Edit tour
Windows
Analysis Report
ajRZflJ2ch.exe
Overview
General Information
| Sample name: | ajRZflJ2ch.exerenamed because original name is a hash value |
| Original sample name: | 1d703dda4c786c51432a22da942b92244544a00c1d81b937bd5e5424947804f8.exe |
| Analysis ID: | 1588086 |
| MD5: | c9775580271050109b3431a54f1880f0 |
| SHA1: | 85d69a1abf2b6c4ab9a4fa77c27c5f43e7302630 |
| SHA256: | 1d703dda4c786c51432a22da942b92244544a00c1d81b937bd5e5424947804f8 |
| Tags: | exeGuLoaderuser-adrian__luca |
| Infos: |  |
 | |
Detection
GuLoader, MassLogger RAT
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected MassLogger RAT
Yara detected Telegram RAT
AI detected suspicious sample
Disable Task Manager(disabletaskmgr)
Disables CMD prompt
Disables the Windows task manager (taskmgr)
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Classification
- System is w10x64
ajRZflJ2ch.exe (PID: 2940 cmdline:
"C:\Users\ user\Deskt op\ajRZflJ 2ch.exe" MD5: C9775580271050109B3431A54F1880F0) "C:\Users\ user\Deskt op\ajRZflJ 2ch.exe" MD5: C9775580271050109B3431A54F1880F0)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
{"C2 url": "https://api.telegram.org/bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendMessage"}{"EXfil Mode": "Telegram", "Telegram Token": "7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc", "Telegram Chatid": "7382809095"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | ||
| Click to see the 2 entries | ||||
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T21:17:10.874170+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49877 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:12.691079+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49893 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:14.330984+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49906 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:15.992211+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49918 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:17.899459+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49930 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:19.567198+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49946 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:21.272538+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49958 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:22.988453+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49971 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:24.707595+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49983 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:26.409909+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49996 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:30.991256+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49998 | 149.154.167.220 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T21:17:01.773424+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.8 | 49827 | 193.122.6.168 | 80 | TCP |
| 2025-01-10T21:17:09.914055+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.8 | 49827 | 193.122.6.168 | 80 | TCP |
| 2025-01-10T21:17:11.789066+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.8 | 49888 | 132.226.247.73 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T21:16:56.799124+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.8 | 49795 | 142.250.184.206 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T21:17:10.539561+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49877 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:12.347630+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49893 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:14.000023+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49906 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:15.637564+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49918 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:17.310980+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49930 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:19.197370+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49946 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:20.887708+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49958 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:22.602991+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49971 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:24.335626+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49983 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:26.018875+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49996 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:30.627335+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49998 | 149.154.167.220 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Integrated Neural Analysis Model: | ||
Location Tracking | |
|---|
| Source: | DNS query: | ||
| Source: | Code function: | 5_2_36AFD1EC | |
| Source: | Code function: | 5_2_36AFD9D9 | |
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_0040672B | |
| Source: | Code function: | 0_2_00405AFA | |
| Source: | Code function: | 0_2_00402868 | |
| Source: | Code function: | 5_2_00402868 | |
| Source: | Code function: | 5_2_0040672B | |
| Source: | Code function: | 5_2_00405AFA | |
| Source: | Code function: | 5_2_36AFC638 | |
| Source: | Code function: | 5_2_36AF0C28 | |
| Source: | Code function: | 5_2_36AF03AF | |
| Source: | Code function: | 5_2_36AFDEE1 | |
| Source: | Code function: | 5_2_36AFE790 | |
| Source: | Code function: | 5_2_36AF0F6F | |
| Source: | Code function: | 5_2_36AFB4EC | |
| Source: | Code function: | 5_2_36AF0C1B | |
| Source: | Code function: | 5_2_36AFBD9C | |
| Source: | Code function: | 5_2_36AFDA89 | |
| Source: | Code function: | 5_2_36AFEBF4 | |
| Source: | Code function: | 5_2_36AFE339 | |
| Source: | Code function: | 5_2_36AFB07F | |
| Source: | Code function: | 5_2_36AFF054 | |
| Source: | Code function: | 5_2_36AFC1F2 | |
| Source: | Code function: | 5_2_36AFB930 | |
| Source: | Code function: | 5_2_39A8BDF0 | |
| Source: | Code function: | 5_2_39A88650 | |
| Source: | Code function: | 5_2_39A88650 | |
| Source: | Code function: | 5_2_39A829B8 | |
| Source: | Code function: | 5_2_39A82108 | |
| Source: | Code function: | 5_2_39A84820 | |
| Source: | Code function: | 5_2_39A87070 | |
| Source: | Code function: | 5_2_39A81858 | |
| Source: | Code function: | 5_2_39A843C8 | |
| Source: | Code function: | 5_2_39A83B18 | |
| Source: | Code function: | 5_2_39A86368 | |
| Source: | Code function: | 5_2_39A87B4F | |
| Source: | Code function: | 5_2_39A85AB8 | |
| Source: | Code function: | 5_2_39A85208 | |
| Source: | Code function: | 5_2_39A83268 | |
| Source: | Code function: | 5_2_39A84DB0 | |
| Source: | Code function: | 5_2_39A82560 | |
| Source: | Code function: | 5_2_39A81CB0 | |
| Source: | Code function: | 5_2_39A874C8 | |
| Source: | Code function: | 5_2_39A81400 | |
| Source: | Code function: | 5_2_39A86C18 | |
| Source: | Code function: | 5_2_39A80FA8 | |
| Source: | Code function: | 5_2_39A867C0 | |
| Source: | Code function: | 5_2_39A85F10 | |
| Source: | Code function: | 5_2_39A83F70 | |
| Source: | Code function: | 5_2_39A836C0 | |
| Source: | Code function: | 5_2_39A82E10 | |
| Source: | Code function: | 5_2_39A85660 | |
| Source: | Code function: | 5_2_39EBE7C8 | |
| Source: | Code function: | 5_2_39EBF316 | |
| Source: | Code function: | 5_2_39EBF5D8 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_0040558F | |
| Source: | Process Stats: | ||
| Source: | Code function: | 0_2_004034A5 | |
| Source: | Code function: | 5_2_004034A5 | |
| Source: | Code function: | 0_2_00404DCC | |
| Source: | Code function: | 0_2_00406AF2 | |
| Source: | Code function: | 0_2_70131B5F | |
| Source: | Code function: | 5_2_00404DCC | |
| Source: | Code function: | 5_2_00406AF2 | |
| Source: | Code function: | 5_2_000D4328 | |
| Source: | Code function: | 5_2_000D8DA0 | |
| Source: | Code function: | 5_2_000D5F90 | |
| Source: | Code function: | 5_2_000D2DD1 | |
| Source: | Code function: | 5_2_36AF7628 | |
| Source: | Code function: | 5_2_36AFC638 | |
| Source: | Code function: | 5_2_36AFCCA0 | |
| Source: | Code function: | 5_2_36AF03AF | |
| Source: | Code function: | 5_2_36AF331B | |
| Source: | Code function: | 5_2_36AF6EA0 | |
| Source: | Code function: | 5_2_36AF6E91 | |
| Source: | Code function: | 5_2_36AFDEE1 | |
| Source: | Code function: | 5_2_36AFE790 | |
| Source: | Code function: | 5_2_36AFCCA2 | |
| Source: | Code function: | 5_2_36AFB4EC | |
| Source: | Code function: | 5_2_36AFBD9C | |
| Source: | Code function: | 5_2_36AFDA89 | |
| Source: | Code function: | 5_2_36AFEBF7 | |
| Source: | Code function: | 5_2_36AFEBF4 | |
| Source: | Code function: | 5_2_36AFE339 | |
| Source: | Code function: | 5_2_36AFE347 | |
| Source: | Code function: | 5_2_36AFB07F | |
| Source: | Code function: | 5_2_36AF7848 | |
| Source: | Code function: | 5_2_36AFF054 | |
| Source: | Code function: | 5_2_36AFC1F2 | |
| Source: | Code function: | 5_2_36AFB930 | |
| Source: | Code function: | 5_2_39A8A9B0 | |
| Source: | Code function: | 5_2_39A8A360 | |
| Source: | Code function: | 5_2_39A8BA88 | |
| Source: | Code function: | 5_2_39A8BDF0 | |
| Source: | Code function: | 5_2_39A89D10 | |
| Source: | Code function: | 5_2_39A896C8 | |
| Source: | Code function: | 5_2_39A88650 | |
| Source: | Code function: | 5_2_39A8A9A0 | |
| Source: | Code function: | 5_2_39A829B8 | |
| Source: | Code function: | 5_2_39A851F8 | |
| Source: | Code function: | 5_2_39A8F120 | |
| Source: | Code function: | 5_2_39A8F130 | |
| Source: | Code function: | 5_2_39A82108 | |
| Source: | Code function: | 5_2_39A820F8 | |
| Source: | Code function: | 5_2_39A84820 | |
| Source: | Code function: | 5_2_39A84810 | |
| Source: | Code function: | 5_2_39A87061 | |
| Source: | Code function: | 5_2_39A87070 | |
| Source: | Code function: | 5_2_39A81848 | |
| Source: | Code function: | 5_2_39A80040 | |
| Source: | Code function: | 5_2_39A81858 | |
| Source: | Code function: | 5_2_39A813F0 | |
| Source: | Code function: | 5_2_39A843C8 | |
| Source: | Code function: | 5_2_39A83B08 | |
| Source: | Code function: | 5_2_39A83B18 | |
| Source: | Code function: | 5_2_39A86368 | |
| Source: | Code function: | 5_2_39A87B4F | |
| Source: | Code function: | 5_2_39A86358 | |
| Source: | Code function: | 5_2_39A8A351 | |
| Source: | Code function: | 5_2_39A85AA8 | |
| Source: | Code function: | 5_2_39A85AB8 | |
| Source: | Code function: | 5_2_39A8BA97 | |
| Source: | Code function: | 5_2_39A85208 | |
| Source: | Code function: | 5_2_39A83268 | |
| Source: | Code function: | 5_2_39A83258 | |
| Source: | Code function: | 5_2_39A84DB0 | |
| Source: | Code function: | 5_2_39A84DB2 | |
| Source: | Code function: | 5_2_39A89D00 | |
| Source: | Code function: | 5_2_39A82560 | |
| Source: | Code function: | 5_2_39A8255F | |
| Source: | Code function: | 5_2_39A82550 | |
| Source: | Code function: | 5_2_39A81CA0 | |
| Source: | Code function: | 5_2_39A874B8 | |
| Source: | Code function: | 5_2_39A81CB0 | |
| Source: | Code function: | 5_2_39A874C8 | |
| Source: | Code function: | 5_2_39A86C09 | |
| Source: | Code function: | 5_2_39A81400 | |
| Source: | Code function: | 5_2_39A86C18 | |
| Source: | Code function: | 5_2_39A80FA8 | |
| Source: | Code function: | 5_2_39A867B0 | |
| Source: | Code function: | 5_2_39A8AFE8 | |
| Source: | Code function: | 5_2_39A8AFF8 | |
| Source: | Code function: | 5_2_39A8AFF7 | |
| Source: | Code function: | 5_2_39A867C0 | |
| Source: | Code function: | 5_2_39A85F01 | |
| Source: | Code function: | 5_2_39A85F10 | |
| Source: | Code function: | 5_2_39A83F70 | |
| Source: | Code function: | 5_2_39A83F72 | |
| Source: | Code function: | 5_2_39A896B8 | |
| Source: | Code function: | 5_2_39A80EB9 | |
| Source: | Code function: | 5_2_39A836C0 | |
| Source: | Code function: | 5_2_39A836C2 | |
| Source: | Code function: | 5_2_39A82E00 | |
| Source: | Code function: | 5_2_39A82E10 | |
| Source: | Code function: | 5_2_39A85660 | |
