 | 192.168.2.8 | 1.1.1.1 |
| Jan 10, 2025 20:10:17.168103933 CET | 53 | 58298 | 1.1.1.1 | 192.168.2.8 |
| Jan 10, 2025 20:10:24.736377001 CET | 52350 | 53 | 192.168.2.8 | 1.1.1.1 |
| Jan 10, 2025 20:10:24.743501902 CET | 53 | 52350 | 1.1.1.1 | 192.168.2.8 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Jan 10, 2025 20:10:02.042330980 CET | 192.168.2.8 | 1.1.1.1 | 0x1526 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 20:10:03.468735933 CET | 192.168.2.8 | 1.1.1.1 | 0x188d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 20:10:08.423079967 CET | 192.168.2.8 | 1.1.1.1 | 0xce26 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 20:10:17.159981966 CET | 192.168.2.8 | 1.1.1.1 | 0xa9e1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 20:10:24.736377001 CET | 192.168.2.8 | 1.1.1.1 | 0x1b09 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Jan 10, 2025 20:10:02.050014973 CET | 1.1.1.1 | 192.168.2.8 | 0x1526 | No error (0) | 172.217.23.110 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 20:10:03.476792097 CET | 1.1.1.1 | 192.168.2.8 | 0x188d | No error (0) | 142.250.181.225 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 20:10:08.429940939 CET | 1.1.1.1 | 192.168.2.8 | 0xce26 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Jan 10, 2025 20:10:08.429940939 CET | 1.1.1.1 | 192.168.2.8 | 0xce26 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 20:10:08.429940939 CET | 1.1.1.1 | 192.168.2.8 | 0xce26 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 20:10:08.429940939 CET | 1.1.1.1 | 192.168.2.8 | 0xce26 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 20:10:08.429940939 CET | 1.1.1.1 | 192.168.2.8 | 0xce26 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 20:10:08.429940939 CET | 1.1.1.1 | 192.168.2.8 | 0xce26 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 20:10:17.168103933 CET | 1.1.1.1 | 192.168.2.8 | 0xa9e1 | No error (0) | 104.21.96.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 20:10:17.168103933 CET | 1.1.1.1 | 192.168.2.8 | 0xa9e1 | No error (0) | 104.21.64.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 20:10:17.168103933 CET | 1.1.1.1 | 192.168.2.8 | 0xa9e1 | No error (0) | 104.21.80.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 20:10:17.168103933 CET | 1.1.1.1 | 192.168.2.8 | 0xa9e1 | No error (0) | 104.21.16.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 20:10:17.168103933 CET | 1.1.1.1 | 192.168.2.8 | 0xa9e1 | No error (0) | 104.21.48.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 20:10:17.168103933 CET | 1.1.1.1 | 192.168.2.8 | 0xa9e1 | No error (0) | 104.21.32.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 20:10:17.168103933 CET | 1.1.1.1 | 192.168.2.8 | 0xa9e1 | No error (0) | 104.21.112.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 20:10:24.743501902 CET | 1.1.1.1 | 192.168.2.8 | 0x1b09 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.8 | 49712 | 132.226.8.169 | 80 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 20:10:08.441741943 CET | 151 | OUT | |
| Jan 10, 2025 20:10:15.467886925 CET | 273 | IN | |
| Jan 10, 2025 20:10:15.473562956 CET | 127 | OUT | |
| Jan 10, 2025 20:10:16.811794996 CET | 273 | IN | |
| Jan 10, 2025 20:10:23.277862072 CET | 127 | OUT | |
| Jan 10, 2025 20:10:24.731668949 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.8 | 49784 | 132.226.8.169 | 80 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 20:10:26.127875090 CET | 127 | OUT | |
| Jan 10, 2025 20:10:26.973731041 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.8 | 49795 | 132.226.8.169 | 80 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 20:10:27.883239031 CET | 151 | OUT | |
| Jan 10, 2025 20:10:28.721793890 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.8 | 49807 | 132.226.8.169 | 80 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 20:10:29.595670938 CET | 151 | OUT | |
| Jan 10, 2025 20:10:30.451816082 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.8 | 49822 | 132.226.8.169 | 80 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 20:10:31.378396034 CET | 151 | OUT | |
| Jan 10, 2025 20:10:32.206562996 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.8 | 49836 | 132.226.8.169 | 80 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 20:10:33.291934013 CET | 151 | OUT | |
| Jan 10, 2025 20:10:34.176112890 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.8 | 49853 | 132.226.8.169 | 80 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 20:10:35.297606945 CET | 151 | OUT | |
| Jan 10, 2025 20:10:37.120876074 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.8 | 49868 | 132.226.8.169 | 80 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 20:10:38.097207069 CET | 151 | OUT | |
| Jan 10, 2025 20:10:38.951761961 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.8 | 49880 | 132.226.8.169 | 80 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 20:10:39.930825949 CET | 151 | OUT | |
| Jan 10, 2025 20:10:41.786953926 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.8 | 49900 | 132.226.8.169 | 80 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 20:10:42.697278976 CET | 151 | OUT | |
| Jan 10, 2025 20:10:43.579401016 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.8 | 49912 | 132.226.8.169 | 80 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 20:10:44.452672958 CET | 151 | OUT | |
| Jan 10, 2025 20:10:48.349817038 CET | 697 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.8 | 49938 | 132.226.8.169 | 80 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 20:10:48.367818117 CET | 151 | OUT | |
| Jan 10, 2025 20:10:51.216351986 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.8 | 49963 | 132.226.8.169 | 80 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 20:10:52.345976114 CET | 151 | OUT | |
