Edit tour
Windows
Analysis Report
4UQ5wnI389.exe
Overview
General Information
| Sample name: | 4UQ5wnI389.exerenamed because original name is a hash value |
| Original sample name: | 280344d8a94a23a0e351b1c1553ed3f1ae6db9c06c75ecda292211f5562de552.exe |
| Analysis ID: | 1588102 |
| MD5: | f28c3285968229b7e0c723633fb5c161 |
| SHA1: | 8be784dccfd84953c94642021a261a4459c68df8 |
| SHA256: | 280344d8a94a23a0e351b1c1553ed3f1ae6db9c06c75ecda292211f5562de552 |
| Tags: | exeGuLoaderuser-adrian__luca |
| Infos: |  |
 | |
Detection
GuLoader, MassLogger RAT
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected MassLogger RAT
Yara detected Telegram RAT
AI detected suspicious sample
Disable Task Manager(disabletaskmgr)
Disables CMD prompt
Disables the Windows task manager (taskmgr)
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Classification
- System is w10x64
4UQ5wnI389.exe (PID: 6064 cmdline:
"C:\Users\ user\Deskt op\4UQ5wnI 389.exe" MD5: F28C3285968229B7E0C723633FB5C161) "C:\Users\ user\Deskt op\4UQ5wnI 389.exe" MD5: F28C3285968229B7E0C723633FB5C161)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
{"C2 url": "https://api.telegram.org/bot7782841068:AAEc-nCmeaG2WG8noQ4QtMz2nBxG0zDBxvA/sendMessage"}{"EXfil Mode": "Telegram", "Telegram Token": "7782841068:AAEc-nCmeaG2WG8noQ4QtMz2nBxG0zDBxvA", "Telegram Chatid": "1934716051"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | ||
| Click to see the 2 entries | ||||
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T21:25:36.607170+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49724 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:38.885501+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49751 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:42.267307+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49778 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:43.686228+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49785 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:46.161082+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49802 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:48.476323+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49814 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:49.899223+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49826 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:51.442796+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49838 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:54.951438+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49862 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:26:02.454225+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49913 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:26:06.180000+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49939 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:26:12.402659+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49981 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:26:13.818735+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49992 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:26:16.222254+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 50006 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:26:17.759166+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 50008 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:26:26.089180+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 50011 | 149.154.167.220 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T21:25:26.788911+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.8 | 49711 | 158.101.44.242 | 80 | TCP |
| 2025-01-10T21:25:33.617012+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.8 | 49711 | 158.101.44.242 | 80 | TCP |
| 2025-01-10T21:25:38.007777+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.8 | 49745 | 158.101.44.242 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T21:25:12.948033+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.8 | 49708 | 142.250.186.78 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T21:25:34.243472+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49724 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:38.597069+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49751 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:42.066599+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49778 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:43.511266+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49785 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:45.909104+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49802 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:47.365103+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49814 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:49.719264+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49826 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:51.193548+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49838 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:54.693478+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49862 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:26:02.276649+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49913 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:26:05.931191+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49939 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:26:12.110863+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49981 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:26:13.640645+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49992 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:26:16.047903+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 50006 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:26:17.585743+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 50008 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:26:25.835431+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 50011 | 149.154.167.220 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Integrated Neural Analysis Model: | ||