| Source: | Code function: | 5_2_39A88640 | |
| Source: | Code function: | 5_2_39A8565F | |
| Source: | Code function: | 5_2_39A85650 | |
| Source: | Code function: | 5_2_39EBE7C8 | |
| Source: | Code function: | 5_2_39EBD608 | |
| Source: | Code function: | 5_2_39EB6FA0 | |
| Source: | Code function: | 5_2_39EB8328 | |
| Source: | Code function: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_004034A5 | |
| Source: | Code function: | 5_2_004034A5 | |
| Source: | Code function: | 0_2_00404850 | |
| Source: | Code function: | 0_2_00402104 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | Code function: | 0_2_70131B5F | |
| Source: | File created: | Jump to dropped file | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | API coverage: | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 0_2_0040672B | |
| Source: | Code function: | 0_2_00405AFA | |
| Source: | Code function: | 0_2_00402868 | |
| Source: | Code function: | 5_2_00402868 | |
| Source: | Code function: | 5_2_0040672B | |
| Source: | Code function: | 5_2_00405AFA | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-4592 | ||
| Source: | API call chain: | graph_0-4750 | ||
| Source: | Code function: | 0_2_00401E49 | |
| Source: | Code function: | 0_2_70131B5F | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_004034A5 | |
| Source: | Key value queried: | Jump to behavior | ||
Lowering of HIPS / PFW / Operating System Security Settings | |
|---|
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry key created or modified: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Access Token Manipulation | 1 Masquerading | 1 OS Credential Dumping | 21 Security Software Discovery | Remote Services | 1 Email Collection | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 11 Process Injection | 31 Disable or Modify Tools | LSASS Memory | 31 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 31 Virtualization/Sandbox Evasion | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | 1 Data from Local System | 1 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Access Token Manipulation | NTDS | 1 System Network Configuration Discovery | Distributed Component Object Model | 1 Clipboard Data | 3 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Process Injection | LSA Secrets | 2 File and Directory Discovery | SSH | Keylogging | 14 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Deobfuscate/Decode Files or Information | Cached Domain Credentials | 215 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Obfuscated Files or Information | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 75% | Virustotal | Browse | ||
| 61% | ReversingLabs | Win32.Exploit.GuLoader | ||
| 100% | Avira | HEUR/AGEN.1337946 |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| drive.google.com | 142.250.184.206 | true | false | high | |
| drive.usercontent.google.com | 142.250.184.193 | true | false | high | |
| reallyfreegeoip.org | 104.21.48.1 | true | false | high | |
| api.telegram.org | 149.154.167.220 | true | false | high | |
| checkip.dyndns.com | 193.122.6.168 | true | false | high | |
| checkip.dyndns.org | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 104.21.48.1 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false | |
| 149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
| 142.250.184.193 | drive.usercontent.google.com | United States | 15169 | GOOGLEUS | false | |
| 193.122.6.168 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false | |
| 142.250.184.206 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
| 132.226.247.73 | unknown | United States | 16989 | UTMEMUS | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1588086 |
| Start date and time: | 2025-01-10 21:14:21 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 7m 56s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 8 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | ajRZflJ2ch.exerenamed because original name is a hash value |
| Original Sample Name: | 1d703dda4c786c51432a22da942b92244544a00c1d81b937bd5e5424947804f8.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/8@6/6 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 20.109.210.53, 4.245.163.56, 13.107.246.45
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 15:17:08 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 104.21.48.1 | Get hash | malicious | FormBook | Browse |
| |
| Get hash | malicious | CMSBrute | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| 149.154.167.220 | Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse | ||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| 193.122.6.168 | Get hash | malicious | Snake Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| checkip.dyndns.com | Get hash | malicious | Snake Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| reallyfreegeoip.org | Get hash | malicious | Snake Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| api.telegram.org | Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| ORACLE-BMC-31898US | Get hash | malicious | Snake Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Strela Downloader | Browse |
| ||
| Get hash | malicious | KnowBe4 | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | LummaC, CAPTCHA Scam ClickFix, LummaC Stealer | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| TELEGRAMRU | Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| UTMEMUS | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | Snake Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC, CAPTCHA Scam ClickFix, LummaC Stealer | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | LummaC, CAPTCHA Scam ClickFix, LummaC Stealer | Browse |
| |
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nsd88AD.tmp\System.dll | Get hash | malicious | Remcos | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Remcos, GuLoader | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | LummaC Stealer | Browse | |||
| Get hash | malicious | AgentTesla, GuLoader | Browse | |||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| Process: | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 484658 |
| Entropy (8bit): | 7.809711763657168 |
| Encrypted: | false |
| SSDEEP: | 12288:W1S3xo63wl4biprI2S4WwWEcwxg9dvVAxZOCLF0DB:Wo3xX3y4bz2lWwWo6rSTZyd |
| MD5: | 5C727AE28F0DECF497FBB092BAE01B4E |
| SHA1: | AADE364AE8C2C91C6F59F85711B53078FB0763B7 |
| SHA-256: | 77CCACF58330509839E17A6CFD6B17FE3DE31577D8E2C37DC413839BA2FEEC80 |
| SHA-512: | 5246C0FBA41DF66AF89D986A3CEABC99B61DB9E9C217B28B2EC18AF31E3ED17C865387223CEB3A38A804243CF3307E07E557549026F49F52829BEBC4D4546C40 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 302802 |
| Entropy (8bit): | 7.715597307255138 |
| Encrypted: | false |
| SSDEEP: | 6144:1TAGwcHt8IYejp9JRL5ljyLlQRCuLyon4mwYEmrwAd:1TAGFkejpRLPelKdeaREGwq |
| MD5: | D59A83F9C3B0814E7F07E0350AE015DA |
| SHA1: | 8D8EAC7CE54E23E12805064E25E8E2B09ABF5A4E |
| SHA-256: | D3D32567E0FD98C5A1695A1CCBBF0144C7F083D1739BED777B6868B68F8CF7EB |
| SHA-512: | 87389F16386E0F2919F6F4A86D12A92E6DFD94C2FC977019E1F1EB3385BBE762D4CA34EBE08DA6D73A1CFD5F1D778073E58A063C4213FD18CF8C6A8B0204E3A4 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 112291 |
| Entropy (8bit): | 1.249420131631438 |
| Encrypted: | false |
| SSDEEP: | 768:5R+BCpkJWjYWL2MxTVLvUjpGqik9JiAfWA2DBQwD1PzUH+HYZmIo7x31sT:WCZY21w0I2NZYD |
| MD5: | 4D1D72CFC5940B09DFBD7B65916F532E |
| SHA1: | 30A45798B534842002B103A36A3B907063F8A96C |
| SHA-256: | 479F1904096978F1011DF05D52021FAEEE028D4CF331024C965CED8AF1C8D496 |
| SHA-512: | 048844A09E291903450188715BCDDF14F0F1F10BEAFBD005882EBF5D5E31A71D8F93EEBE788BD54B4AED2266C454F4DCA18AF4567977B7E773BBE29A38DEA45B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 362089 |
| Entropy (8bit): | 1.23992084267325 |
| Encrypted: | false |
| SSDEEP: | 768:xOeaameETrlE0+1mGOWb3h5WAV0hW+JSLSwzj2HlSdL0f6mhKZRaqOzWz6szt3cA:x+ds5dYOVxIW3hhdeRt6MeZ1W4vB |
| MD5: | A4340182CDDD2EC1F1480360218343F9 |
| SHA1: | 50EF929FEA713AA6FCC05E8B75F497B7946B285B |
| SHA-256: | B91E5B1FF5756F0B93DCF11CBC8B467CDA0C5792DE24D27EC86E7C74388B44B3 |
| SHA-512: | 021F198AFF7CCED92912C74FC97D1919A9E059F22E99AB1236FBAA36C16B520C07B78F47FC01FCFAC1B53A87CDAE3E440D0589FA2844612617FAB2EDB64A3573 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 66838 |
| Entropy (8bit): | 4.601980718534523 |
| Encrypted: | false |
| SSDEEP: | 1536:d8Z4bSnvTwDC0ik3K/pdZ3dGsHohAGSxH2Qi:le8C7F3hHohAJR2Qi |
| MD5: | C0DBD375347024F0842ECF32EFC20A39 |
| SHA1: | 0B005481213478B486758E53EBFA1448FF7B4C32 |
| SHA-256: | 83E255BFBC1D9529AA12515F0AFA172EE5959DE7619CEEC74C2B7AB232E2F1A9 |
| SHA-512: | 113B542FF537405DD98F7E711E8B16B18F2E32F3E781E51DE98697A6CB08145237B7EE553220FD4F9562556B8E05FE23BD4744063AB1CA72EE207144DAFEE63E |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 139354 |
| Entropy (8bit): | 1.2473328695625903 |
| Encrypted: | false |
| SSDEEP: | 768:9OsMSh8lSnJGyUzWZsO2ipzPFmDZC9kpzroto48tf2+5lVp:9delFlqNawgJp |
| MD5: | B0FB6B583D6902DE58E1202D12BA4832 |
| SHA1: | 7F585B5C3A4581CE76E373C78A6513F157B20480 |
| SHA-256: | E6EA5F6D0C7F5FA407269C7F4FF6D97149B7611071BF5BF6C454B810501AE661 |
| SHA-512: | E0894FFBD76C3476DC083DAFD24F88964BF6E09E4CA955766B43FE73A764A00247C930E9996652A22B57B27826CD94F88B8178514060CA398DE568675F9E4571 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1494171 |
| Entropy (8bit): | 5.529984636265362 |
| Encrypted: | false |
| SSDEEP: | 24576:y+lFkOHecco3xX3y4bz2lWwWo6rSTZyqZX:RyoBXbz2luo6rS1yqZ |
| MD5: | 09C061859A1E2418D61BD43E8FA8F63A |
| SHA1: | 94CA39EE23956A64D10CBDA2A7806ECB0840C5C7 |
| SHA-256: | D5A1FCC23605E0815EAE68180CB374A80B2385DB0E7430D97FACE2630689A8AB |
| SHA-512: | E405F684617AA34C4BB04C186988893C211BF89FF5C7D4F5A77BE5CF5D0BAC9F66BD9404969CE711A90C8AEDD3E8C08D386D128A78FB188E551D2AB97CB05BF2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 5.719859767584478 |
| Encrypted: | false |
| SSDEEP: | 192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6 |
| MD5: | 0D7AD4F45DC6F5AA87F606D0331C6901 |
| SHA1: | 48DF0911F0484CBE2A8CDD5362140B63C41EE457 |
| SHA-256: | 3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA |
| SHA-512: | C07DE7308CB54205E8BD703001A7FE4FD7796C9AC1B4BB330C77C872BF712B093645F40B80CE7127531FE6746A5B66E18EA073AB6A644934ABED9BB64126FEA9 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
| File type: | |
| Entropy (8bit): | 7.960048713088303 |
| TrID: |
|
| File name: | ajRZflJ2ch.exe |
| File size: | 1'026'527 bytes |
| MD5: | c9775580271050109b3431a54f1880f0 |
| SHA1: | 85d69a1abf2b6c4ab9a4fa77c27c5f43e7302630 |
| SHA256: | 1d703dda4c786c51432a22da942b92244544a00c1d81b937bd5e5424947804f8 |
| SHA512: | 412670d7d1ad7fb2d292019c4efc99912b655ff54917972504be0d0855a5d7845e7ba417393d3114ddcdc9a44ba5f6240f8183e180f61326be8c7b7cf5d5bca1 |
| SSDEEP: | 12288:9jwjW11WewcTe8agur7Ew6+Cihk6QM3urjWslPFJgz7oo2EPAAL3Y+97xC+9Wf7c:9jwKCN8VKPkzltJ87oop7L3Vb20oFc3 |
| TLSH: | C92523012BE3C9EEE1D2817175C2E3B666F99C11441AED2F47042E5F7D3A8A85436ACF |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...$..\.................f...*..... |
 | |
| Icon Hash: | 46224e4c19391d03 |
| Entrypoint: | 0x4034a5 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x5C157F24 [Sat Dec 15 22:24:36 2018 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 1f23f452093b5c1ff091a2f9fb4fa3e9 |
| Instruction |
|---|
| sub esp, 000002D4h |
| push ebx |
| push esi |
| push edi |
| push 00000020h |
| pop edi |
| xor ebx, ebx |
| push 00008001h |
| mov dword ptr [esp+14h], ebx |
| mov dword ptr [esp+10h], 0040A230h |
| mov dword ptr [esp+1Ch], ebx |
| call dword ptr [004080ACh] |
| call dword ptr [004080A8h] |
| and eax, BFFFFFFFh |
| cmp ax, 00000006h |
| mov dword ptr [0042A24Ch], eax |
| je 00007FEE2CACEA43h |
| push ebx |
| call 00007FEE2CAD1D0Dh |
| cmp eax, ebx |
| je 00007FEE2CACEA39h |
| push 00000C00h |
| call eax |
| mov esi, 004082B0h |
| push esi |
| call 00007FEE2CAD1C87h |
| push esi |
| call dword ptr [00408150h] |
| lea esi, dword ptr [esi+eax+01h] |
| cmp byte ptr [esi], 00000000h |
| jne 00007FEE2CACEA1Ch |
| push 0000000Ah |