| Jan 10, 2025 20:10:54.302759886 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.8 | 49986 | 132.226.8.169 | 80 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 20:10:55.414172888 CET | 151 | OUT | |
| Jan 10, 2025 20:10:57.265990019 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.8 | 50005 | 132.226.8.169 | 80 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 20:10:58.427280903 CET | 151 | OUT | |
| Jan 10, 2025 20:10:59.518470049 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.8 | 50007 | 132.226.8.169 | 80 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 20:11:00.661761045 CET | 151 | OUT | |
| Jan 10, 2025 20:11:03.670681000 CET | 682 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 16 | 192.168.2.8 | 50008 | 132.226.8.169 | 80 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 20:11:06.075757980 CET | 151 | OUT | |
| Jan 10, 2025 20:11:06.892231941 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.8 | 49710 | 172.217.23.110 | 443 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 19:10:02 UTC | 216 | OUT | |
| 2025-01-10 19:10:03 UTC | 1920 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.8 | 49711 | 142.250.181.225 | 443 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 19:10:04 UTC | 258 | OUT | |
| 2025-01-10 19:10:07 UTC | 4940 | IN | |
| 2025-01-10 19:10:07 UTC | 4940 | IN | |
| 2025-01-10 19:10:07 UTC | 4819 | IN | |
| 2025-01-10 19:10:07 UTC | 1322 | IN | |
| 2025-01-10 19:10:07 UTC | 1390 | IN | |
| 2025-01-10 19:10:07 UTC | 1390 | IN | |
| 2025-01-10 19:10:07 UTC | 1390 | IN | |
| 2025-01-10 19:10:07 UTC | 1390 | IN | |
| 2025-01-10 19:10:07 UTC | 1390 | IN | |
| 2025-01-10 19:10:07 UTC | 1390 | IN | |
| 2025-01-10 19:10:07 UTC | 1390 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.8 | 49747 | 104.21.96.1 | 443 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 19:10:17 UTC | 85 | OUT | |
| 2025-01-10 19:10:17 UTC | 855 | IN | |
| 2025-01-10 19:10:17 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.8 | 49775 | 149.154.167.220 | 443 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 19:10:25 UTC | 296 | OUT | |
| 2025-01-10 19:10:25 UTC | 1090 | OUT | |
| 2025-01-10 19:10:25 UTC | 388 | IN | |
| 2025-01-10 19:10:25 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.8 | 49789 | 149.154.167.220 | 443 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 19:10:27 UTC | 296 | OUT | |
| 2025-01-10 19:10:27 UTC | 1090 | OUT | |
| 2025-01-10 19:10:27 UTC | 388 | IN | |
| 2025-01-10 19:10:27 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.8 | 49801 | 149.154.167.220 | 443 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 19:10:29 UTC | 272 | OUT | |
| 2025-01-10 19:10:29 UTC | 1090 | OUT | |
| 2025-01-10 19:10:29 UTC | 388 | IN | |
| 2025-01-10 19:10:29 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.8 | 49815 | 149.154.167.220 | 443 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 19:10:31 UTC | 272 | OUT | |
| 2025-01-10 19:10:31 UTC | 1090 | OUT | |
| 2025-01-10 19:10:31 UTC | 388 | IN | |
| 2025-01-10 19:10:31 UTC | 544 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.8 | 49830 | 149.154.167.220 | 443 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 19:10:32 UTC | 272 | OUT | |
| 2025-01-10 19:10:32 UTC | 1090 | OUT | |
| 2025-01-10 19:10:33 UTC | 388 | IN | |
| 2025-01-10 19:10:33 UTC | 544 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.8 | 49842 | 149.154.167.220 | 443 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 19:10:34 UTC | 296 | OUT | |
| 2025-01-10 19:10:34 UTC | 1090 | OUT | |
| 2025-01-10 19:10:35 UTC | 388 | IN | |
| 2025-01-10 19:10:35 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.8 | 49863 | 149.154.167.220 | 443 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 19:10:37 UTC | 272 | OUT | |
| 2025-01-10 19:10:37 UTC | 1090 | OUT | |
| 2025-01-10 19:10:38 UTC | 388 | IN | |
| 2025-01-10 19:10:38 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.8 | 49873 | 149.154.167.220 | 443 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 19:10:39 UTC | 272 | OUT | |
| 2025-01-10 19:10:39 UTC | 1090 | OUT | |
| 2025-01-10 19:10:39 UTC | 388 | IN | |
| 2025-01-10 19:10:39 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.8 | 49893 | 149.154.167.220 | 443 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 19:10:42 UTC | 272 | OUT | |
| 2025-01-10 19:10:42 UTC | 1090 | OUT | |
| 2025-01-10 19:10:42 UTC | 388 | IN | |
| 2025-01-10 19:10:42 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.8 | 49906 | 149.154.167.220 | 443 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 19:10:44 UTC | 272 | OUT | |
| 2025-01-10 19:10:44 UTC | 1090 | OUT | |
| 2025-01-10 19:10:44 UTC | 388 | IN | |
| 2025-01-10 19:10:44 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.8 | 49956 | 149.154.167.220 | 443 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 19:10:51 UTC | 296 | OUT | |
| 2025-01-10 19:10:51 UTC | 1090 | OUT | |
| 2025-01-10 19:10:52 UTC | 388 | IN | |
| 2025-01-10 19:10:52 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.8 | 49978 | 149.154.167.220 | 443 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 19:10:54 UTC | 272 | OUT | |
| 2025-01-10 19:10:54 UTC | 1090 | OUT | |
| 2025-01-10 19:10:55 UTC | 388 | IN | |
| 2025-01-10 19:10:55 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.8 | 50000 | 149.154.167.220 | 443 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 19:10:58 UTC | 272 | OUT | |
| 2025-01-10 19:10:58 UTC | 1090 | OUT | |
| 2025-01-10 19:10:58 UTC | 388 | IN | |
| 2025-01-10 19:10:58 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.8 | 50006 | 149.154.167.220 | 443 | 4932 | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 19:11:00 UTC | 272 | OUT | |
| 2025-01-10 19:11:00 UTC | 1090 | OUT | |
| 2025-01-10 19:11:00 UTC | 388 | IN | |
| 2025-01-10 19:11:00 UTC | 546 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 14:08:58 |