Location Tracking | |
|---|
| Source: | DNS query: | ||
| Source: | Code function: | 5_2_37A6D1EC | |
| Source: | Code function: | 5_2_37A6D9D9 | |
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_0040672B | |
| Source: | Code function: | 0_2_00405AFA | |
| Source: | Code function: | 0_2_00402868 | |
| Source: | Code function: | 5_2_00402868 | |
| Source: | Code function: | 5_2_0040672B | |
| Source: | Code function: | 5_2_00405AFA | |
| Source: | Code function: | 5_2_37A6C638 | |
| Source: | Code function: | 5_2_37A60C28 | |
| Source: | Code function: | 5_2_37A603AF | |
| Source: | Code function: | 5_2_37A6E790 | |
| Source: | Code function: | 5_2_37A60F6F | |
| Source: | Code function: | 5_2_37A6DEE1 | |
| Source: | Code function: | 5_2_37A6BD88 | |
| Source: | Code function: | 5_2_37A6B4EC | |
| Source: | Code function: | 5_2_37A60C1B | |
| Source: | Code function: | 5_2_37A6EBF7 | |
| Source: | Code function: | 5_2_37A6E339 | |
| Source: | Code function: | 5_2_37A6DA89 | |
| Source: | Code function: | 5_2_37A6C1F2 | |
| Source: | Code function: | 5_2_37A6B944 | |
| Source: | Code function: | 5_2_37A6B07F | |
| Source: | Code function: | 5_2_37A6F042 | |
| Source: | Code function: | 5_2_37B18650 | |
| Source: | Code function: | 5_2_37B18650 | |
| Source: | Code function: | 5_2_37B1BDF0 | |
| Source: | Code function: | 5_2_37B11400 | |
| Source: | Code function: | 5_2_37B10FA8 | |
| Source: | Code function: | 5_2_37B167C0 | |
| Source: | Code function: | 5_2_37B15F10 | |
| Source: | Code function: | 5_2_37B13F70 | |
| Source: | Code function: | 5_2_37B136C0 | |
| Source: | Code function: | 5_2_37B12E10 | |
| Source: | Code function: | 5_2_37B15660 | |
| Source: | Code function: | 5_2_37B14DB0 | |
| Source: | Code function: | 5_2_37B12560 | |
| Source: | Code function: | 5_2_37B11CB0 | |
| Source: | Code function: | 5_2_37B174C8 | |
| Source: | Code function: | 5_2_37B16C18 | |
| Source: | Code function: | 5_2_37B143C8 | |
| Source: | Code function: | 5_2_37B13B18 | |
| Source: | Code function: | 5_2_37B16368 | |
| Source: | Code function: | 5_2_37B17B4F | |
| Source: | Code function: | 5_2_37B15AB8 | |
| Source: | Code function: | 5_2_37B15208 | |
| Source: | Code function: | 5_2_37B13268 | |
| Source: | Code function: | 5_2_37B129B8 | |
| Source: | Code function: | 5_2_37B12108 | |
| Source: | Code function: | 5_2_37B14820 | |
| Source: | Code function: | 5_2_37B17070 | |
| Source: | Code function: | 5_2_37B11858 | |
| Source: | Code function: | 5_2_3818E8A8 | |
| Source: | Code function: | 5_2_3818F3F6 | |
| Source: | Code function: | 5_2_3818F6B8 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_0040558F | |
| Source: | Code function: | 0_2_004034A5 | |
| Source: | Code function: | 5_2_004034A5 | |
| Source: | Code function: | 0_2_00404DCC | |
| Source: | Code function: | 0_2_00406AF2 | |
| Source: | Code function: | 0_2_70141B5F | |
| Source: | Code function: | 5_2_00404DCC | |
| Source: | Code function: | 5_2_00406AF2 | |
| Source: | Code function: | 5_2_00154328 | |
| Source: | Code function: | 5_2_00158DA0 | |
| Source: | Code function: | 5_2_00155968 | |
| Source: | Code function: | 5_2_00155F90 | |
| Source: | Code function: | 5_2_00152DD1 | |
| Source: | Code function: | 5_2_37A67628 | |
| Source: | Code function: | 5_2_37A6C638 | |
| Source: | Code function: | 5_2_37A6CCA0 | |
| Source: | Code function: | 5_2_37A603AF | |
| Source: | Code function: | 5_2_37A6331A | |
| Source: | Code function: | 5_2_37A6581B | |
| Source: | Code function: | 5_2_37A6E790 | |
| Source: | Code function: | 5_2_37A6DEE1 | |
| Source: | Code function: | 5_2_37A6BD88 | |
| Source: | Code function: | 5_2_37A6CC91 | |
| Source: | Code function: | 5_2_37A6B4EC | |
| Source: | Code function: | 5_2_37A6EBF7 | |
| Source: | Code function: | 5_2_37A6E339 | |
| Source: | Code function: | 5_2_37A6DA89 | |
| Source: | Code function: | 5_2_37A6C1F2 | |
| Source: | Code function: | 5_2_37A6B944 | |
| Source: | Code function: | 5_2_37A6B07F | |
| Source: | Code function: | 5_2_37A6F042 | |
| Source: | Code function: | 5_2_37A67848 | |
| Source: | Code function: | 5_2_37B196C8 | |
| Source: | Code function: | 5_2_37B18650 | |
| Source: | Code function: | 5_2_37B1BDF0 | |
| Source: | Code function: | 5_2_37B19D10 | |
| Source: | Code function: | 5_2_37B11400 | |
| Source: | Code function: | 5_2_37B1A360 | |
| Source: | Code function: | 5_2_37B1BA97 | |
| Source: | Code function: | 5_2_37B1A9B0 | |
| Source: | Code function: | 5_2_37B167B0 | |
| Source: | Code function: | 5_2_37B10FA8 | |