| call 00007FEE2CAD1CE0h |
| push 00000008h |
| call 00007FEE2CAD1CD9h |
| push 00000006h |
| mov dword ptr [0042A244h], eax |
| call 00007FEE2CAD1CCDh |
| cmp eax, ebx |
| je 00007FEE2CACEA41h |
| push 0000001Eh |
| call eax |
| test eax, eax |
| je 00007FEE2CACEA39h |
| or byte ptr [0042A24Fh], 00000040h |
| push ebp |
| call dword ptr [00408044h] |
| push ebx |
| call dword ptr [004082A0h] |
| mov dword ptr [0042A318h], eax |
| push ebx |
| lea eax, dword ptr [esp+34h] |
| push 000002B4h |
| push eax |
| push ebx |
| push 004216E8h |
| call dword ptr [00408188h] |
| push 0040A384h |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8504 | 0xa0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x55000 | 0x21068 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x6409 | 0x6600 | bfe2b726d49cbd922b87bad5eea65e61 | False | 0.6540287990196079 | data | 6.416186322230332 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8000 | 0x1396 | 0x1400 | d45dcba8ca646543f7e339e20089687e | False | 0.45234375 | data | 5.154907432640367 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xa000 | 0x20358 | 0x600 | 8575fc5e872ca789611c386779287649 | False | 0.5026041666666666 | data | 4.004402321344153 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x2b000 | 0x2a000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x55000 | 0x21068 | 0x21200 | 03ed2ed76ba15352dac9e48819696134 | False | 0.8714696344339623 | data | 7.556190648348207 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_BITMAP | 0x554c0 | 0x368 | Device independent bitmap graphic, 96 x 16 x 4, image size 768 | English | United States | 0.23623853211009174 |
| RT_ICON | 0x55828 | 0xc2a3 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9966684729162903 |
| RT_ICON | 0x61ad0 | 0x86e0 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.990210843373494 |
| RT_ICON | 0x6a1b0 | 0x5085 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9867559307233299 |
| RT_ICON | 0x6f238 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.4358921161825726 |
| RT_ICON | 0x717e0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.4896810506566604 |
| RT_ICON | 0x72888 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | English | United States | 0.5367803837953091 |
| RT_ICON | 0x73730 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States | 0.6913357400722022 |
| RT_ICON | 0x73fd8 | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1152 | English | United States | 0.38597560975609757 |
| RT_ICON | 0x74640 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | English | United States | 0.4934971098265896 |
| RT_ICON | 0x74ba8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.651595744680851 |
| RT_ICON | 0x75010 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512 | English | United States | 0.46908602150537637 |
| RT_ICON | 0x752f8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | English | United States | 0.5472972972972973 |
| RT_DIALOG | 0x75420 | 0x120 | data | English | United States | 0.53125 |
| RT_DIALOG | 0x75540 | 0x118 | data | English | United States | 0.5678571428571428 |
| RT_DIALOG | 0x75658 | 0x120 | data | English | United States | 0.5104166666666666 |
| RT_DIALOG | 0x75778 | 0xf8 | data | English | United States | 0.6330645161290323 |
| RT_DIALOG | 0x75870 | 0xa0 | data | English | United States | 0.6125 |
| RT_DIALOG | 0x75910 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0x75970 | 0xae | data | English | United States | 0.6091954022988506 |
| RT_VERSION | 0x75a20 | 0x308 | data | English | United States | 0.47036082474226804 |
| RT_MANIFEST | 0x75d28 | 0x33e | XML 1.0 document, ASCII text, with very long lines (830), with no line terminators | English | United States | 0.5542168674698795 |
| DLL | Import |
|---|---|
| KERNEL32.dll | ExitProcess, SetFileAttributesW, Sleep, GetTickCount, CreateFileW, GetFileSize, GetModuleFileNameW, GetCurrentProcess, SetCurrentDirectoryW, GetFileAttributesW, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, CopyFileW, GetShortPathNameW, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalUnlock, GetDiskFreeSpaceW, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW |
| USER32.dll | GetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage |
| GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
| SHELL32.dll | SHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW |
| ADVAPI32.dll | AdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
| COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
| ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T21:16:56.799124+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.8 | 49795 | 142.250.184.206 | 443 | TCP |
| 2025-01-10T21:17:01.773424+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.8 | 49827 | 193.122.6.168 | 80 | TCP |
| 2025-01-10T21:17:09.914055+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.8 | 49827 | 193.122.6.168 | 80 | TCP |
| 2025-01-10T21:17:10.539561+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49877 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:10.874170+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49877 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:11.789066+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.8 | 49888 | 132.226.247.73 | 80 | TCP |
| 2025-01-10T21:17:12.347630+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49893 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:12.691079+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49893 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:14.000023+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49906 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:14.330984+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49906 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:15.637564+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49918 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:15.992211+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49918 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:17.310980+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49930 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:17.899459+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49930 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:19.197370+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49946 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:19.567198+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49946 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:20.887708+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49958 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:21.272538+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49958 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:22.602991+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49971 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:22.988453+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49971 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:24.335626+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49983 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:24.707595+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49983 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:26.018875+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49996 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:26.409909+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49996 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:30.627335+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49998 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:17:30.991256+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49998 | 149.154.167.220 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 10, 2025 21:16:55.769213915 CET | 49795 | 443 | 192.168.2.8 | 142.250.184.206 |
| Jan 10, 2025 21:16:55.769247055 CET | 443 | 49795 | 142.250.184.206 | 192.168.2.8 |
| Jan 10, 2025 21:16:55.769306898 CET | 49795 | 443 | 192.168.2.8 | 142.250.184.206 |
| Jan 10, 2025 21:16:55.780404091 CET | 49795 | 443 | 192.168.2.8 | 142.250.184.206 |
| Jan 10, 2025 21:16:55.780427933 CET | 443 | 49795 | 142.250.184.206 | 192.168.2.8 |
| Jan 10, 2025 21:16:56.424391985 CET | 443 | 49795 | 142.250.184.206 | 192.168.2.8 |
| Jan 10, 2025 21:16:56.424479961 CET | 49795 | 443 | 192.168.2.8 | 142.250.184.206 |
| Jan 10, 2025 21:16:56.426244974 CET | 443 | 49795 | 142.250.184.206 | 192.168.2.8 |
| Jan 10, 2025 21:16:56.426306009 CET | 49795 | 443 | 192.168.2.8 | 142.250.184.206 |
| Jan 10, 2025 21:16:56.479101896 CET | 49795 | 443 | 192.168.2.8 | 142.250.184.206 |
| Jan 10, 2025 21:16:56.479134083 CET | 443 | 49795 | 142.250.184.206 | 192.168.2.8 |
| Jan 10, 2025 21:16:56.479639053 CET | 443 | 49795 | 142.250.184.206 | 192.168.2.8 |
| Jan 10, 2025 21:16:56.479706049 CET | 49795 | 443 | 192.168.2.8 | 142.250.184.206 |
| Jan 10, 2025 21:16:56.483421087 CET | 49795 | 443 | 192.168.2.8 | 142.250.184.206 |
| Jan 10, 2025 21:16:56.527334929 CET | 443 | 49795 | 142.250.184.206 | 192.168.2.8 |
| Jan 10, 2025 21:16:56.799123049 CET | 443 | 49795 | 142.250.184.206 | 192.168.2.8 |
| Jan 10, 2025 21:16:56.800066948 CET | 443 | 49795 | 142.250.184.206 | 192.168.2.8 |
| Jan 10, 2025 21:16:56.800220966 CET | 49795 | 443 | 192.168.2.8 | 142.250.184.206 |
| Jan 10, 2025 21:16:56.801635981 CET | 49795 | 443 | 192.168.2.8 | 142.250.184.206 |
| Jan 10, 2025 21:16:56.801662922 CET | 443 | 49795 | 142.250.184.206 | 192.168.2.8 |
| Jan 10, 2025 21:16:56.852108955 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:16:56.852158070 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:16:56.852256060 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:16:56.852544069 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:16:56.852559090 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:16:57.506761074 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:16:57.506979942 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:16:57.512111902 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:16:57.512140989 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:16:57.512387037 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:16:57.515575886 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:16:57.515950918 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:16:57.563324928 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.231838942 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.231904984 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.233050108 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.233114958 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.245717049 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.245794058 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.245804071 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.245840073 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.251971006 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.252049923 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.322345018 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.322402954 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.322417974 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.322454929 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.322458982 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.322472095 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.322501898 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.322540045 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.322577000 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.322621107 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.322765112 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.322810888 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.322817087 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.322861910 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.329133987 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.329190016 