| Start date: | 10/01/2025 |
| Path: | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 408'037 bytes |
| MD5 hash: | E64FAF30918D71691DFDE574DD5A6FCB |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 5 |
| Start time: | 14:09:50 |
| Start date: | 10/01/2025 |
| Path: | C:\Users\user\Desktop\ppISxhDcpF.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 408'037 bytes |
| MD5 hash: | E64FAF30918D71691DFDE574DD5A6FCB |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 21.4% |
| Dynamic/Decrypted Code Coverage: | 14% |
| Signature Coverage: | 25.2% |
| Total number of Nodes: | 1505 |
| Total number of Limit Nodes: | 45 |
Graph
Function 004032A0 Relevance: 89.7, APIs: 32, Strings: 19, Instructions: 401stringfilecomCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404B30 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406077 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 207stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405846 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406398 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004027FB Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040389E Relevance: 47.5, APIs: 14, Strings: 13, Instructions: 215stringregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401767 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004025E5 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 151fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040237B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004063BF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405128 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401FC3 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100028A4 Relevance: 3.2, APIs: 2, Instructions: 156COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405C2A Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405700 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402786 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040229D Relevance: 1.5, APIs: 1, Instructions: 25COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405CDC Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405CAD Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100027C7 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040159B Relevance: 1.5, APIs: 1, Instructions: 18COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040414E Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403258 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004052F3 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004045B4 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040686A Relevance: .3, Instructions: 334COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407041 Relevance: .3, Instructions: 300COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004042B6 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 207windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405D84 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404180 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404A7E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D04 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100022D0 Relevance: 9.1, APIs: 6, Instructions: 136memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100024A9 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402537 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100018A9 Relevance: 7.7, APIs: 5, Instructions: 189COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100015FF Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401CFA Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404970 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401BDF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405B11 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F22 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405A09 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D8A Relevance: 6.0, APIs: 4, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405735 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405A55 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405B8F Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 11.1% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 2.3% |
| Total number of Nodes: | 258 |
| Total number of Limit Nodes: | 17 |
Graph
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158DF8 Relevance: 1.1, Instructions: 1082COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 389EE790 Relevance: .8, Instructions: 764COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384BBDF0 Relevance: .8, Instructions: 758COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B8650 Relevance: .7, Instructions: 709COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00155978 Relevance: .6, Instructions: 564COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001560E0 Relevance: .3, Instructions: 336COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3801C638 Relevance: .3, Instructions: 304COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 380103AF Relevance: .3, Instructions: 275COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38010C1B Relevance: .2, Instructions: 224COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38010C28 Relevance: .2, Instructions: 220COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384BA360 Relevance: .2, Instructions: 219COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B9D10 Relevance: .2, Instructions: 219COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384BA9B0 Relevance: .2, Instructions: 218COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B96C8 Relevance: .2, Instructions: 218COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38010F6F Relevance: .2, Instructions: 202COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384BBA88 Relevance: .2, Instructions: 199COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384BBA97 