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.329199076 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.329243898 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.335395098 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.335455894 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.335464954 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.335514069 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.341726065 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.341793060 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.341799974 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.341835976 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.348000050 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.348079920 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.348087072 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.348124981 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.354404926 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.354479074 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.354485989 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.354522943 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.360124111 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.360212088 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.360225916 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.360265970 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.366039991 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.366101027 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.366107941 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.366147995 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.371841908 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.371900082 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.371913910 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.371958017 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.377548933 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.377607107 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.386321068 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.386384010 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.386392117 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.386430979 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.412925005 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.413001060 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.413036108 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.413049936 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.413060904 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.413075924 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.413124084 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.413157940 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.413197994 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.413211107 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.413252115 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.413491011 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.413542986 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.413553953 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.413599014 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.413605928 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.413645983 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.413650990 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.413692951 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.414138079 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.414192915 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.414197922 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.414242029 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.419682026 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.419792891 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.419814110 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.419852972 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.424460888 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.424524069 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.424549103 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.424592972 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.429414988 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.429496050 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.429513931 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.429554939 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.434007883 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.434077978 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.434099913 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.434138060 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.438699007 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.438745975 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.438754082 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.438791990 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.443387985 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.443478107 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.443484068 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.443523884 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.448013067 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.448076963 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.448084116 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.448121071 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.452655077 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.452696085 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.452701092 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.452748060 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.457309961 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.457370996 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.457376957 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.457410097 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.461725950 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.461776018 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.461781025 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.461819887 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.465956926 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.466016054 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.466022968 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.466063976 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.466068983 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.466114044 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.466119051 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.466161966 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.466169119 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.466178894 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.466200113 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.466208935 CET | 443 | 49801 | 142.250.184.193 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.466233969 CET | 49801 | 443 | 192.168.2.8 | 142.250.184.193 |
| Jan 10, 2025 21:17:00.856647968 CET | 49827 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:17:00.861438036 CET | 80 | 49827 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.861502886 CET | 49827 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:17:00.861711979 CET | 49827 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:17:00.866471052 CET | 80 | 49827 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:17:01.515934944 CET | 80 | 49827 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:17:01.530189991 CET | 49827 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:17:01.535098076 CET | 80 | 49827 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:17:01.733083010 CET | 80 | 49827 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:17:01.773423910 CET | 49827 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:17:03.228966951 CET | 49843 | 443 | 192.168.2.8 | 104.21.48.1 |
| Jan 10, 2025 21:17:03.228996992 CET | 443 | 49843 | 104.21.48.1 | 192.168.2.8 |
| Jan 10, 2025 21:17:03.229057074 CET | 49843 | 443 | 192.168.2.8 | 104.21.48.1 |
| Jan 10, 2025 21:17:03.232363939 CET | 49843 | 443 | 192.168.2.8 | 104.21.48.1 |
| Jan 10, 2025 21:17:03.232374907 CET | 443 | 49843 | 104.21.48.1 | 192.168.2.8 |
| Jan 10, 2025 21:17:03.698580980 CET | 443 | 49843 | 104.21.48.1 | 192.168.2.8 |
| Jan 10, 2025 21:17:03.698679924 CET | 49843 | 443 | 192.168.2.8 | 104.21.48.1 |
| Jan 10, 2025 21:17:03.717092991 CET | 49843 | 443 | 192.168.2.8 | 104.21.48.1 |
| Jan 10, 2025 21:17:03.717118025 CET | 443 | 49843 | 104.21.48.1 | 192.168.2.8 |
| Jan 10, 2025 21:17:03.717473030 CET | 443 | 49843 | 104.21.48.1 | 192.168.2.8 |
| Jan 10, 2025 21:17:03.743784904 CET | 49843 | 443 | 192.168.2.8 | 104.21.48.1 |
| Jan 10, 2025 21:17:03.787326097 CET | 443 | 49843 | 104.21.48.1 | 192.168.2.8 |
| Jan 10, 2025 21:17:03.871495962 CET | 443 | 49843 | 104.21.48.1 | 192.168.2.8 |
| Jan 10, 2025 21:17:03.871563911 CET | 443 | 49843 | 104.21.48.1 | 192.168.2.8 |
| Jan 10, 2025 21:17:03.871665955 CET | 49843 | 443 | 192.168.2.8 | 104.21.48.1 |
| Jan 10, 2025 21:17:03.911474943 CET | 49843 | 443 | 192.168.2.8 | 104.21.48.1 |
| Jan 10, 2025 21:17:09.659775972 CET | 49827 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:17:09.664526939 CET | 80 | 49827 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:17:09.867818117 CET | 80 | 49827 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:17:09.879024982 CET | 49877 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:09.879086971 CET | 443 | 49877 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:09.879163027 CET | 49877 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:09.879570007 CET | 49877 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:09.879595995 CET | 443 | 49877 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:09.914055109 CET | 49827 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:17:10.489929914 CET | 443 | 49877 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:10.490060091 CET | 49877 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:10.491813898 CET | 49877 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:10.491825104 CET | 443 | 49877 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:10.492077112 CET | 443 | 49877 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:10.493598938 CET | 49877 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:10.539330959 CET | 443 | 49877 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:10.539407969 CET | 49877 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:10.539414883 CET | 443 | 49877 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:10.874133110 CET | 443 | 49877 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:10.874284029 CET | 443 | 49877 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:10.874334097 CET | 49877 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:10.874742031 CET | 49877 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:11.026407957 CET | 49827 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:17:11.031339884 CET | 80 | 49827 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:17:11.031404972 CET | 49827 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:17:11.035022020 CET | 49888 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:11.039782047 CET | 80 | 49888 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:11.039850950 CET | 49888 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:11.039938927 CET | 49888 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:11.044766903 CET | 80 | 49888 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:11.735805988 CET | 80 | 49888 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:11.737334967 CET | 49893 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:11.737369061 CET | 443 | 49893 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:11.737472057 CET | 49893 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:11.738094091 CET | 49893 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:11.738104105 CET | 443 | 49893 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:11.789066076 CET | 49888 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:12.345186949 CET | 443 | 49893 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:12.346955061 CET | 49893 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:12.346962929 CET | 443 | 49893 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:12.347090006 CET | 49893 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:12.347096920 CET | 443 | 49893 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:12.691149950 CET | 443 | 49893 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:12.691257000 CET | 443 | 49893 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:12.691306114 CET | 49893 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:12.691751957 CET | 49893 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:12.696393013 CET | 49900 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:12.701168060 CET | 80 | 49900 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:12.701235056 CET | 49900 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:12.701349020 CET | 49900 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:12.706135035 CET | 80 | 49900 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:13.391932011 CET | 80 | 49900 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:13.393532991 CET | 49906 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:13.393577099 CET | 443 | 49906 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:13.393703938 CET | 49906 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:13.393994093 CET | 49906 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:13.394006968 CET | 443 | 49906 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:13.445578098 CET | 49900 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:13.998153925 CET | 443 | 49906 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:13.999794960 CET | 49906 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:13.999824047 CET | 443 | 49906 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:13.999964952 CET | 49906 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:13.999972105 CET | 443 | 49906 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:14.331029892 CET | 443 | 49906 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:14.331111908 CET | 443 | 49906 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:14.331285954 CET | 49906 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:14.331540108 CET | 49906 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:14.335021019 CET | 49900 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:14.337014914 CET | 49912 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:14.340006113 CET | 80 | 49900 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:14.340056896 CET | 49900 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:14.344660044 CET | 80 | 49912 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:14.344854116 CET | 49912 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:14.344854116 CET | 49912 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:14.349706888 CET | 80 | 49912 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:15.017756939 CET | 80 | 49912 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:15.018946886 CET | 49918 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:15.018995047 CET | 443 | 49918 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:15.019051075 CET | 49918 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:15.019397020 CET | 49918 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:15.019408941 CET | 443 | 49918 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:15.070283890 CET | 49912 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:15.632827044 CET | 443 | 49918 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:15.637290001 CET | 49918 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:15.637322903 CET | 443 | 49918 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:15.637531042 CET | 49918 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:15.637537003 CET | 443 | 49918 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:15.992254972 CET | 443 | 49918 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:15.992331982 CET | 443 | 49918 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:15.992491961 CET | 49918 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:15.992779016 CET | 49918 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:15.996154070 CET | 49912 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:15.997173071 CET | 49924 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:16.001518965 CET | 80 | 49912 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:16.001579046 CET | 49912 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:16.001976013 CET | 80 | 49924 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:16.002155066 CET | 49924 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:16.002155066 CET | 49924 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:16.006915092 CET | 80 | 49924 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:16.674288034 CET | 80 | 49924 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:16.675755024 CET | 49930 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:16.675793886 CET | 443 | 49930 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:16.675879955 CET | 49930 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:16.676110029 CET | 49930 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:16.676115036 CET | 443 | 49930 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:16.726644039 CET | 49924 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:17.308132887 CET | 443 | 49930 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:17.310715914 CET | 49930 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:17.310744047 CET | 443 | 49930 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:17.310920954 CET | 49930 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:17.310929060 CET | 443 | 49930 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:17.899512053 CET | 443 | 49930 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:17.899596930 CET | 443 | 49930 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:17.899791956 CET | 49930 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:17.900105000 CET | 49930 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:17.903361082 CET | 49924 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:17.904858112 CET | 49940 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:17.908399105 CET | 80 | 49924 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:17.908564091 CET | 49924 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:17.909686089 CET | 80 | 49940 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:17.909779072 CET | 49940 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:17.910092115 CET | 49940 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:17.915368080 CET | 80 | 49940 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:18.588387012 CET | 80 | 49940 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:18.589771986 CET | 49946 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:18.589833021 CET | 443 | 49946 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:18.589956999 CET | 49946 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:18.590229034 CET | 49946 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:18.590244055 CET | 443 | 49946 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:18.632844925 CET | 49940 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:19.195462942 CET | 443 | 49946 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:19.197206974 CET | 49946 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:19.197237015 CET | 443 | 49946 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:19.197319984 CET | 49946 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:19.197325945 CET | 443 | 49946 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:19.567267895 CET | 443 | 49946 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:19.567364931 CET | 443 | 49946 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:19.567435026 CET | 49946 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:19.567892075 CET | 49946 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:19.571346998 CET | 49940 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:19.572527885 CET | 49952 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:19.576380014 CET | 80 | 49940 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:19.576484919 CET | 49940 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:19.577315092 CET | 80 | 49952 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:19.577382088 CET | 49952 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:19.577498913 CET | 49952 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:19.582282066 CET | 80 | 49952 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:20.276863098 CET | 80 | 49952 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:20.278089046 CET | 49958 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:20.278132915 CET | 443 | 49958 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:20.278461933 CET | 49958 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:20.278461933 CET | 49958 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:20.278495073 CET | 443 | 49958 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:20.320322037 CET | 49952 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:20.885703087 CET | 443 | 49958 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:20.887455940 CET | 49958 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:20.887490034 CET | 443 | 49958 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:20.887561083 CET | 49958 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:20.887569904 CET | 443 | 49958 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:21.272578955 CET | 443 | 49958 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:21.272667885 CET | 443 | 49958 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:21.272725105 CET | 49958 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:21.275115967 CET | 49958 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:21.283982038 CET | 49952 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:21.284676075 CET | 49965 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:21.289160013 CET | 80 | 49952 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:21.289264917 CET | 49952 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:21.289501905 CET | 80 | 49965 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:21.289570093 CET | 49965 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:21.290628910 CET | 49965 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:21.295420885 CET | 80 | 49965 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:21.974267960 CET | 80 | 49965 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:21.976036072 CET | 49971 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:21.976072073 CET | 443 | 49971 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:21.976208925 CET | 49971 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:21.976670980 CET | 49971 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:21.976680040 CET | 443 | 49971 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:22.023519039 CET | 49965 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:22.600461006 CET | 443 | 49971 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:22.602535009 CET | 49971 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:22.602561951 