Relevance: .2, Instructions: 192COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00154348 Relevance: .2, Instructions: 180COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B8640 Relevance: .2, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B96B8 Relevance: .2, Instructions: 167COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384BA9A0 Relevance: .2, Instructions: 166COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00154329 Relevance: .2, Instructions: 164COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384BC92F Relevance: .2, Instructions: 153COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B9D00 Relevance: .1, Instructions: 110COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384BA352 Relevance: .1, Instructions: 108COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 389E0978 Relevance: 6.1, APIs: 4, Instructions: 130threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 389E0980 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00150B29 Relevance: 2.7, Strings: 2, Instructions: 203COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00150B30 Relevance: 2.7, Strings: 2, Instructions: 200COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 389E1DC0 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 389E0BC0 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 389E0BC8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 389E2018 Relevance: 1.5, APIs: 1, Instructions: 48timeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 389EC560 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 389EC60C Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 389E2020 Relevance: 1.5, APIs: 1, Instructions: 44timeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 389ED3EE Relevance: 1.5, APIs: 1, Instructions: 44comCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 389EE6C9 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158729 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001519C4 Relevance: .6, Instructions: 587COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384BC173 Relevance: .3, Instructions: 319COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00155068 Relevance: .2, Instructions: 206COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001554A8 Relevance: .2, Instructions: 202COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00156C98 Relevance: .2, Instructions: 201COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015AF90 Relevance: .2, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384BFAB0 Relevance: .2, Instructions: 189COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384BC4CF Relevance: .2, Instructions: 155COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158E0C Relevance: .1, Instructions: 147COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B7920 Relevance: .1, Instructions: 147COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384BCC38 Relevance: .1, Instructions: 139COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00153168 Relevance: .1, Instructions: 134COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B8721 Relevance: .1, Instructions: 130COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001592C3 Relevance: .1, Instructions: 124COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00152C88 Relevance: .1, Instructions: 112COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158BF0 Relevance: .1, Instructions: 104COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00157EC0 Relevance: .1, Instructions: 101COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384BCF39 Relevance: .1, Instructions: 92COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384BCF68 Relevance: .1, Instructions: 88COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00156F40 Relevance: .1, Instructions: 87COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384BFAA1 Relevance: .1, Instructions: 86COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00154664 Relevance: .1, Instructions: 81COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B7911 Relevance: .1, Instructions: 79COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001552BA Relevance: .1, Instructions: 78COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001518C8 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00159FB4 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00150EC8 Relevance: .1, Instructions: 70COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00154612 Relevance: .1, Instructions: 69COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00150ED8 Relevance: .1, Instructions: 61COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015B2C2 Relevance: .1, Instructions: 61COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001517B8 Relevance: .1, Instructions: 61COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384BB9C1 Relevance: .1, Instructions: 61COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001552C8 Relevance: .1, Instructions: 59COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FE70 Relevance: .1, Instructions: 59COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384BB9C7 Relevance: .1, Instructions: 57COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384BB9C8 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384BE7F4 Relevance: .0, Instructions: 50COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015B2F0 Relevance: .0, Instructions: 49COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001517D8 Relevance: .0, Instructions: 49COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384BF098 Relevance: .0, Instructions: 48COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384BCE50 Relevance: .0, Instructions: 47COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00154E70 Relevance: .0, Instructions: 46COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158D19 Relevance: .0, Instructions: 44COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B95E8 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384BCE60 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384BEC22 Relevance: .0, Instructions: 38COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FC48 Relevance: .0, Instructions: 37COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B9608 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00151877 Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00159F1B Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384BBDA8 Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001556FF Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00159F6D Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FF30 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B95D8 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384BD0A1 Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384BBD48 Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384BD72F Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00155710 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B94B4 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004032A0 Relevance: 77.4, APIs: 32, Strings: 12, Instructions: 401stringfilecomCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404B30 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405846 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 148filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B7B4F Relevance: .6, Instructions: 603COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3801B930 Relevance: .3, Instructions: 276COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3801B07F Relevance: .3, Instructions: 274COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3801E790 Relevance: .3, Instructions: 274COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3801DEE1 Relevance: .3, Instructions: 273COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3801E339 Relevance: .3, Instructions: 273COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3801DA89 Relevance: .3, Instructions: 272COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3801EBF2 Relevance: .3, Instructions: 271COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B1858 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B7070 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B4820 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B2108 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B29B8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B3268 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B5208 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B5AB8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B6368 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B3B18 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B43C8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B1400 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B6C18 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B74C8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B1CB0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B2560 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B4DB0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B5660 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B2E10 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B36C0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B3F70 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B5F10 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B67C0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B0FA8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3801C1F2 Relevance: .3, Instructions: 267COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3801F05A Relevance: .3, Instructions: 264COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3801B4F2 Relevance: .3, Instructions: 264COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3801BDA2 Relevance: .3, Instructions: 264COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B8193 Relevance: .2, Instructions: 193COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384B8373 Relevance: .1, Instructions: 116COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 384BCBE7 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004052F3 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004042B6 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 207windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040389E Relevance: 37.0, APIs: 13, Strings: 8, Instructions: 215stringregistryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405D84 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004045B4 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406077 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 207stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404180 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004025E5 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 151fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404A7E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D04 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401CFA Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D56 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404970 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401BDF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004063BF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34libraryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405683 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D8A Relevance: 6.0, APIs: 4, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405B11 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405128 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405735 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405B8F Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|