CET | 443 | 49971 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:22.602921963 CET | 49971 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:22.602931023 CET | 443 | 49971 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:22.988543034 CET | 443 | 49971 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:22.988639116 CET | 443 | 49971 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:22.988832951 CET | 49971 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:22.989125013 CET | 49971 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:22.992547989 CET | 49965 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:22.993930101 CET | 49978 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:22.999783039 CET | 80 | 49965 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:23.000683069 CET | 80 | 49978 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:23.000744104 CET | 49965 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:23.000874043 CET | 49978 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:23.001033068 CET | 49978 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:23.005812883 CET | 80 | 49978 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:23.690236092 CET | 80 | 49978 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:23.691567898 CET | 49983 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:23.691610098 CET | 443 | 49983 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:23.691768885 CET | 49983 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:23.691956043 CET | 49983 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:23.691971064 CET | 443 | 49983 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:23.742393017 CET | 49978 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:24.333141088 CET | 443 | 49983 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:24.335350990 CET | 49983 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:24.335370064 CET | 443 | 49983 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:24.335587025 CET | 49983 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:24.335592985 CET | 443 | 49983 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:24.707673073 CET | 443 | 49983 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:24.707766056 CET | 443 | 49983 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:24.707842112 CET | 49983 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:24.708256960 CET | 49983 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:24.713783026 CET | 49978 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:24.714988947 CET | 49991 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:24.718877077 CET | 80 | 49978 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:24.718945980 CET | 49978 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:24.719775915 CET | 80 | 49991 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:24.719865084 CET | 49991 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:24.719990015 CET | 49991 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:24.724740028 CET | 80 | 49991 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:25.408899069 CET | 80 | 49991 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:25.410368919 CET | 49996 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:25.410409927 CET | 443 | 49996 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:25.411183119 CET | 49996 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:25.411545992 CET | 49996 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:25.411557913 CET | 443 | 49996 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:25.460953951 CET | 49991 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:26.016653061 CET | 443 | 49996 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:26.018695116 CET | 49996 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:26.018713951 CET | 443 | 49996 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:26.018759012 CET | 49996 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:26.018768072 CET | 443 | 49996 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:26.409950018 CET | 443 | 49996 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:26.410028934 CET | 443 | 49996 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:26.410136938 CET | 49996 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:26.410659075 CET | 49996 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:26.414319038 CET | 49991 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:26.415517092 CET | 49997 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:26.419265032 CET | 80 | 49991 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:26.420293093 CET | 80 | 49997 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:26.420357943 CET | 49991 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:26.420496941 CET | 49997 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:26.420572996 CET | 49997 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:26.425340891 CET | 80 | 49997 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:27.122813940 CET | 80 | 49997 | 132.226.247.73 | 192.168.2.8 |
| Jan 10, 2025 21:17:27.164094925 CET | 49997 | 80 | 192.168.2.8 | 132.226.247.73 |
| Jan 10, 2025 21:17:29.999021053 CET | 49998 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:29.999069929 CET | 443 | 49998 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:29.999135017 CET | 49998 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:29.999459028 CET | 49998 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:29.999475002 CET | 443 | 49998 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:30.623050928 CET | 443 | 49998 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:30.627098083 CET | 49998 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:30.627120972 CET | 443 | 49998 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:30.627274036 CET | 49998 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:17:30.627280951 CET | 443 | 49998 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:30.991274118 CET | 443 | 49998 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:30.991601944 CET | 443 | 49998 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:17:30.991650105 CET | 49998 | 443 | 192.168.2.8 | 149.154.167.220 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 10, 2025 21:16:55.757563114 CET | 57770 | 53 | 192.168.2.8 | 1.1.1.1 |
| Jan 10, 2025 21:16:55.764081955 CET | 53 | 57770 | 1.1.1.1 | 192.168.2.8 |
| Jan 10, 2025 21:16:56.840797901 CET | 57290 | 53 | 192.168.2.8 | 1.1.1.1 |
| Jan 10, 2025 21:16:56.848531008 CET | 53 | 57290 | 1.1.1.1 | 192.168.2.8 |
| Jan 10, 2025 21:17:00.844769955 CET | 56850 | 53 | 192.168.2.8 | 1.1.1.1 |
| Jan 10, 2025 21:17:00.852308989 CET | 53 | 56850 | 1.1.1.1 | 192.168.2.8 |
| Jan 10, 2025 21:17:03.220773935 CET | 54062 | 53 | 192.168.2.8 | 1.1.1.1 |
| Jan 10, 2025 21:17:03.228076935 CET | 53 | 54062 | 1.1.1.1 | 192.168.2.8 |
| Jan 10, 2025 21:17:09.871552944 CET | 52570 | 53 | 192.168.2.8 | 1.1.1.1 |
| Jan 10, 2025 21:17:09.878420115 CET | 53 | 52570 | 1.1.1.1 | 192.168.2.8 |
| Jan 10, 2025 21:17:11.026942015 CET | 64748 | 53 | 192.168.2.8 | 1.1.1.1 |
| Jan 10, 2025 21:17:11.033934116 CET | 53 | 64748 | 1.1.1.1 | 192.168.2.8 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Jan 10, 2025 21:16:55.757563114 CET | 192.168.2.8 | 1.1.1.1 | 0x5c3d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 21:16:56.840797901 CET | 192.168.2.8 | 1.1.1.1 | 0x41b9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 21:17:00.844769955 CET | 192.168.2.8 | 1.1.1.1 | 0x122e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 21:17:03.220773935 CET | 192.168.2.8 | 1.1.1.1 | 0x76d2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 21:17:09.871552944 CET | 192.168.2.8 | 1.1.1.1 | 0x422e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 21:17:11.026942015 CET | 192.168.2.8 | 1.1.1.1 | 0xeeae | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Jan 10, 2025 21:16:55.764081955 CET | 1.1.1.1 | 192.168.2.8 | 0x5c3d | No error (0) | 142.250.184.206 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:16:56.848531008 CET | 1.1.1.1 | 192.168.2.8 | 0x41b9 | No error (0) | 142.250.184.193 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:17:00.852308989 CET | 1.1.1.1 | 192.168.2.8 | 0x122e | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Jan 10, 2025 21:17:00.852308989 CET | 1.1.1.1 | 192.168.2.8 | 0x122e | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:17:00.852308989 CET | 1.1.1.1 | 192.168.2.8 | 0x122e | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:17:00.852308989 CET | 1.1.1.1 | 192.168.2.8 | 0x122e | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:17:00.852308989 CET | 1.1.1.1 | 192.168.2.8 | 0x122e | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:17:00.852308989 CET | 1.1.1.1 | 192.168.2.8 | 0x122e | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:17:03.228076935 CET | 1.1.1.1 | 192.168.2.8 | 0x76d2 | No error (0) | 104.21.48.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:17:03.228076935 CET | 1.1.1.1 | 192.168.2.8 | 0x76d2 | No error (0) | 104.21.96.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:17:03.228076935 CET | 1.1.1.1 | 192.168.2.8 | 0x76d2 | No error (0) | 104.21.80.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:17:03.228076935 CET | 1.1.1.1 | 192.168.2.8 | 0x76d2 | No error (0) | 104.21.112.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:17:03.228076935 CET | 1.1.1.1 | 192.168.2.8 | 0x76d2 | No error (0) | 104.21.32.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:17:03.228076935 CET | 1.1.1.1 | 192.168.2.8 | 0x76d2 | No error (0) | 104.21.16.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:17:03.228076935 CET | 1.1.1.1 | 192.168.2.8 | 0x76d2 | No error (0) | 104.21.64.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:17:09.878420115 CET | 1.1.1.1 | 192.168.2.8 | 0x422e | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:17:11.033934116 CET | 1.1.1.1 | 192.168.2.8 | 0xeeae | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Jan 10, 2025 21:17:11.033934116 CET | 1.1.1.1 | 192.168.2.8 | 0xeeae | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:17:11.033934116 CET | 1.1.1.1 | 192.168.2.8 | 0xeeae | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:17:11.033934116 CET | 1.1.1.1 | 192.168.2.8 | 0xeeae | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:17:11.033934116 CET | 1.1.1.1 | 192.168.2.8 | 0xeeae | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:17:11.033934116 CET | 1.1.1.1 | 192.168.2.8 | 0xeeae | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.8 | 49827 | 193.122.6.168 | 80 | 5060 | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:17:00.861711979 CET | 151 | OUT | |
| Jan 10, 2025 21:17:01.515934944 CET | 273 | IN | |
| Jan 10, 2025 21:17:01.530189991 CET | 127 | OUT | |
| Jan 10, 2025 21:17:01.733083010 CET | 273 | IN | |
| Jan 10, 2025 21:17:09.659775972 CET | 127 | OUT | |
| Jan 10, 2025 21:17:09.867818117 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.8 | 49888 | 132.226.247.73 | 80 | 5060 | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:17:11.039938927 CET | 127 | OUT | |
| Jan 10, 2025 21:17:11.735805988 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.8 | 49900 | 132.226.247.73 | 80 | 5060 | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:17:12.701349020 CET | 151 | OUT | |
| Jan 10, 2025 21:17:13.391932011 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.8 | 49912 | 132.226.247.73 | 80 | 5060 | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:17:14.344854116 CET | 151 | OUT | |
| Jan 10, 2025 21:17:15.017756939 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.8 | 49924 | 132.226.247.73 | 80 | 5060 | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:17:16.002155066 CET | 151 | OUT | |
| Jan 10, 2025 21:17:16.674288034 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.8 | 49940 | 132.226.247.73 | 80 | 5060 | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:17:17.910092115 CET | 151 | OUT | |
| Jan 10, 2025 21:17:18.588387012 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.8 | 49952 | 132.226.247.73 | 80 | 5060 | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:17:19.577498913 CET | 151 | OUT | |
| Jan 10, 2025 21:17:20.276863098 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.8 | 49965 | 132.226.247.73 | 80 | 5060 | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:17:21.290628910 CET | 151 | OUT | |
| Jan 10, 2025 21:17:21.974267960 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.8 | 49978 | 132.226.247.73 | 80 | 5060 | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:17:23.001033068 CET | 151 | OUT | |
| Jan 10, 2025 21:17:23.690236092 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.8 | 49991 | 132.226.247.73 | 80 | 5060 | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:17:24.719990015 CET | 151 | OUT | |
| Jan 10, 2025 21:17:25.408899069 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.8 | 49997 | 132.226.247.73 | 80 | 5060 | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:17:26.420572996 CET | 151 | OUT | |
| Jan 10, 2025 21:17:27.122813940 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.8 | 49795 | 142.250.184.206 | 443 | 5060 | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:16:56 UTC | 216 | OUT | |
| 2025-01-10 20:16:56 UTC | 1920 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.8 | 49801 | 142.250.184.193 | 443 | 5060 | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:16:57 UTC | 258 | OUT | |
| 2025-01-10 20:17:00 UTC | 4950 | IN | |
| 2025-01-10 20:17:00 UTC | 4950 | IN | |
| 2025-01-10 20:17:00 UTC | 4799 | IN | |
| 2025-01-10 20:17:00 UTC | 1322 | IN | |
| 2025-01-10 20:17:00 UTC | 1390 | IN | |
| 2025-01-10 20:17:00 UTC | 1390 | IN | |
| 2025-01-10 20:17:00 UTC | 1390 | IN | |
| 2025-01-10 20:17:00 UTC | 1390 | IN | |
| 2025-01-10 20:17:00 UTC | 1390 | IN | |
| 2025-01-10 20:17:00 UTC | 1390 | IN | |
| 2025-01-10 20:17:00 UTC | 1390 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.8 | 49843 | 104.21.48.1 | 443 | 5060 | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:17:03 UTC | 85 | OUT | |
| 2025-01-10 20:17:03 UTC | 861 | IN | |
| 2025-01-10 20:17:03 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.8 | 49877 | 149.154.167.220 | 443 | 5060 | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:17:10 UTC | 296 | OUT | |
| 2025-01-10 20:17:10 UTC | 1090 | OUT | |
| 2025-01-10 20:17:10 UTC | 388 | IN | |
| 2025-01-10 20:17:10 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.8 | 49893 | 149.154.167.220 | 443 | 5060 | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:17:12 UTC | 296 | OUT | |
| 2025-01-10 20:17:12 UTC | 1090 | OUT | |
| 2025-01-10 20:17:12 UTC | 388 | IN | |
| 2025-01-10 20:17:12 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.8 | 49906 | 149.154.167.220 | 443 | 5060 | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:17:13 UTC | 272 | OUT | |
| 2025-01-10 20:17:13 UTC | 1090 | OUT | |
| 2025-01-10 20:17:14 UTC | 388 | IN | |
| 2025-01-10 20:17:14 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.8 | 49918 | 149.154.167.220 | 443 | 5060 | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:17:15 UTC | 272 | OUT | |
| 2025-01-10 20:17:15 UTC | 1090 | OUT | |
| 2025-01-10 20:17:15 UTC | 388 | IN | |
| 2025-01-10 20:17:15 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.8 | 49930 | 149.154.167.220 | 443 | 5060 | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:17:17 UTC | 272 | OUT | |
| 2025-01-10 20:17:17 UTC | 1090 | OUT | |
| 2025-01-10 20:17:17 UTC | 388 | IN | |
| 2025-01-10 20:17:17 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.8 | 49946 | 149.154.167.220 | 443 | 5060 | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:17:19 UTC | 272 | OUT | |
| 2025-01-10 20:17:19 UTC | 1090 | OUT | |
| 2025-01-10 20:17:19 UTC | 388 | IN | |
| 2025-01-10 20:17:19 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.8 | 49958 | 149.154.167.220 | 443 | 5060 | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:17:20 UTC | 272 | OUT | |
| 2025-01-10 20:17:20 UTC | 1090 | OUT | |
| 2025-01-10 20:17:21 UTC | 388 | IN | |
| 2025-01-10 20:17:21 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.8 | 49971 | 149.154.167.220 | 443 | 5060 | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:17:22 UTC | 272 | OUT | |
| 2025-01-10 20:17:22 UTC | 1090 | OUT | |
| 2025-01-10 20:17:22 UTC | 388 | IN | |
| 2025-01-10 20:17:22 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.8 | 49983 | 149.154.167.220 | 443 | 5060 | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:17:24 UTC | 272 | OUT | |
| 2025-01-10 20:17:24 UTC | 1090 | OUT | |
| 2025-01-10 20:17:24 UTC | 388 | IN | |
| 2025-01-10 20:17:24 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.8 | 49996 | 149.154.167.220 | 443 | 5060 | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:17:26 UTC | 272 | OUT | |
| 2025-01-10 20:17:26 UTC | 1090 | OUT | |
| 2025-01-10 20:17:26 UTC | 388 | IN | |
| 2025-01-10 20:17:26 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 13 | 192.168.2.8 | 49998 | 149.154.167.220 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:17:30 UTC | 272 | OUT | |
| 2025-01-10 20:17:30 UTC | 1090 | OUT | |
| 2025-01-10 20:17:30 UTC | 388 | IN | |
| 2025-01-10 20:17:30 UTC | 543 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 15:15:19 |
| Start date: | 10/01/2025 |
| Path: | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 1'026'527 bytes |
| MD5 hash: | C9775580271050109B3431A54F1880F0 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 5 |
| Start time: | 15:16:37 |
| Start date: | 10/01/2025 |
| Path: | C:\Users\user\Desktop\ajRZflJ2ch.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 1'026'527 bytes |
| MD5 hash: | C9775580271050109B3431A54F1880F0 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 19.9% |
| Dynamic/Decrypted Code Coverage: | 13.4% |
| Signature Coverage: | 20% |
| Total number of Nodes: | 1599 |
| Total number of Limit Nodes: | 39 |
Graph
Function 004034A5 Relevance: 80.9, APIs: 32, Strings: 14, Instructions: 410stringfilecomCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404DCC Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405AFA Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406AF2 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401E49 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403E86 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403AD8 Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402F30 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 203memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040640A Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 209stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406752 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004023E4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040591F Relevance: 6.0, APIs: 4, Instructions: 39COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004053C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004062B6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406F27 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407128 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406E3E Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406943 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406D91 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406EAF Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406DFB Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004032DE Relevance: 4.6, APIs: 3, Instructions: 101COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402032 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401B77 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004031D6 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004015C1 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405EDE Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040599C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 70132AAC Relevance: 1.6, APIs: 1, Instructions: 143COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040167B Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004027EF Relevance: 1.5, APIs: 1, Instructions: 28COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F61 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F90 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 70132993 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040345D Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404394 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 7013121B Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040558F Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404850 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 70131B5F Relevance: 20.1, APIs: 13, Instructions: 576stringlibrarymemoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402104 Relevance: 1.6, APIs: 1, Instructions: 129comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402868 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040451E Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406034 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004043C6 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404D1A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402DF3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 70132569 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404C0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402598 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 701318D9 Relevance: 7.7, APIs: 5, Instructions: 194COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 70132394 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401DB9 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 7013161D Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405CBD Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405DC5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004059D1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 701310E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405E43 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 12.1% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 1.7% |
| Total number of Nodes: | 358 |
| Total number of Limit Nodes: | 17 |
Graph
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A8A360 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A89D10 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A8A9B0 Relevance: 1.5, Strings: 1, Instructions: 218COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A896C8 Relevance: 1.5, Strings: 1, Instructions: 218COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A8A9A0 Relevance: 1.4, Strings: 1, Instructions: 166COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A896B8 Relevance: 1.4, Strings: 1, Instructions: 164COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D8DA0 Relevance: 1.1, Instructions: 1137COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39EBE7C8 Relevance: .8, Instructions: 764COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A8BDF0 Relevance: .8, Instructions: 758COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A88650 Relevance: .7, Instructions: 709COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D5F90 Relevance: .5, Instructions: 466COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AFC638 Relevance: .3, Instructions: 303COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AF03AF Relevance: .3, Instructions: 275COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AF0C1B Relevance: .2, Instructions: 224COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AF0C28 Relevance: .2, Instructions: 220COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AF0F6F Relevance: .2, Instructions: 202COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D4328 Relevance: .2, Instructions: 193COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A8BA88 Relevance: .2, Instructions: 191COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A8BA97 Relevance: .2, Instructions: 191COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A88640 Relevance: .2, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39EBF316 Relevance: .2, Instructions: 154COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A89D00 Relevance: .1, Instructions: 109COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A8A351 Relevance: .1, Instructions: 108COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39EB0970 Relevance: 6.1, APIs: 4, Instructions: 134threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39EB0980 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A87920 Relevance: 3.9, Strings: 3, Instructions: 147COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A8FAB0 Relevance: 2.7, Strings: 2, Instructions: 189COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A87913 Relevance: 2.6, Strings: 2, Instructions: 77COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39EB0104 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39EB0110 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39EB1DC0 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39EB0BC0 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39EB0BC8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39EBD3E8 Relevance: 1.6, APIs: 1, Instructions: 51comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39EB2018 Relevance: 1.5, APIs: 1, Instructions: 48timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39EBC560 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39EBE700 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39EBC60C Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39EB2020 Relevance: 1.5, APIs: 1, Instructions: 44timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A8D548 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A8CF30 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A8CF68 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A8FAA1 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A8F090 Relevance: 1.3, Strings: 1, Instructions: 52COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A8E7F4 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A895E8 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D7458 Relevance: .7, Instructions: 703COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D19B8 Relevance: .7, Instructions: 684COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D66B8 Relevance: .5, Instructions: 456COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D4F00 Relevance: .3, Instructions: 329COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A8C175 Relevance: .3, Instructions: 322COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A8C173 Relevance: .3, Instructions: 319COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D89D0 Relevance: .2, Instructions: 241COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D5460 Relevance: .2, Instructions: 228COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D0B29 Relevance: .2, Instructions: 203COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D6C98 Relevance: .2, Instructions: 201COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D0B30 Relevance: .2, Instructions: 200COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DAF90 Relevance: .2, Instructions: 197COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D8D90 Relevance: .2, Instructions: 189COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A8CC28 Relevance: .1, Instructions: 145COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D3168 Relevance: .1, Instructions: 134COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D92C3 Relevance: .1, Instructions: 125COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D9EB0 Relevance: .1, Instructions: 120COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D8BF0 Relevance: .1, Instructions: 105COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D4620 Relevance: .1, Instructions: 101COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D6F30 Relevance: .1, Instructions: 90COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D6F40 Relevance: .1, Instructions: 87COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D18C8 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DFFB0 Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D52C8 Relevance: .1, Instructions: 74COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD030 Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D0EC8 Relevance: .1, Instructions: 70COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D4612 Relevance: .1, Instructions: 68COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D324D Relevance: .1, Instructions: 68COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DB2C2 Relevance: .1, Instructions: 66COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D8729 Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D52BA Relevance: .1, Instructions: 64COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DFE60 Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D17B8 Relevance: .1, Instructions: 60COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A8B9B8 Relevance: .1, Instructions: 59COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A8B9C8 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A8B9C7 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD02B Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D4E5F Relevance: .1, Instructions: 52COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DB2F0 Relevance: .0, Instructions: 49COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A8CE50 Relevance: .0, Instructions: 47COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D8D19 Relevance: .0, Instructions: 44COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A8EC19 Relevance: .0, Instructions: 42COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DFC40 Relevance: .0, Instructions: 41COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A8CE60 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A8D4C8 Relevance: .0, Instructions: 38COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A89608 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DB158 Relevance: .0, Instructions: 32COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DFE18 Relevance: .0, Instructions: 27COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A8BD98 Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D1877 Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DFE20 Relevance: .0, Instructions: 23COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D1888 Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D7EC0 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D56FF Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DFF28 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D9F6D Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A8D095 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A895D8 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DFF30 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A8BD48 Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A894B4 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D5710 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004034A5 Relevance: 75.7, APIs: 32, Strings: 11, Instructions: 410stringfilecomCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404DCC Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405AFA Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 148filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406AF2 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A87B4F Relevance: 1.8, Strings: 1, Instructions: 600COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AFB07F Relevance: .3, Instructions: 274COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AFB930 Relevance: .3, Instructions: 274COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AFDEE1 Relevance: .3, Instructions: 273COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AFE790 Relevance: .3, Instructions: 272COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AFDA89 Relevance: .3, Instructions: 272COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A829B8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A82108 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A84820 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A87070 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A81858 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A843C8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A83B18 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A86368 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A85AB8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A85208 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A83268 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A84DB0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A82560 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A81CB0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A874C8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A81400 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A86C18 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A80FA8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A867C0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A85F10 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A83F70 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A836C0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A82E10 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A85660 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AFE339 Relevance: .3, Instructions: 267COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AFC1F2 Relevance: .3, Instructions: 267COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AFB4EC Relevance: .3, Instructions: 265COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AFBD9C Relevance: .3, Instructions: 265COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AFEBF4 Relevance: .3, Instructions: 265COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AFF054 Relevance: .3, Instructions: 265COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39EBF5D8 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040558F Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403E86 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403AD8 Relevance: 38.7, APIs: 13, Strings: 9, Instructions: 215stringregistryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040451E Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 204windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404850 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406034 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402F30 Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 203memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040640A Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 209stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004043C6 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404D1A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406752 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402DF3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404C0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401DB9 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040591F Relevance: 6.0, APIs: 4, Instructions: 39COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405DC5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004053C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004059D1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406F27 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407128 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406E3E Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406943 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406D91 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406EAF Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406DFB Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405E43 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|