| Source: | Code function: | 5_2_37B1AFF7 | |
| Source: | Code function: | 5_2_37B1AFF8 | |
| Source: | Code function: | 5_2_37B167C0 | |
| Source: | Code function: | 5_2_37B15F10 | |
| Source: | Code function: | 5_2_37B15F01 | |
| Source: | Code function: | 5_2_37B13F70 | |
| Source: | Code function: | 5_2_37B13F60 | |
| Source: | Code function: | 5_2_37B136B0 | |
| Source: | Code function: | 5_2_37B196B8 | |
| Source: | Code function: | 5_2_37B136C0 | |
| Source: | Code function: | 5_2_37B12E10 | |
| Source: | Code function: | 5_2_37B15660 | |
| Source: | Code function: | 5_2_37B15650 | |
| Source: | Code function: | 5_2_37B18640 | |
| Source: | Code function: | 5_2_37B14DB0 | |
| Source: | Code function: | 5_2_37B14DA0 | |
| Source: | Code function: | 5_2_37B19D00 | |
| Source: | Code function: | 5_2_37B12560 | |
| Source: | Code function: | 5_2_37B12550 | |
| Source: | Code function: | 5_2_37B11CB0 | |
| Source: | Code function: | 5_2_37B174B8 | |
| Source: | Code function: | 5_2_37B11CA0 | |
| Source: | Code function: | 5_2_37B174C8 | |
| Source: | Code function: | 5_2_37B16C18 | |
| Source: | Code function: | 5_2_37B16C09 | |
| Source: | Code function: | 5_2_37B143B9 | |
| Source: | Code function: | 5_2_37B113F0 | |
| Source: | Code function: | 5_2_37B143C8 | |
| Source: | Code function: | 5_2_37B13B18 | |
| Source: | Code function: | 5_2_37B13B08 | |
| Source: | Code function: | 5_2_37B16368 | |
| Source: | Code function: | 5_2_37B1A351 | |
| Source: | Code function: | 5_2_37B16358 | |
| Source: | Code function: | 5_2_37B17B4F | |
| Source: | Code function: | 5_2_37B15AB8 | |
| Source: | Code function: | 5_2_37B15AA8 | |
| Source: | Code function: | 5_2_37B15207 | |
| Source: | Code function: | 5_2_37B15208 | |
| Source: | Code function: | 5_2_37B13268 | |
| Source: | Code function: | 5_2_37B129B8 | |
| Source: | Code function: | 5_2_37B1A9A0 | |
| Source: | Code function: | 5_2_37B129A8 | |
| Source: | Code function: | 5_2_37B1F138 | |
| Source: | Code function: | 5_2_37B1F129 | |
| Source: | Code function: | 5_2_37B12108 | |
| Source: | Code function: | 5_2_37B14820 | |
| Source: | Code function: | 5_2_37B14810 | |
| Source: | Code function: | 5_2_37B17070 | |
| Source: | Code function: | 5_2_37B17061 | |
| Source: | Code function: | 5_2_37B11858 | |
| Source: | Code function: | 5_2_37B10040 | |
| Source: | Code function: | 5_2_3818E8A8 | |
| Source: | Code function: | 5_2_3818D6E8 | |
| Source: | Code function: | 5_2_381875E8 | |
| Source: | Code function: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_004034A5 | |
| Source: | Code function: | 5_2_004034A5 | |
| Source: | Code function: | 0_2_00404850 | |
| Source: | Code function: | 0_2_00402104 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | Code function: | 0_2_70141B5F | |
| Source: | Code function: | 5_3_001949CD | |
| Source: | Code function: | 5_2_0015ACAA | |
| Source: | File created: | Jump to dropped file | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | API coverage: | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 0_2_0040672B | |
| Source: | Code function: | 0_2_00405AFA | |
| Source: | Code function: | 0_2_00402868 | |
| Source: | Code function: | 5_2_00402868 | |
| Source: | Code function: | 5_2_0040672B | |
| Source: | Code function: | 5_2_00405AFA | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-4589 | ||
| Source: | API call chain: | graph_0-4746 | ||
| Source: | Code function: | 0_2_70141B5F | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_004034A5 | |
| Source: | Key value queried: | Jump to behavior | ||
Lowering of HIPS / PFW / Operating System Security Settings | |
|---|
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry key created or modified: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Access Token Manipulation | 1 Masquerading | 1 OS Credential Dumping | 21 Security Software Discovery | Remote Services | 1 Email Collection | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 11 Process Injection | 31 Disable or Modify Tools | LSASS Memory | 31 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 31 Virtualization/Sandbox Evasion | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | 1 Data from Local System | 1 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Access Token Manipulation | NTDS | 1 System Network Configuration Discovery | Distributed Component Object Model | 1 Clipboard Data | 3 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Process Injection | LSA Secrets | 2 File and Directory Discovery | SSH | Keylogging | 14 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Deobfuscate/Decode Files or Information | Cached Domain Credentials | 215 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 3 Obfuscated Files or Information | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 75% | Virustotal | Browse | ||
| 58% | ReversingLabs | Win32.Trojan.GuLoader | ||
| 100% | Avira | HEUR/AGEN.1337946 |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| drive.google.com | 142.250.186.78 | true | false | high | |
| drive.usercontent.google.com | 216.58.206.33 | true | false | high | |
| reallyfreegeoip.org | 104.21.112.1 | true | false | high | |
| api.telegram.org | 149.154.167.220 | true | false | high | |
| checkip.dyndns.com | 158.101.44.242 | true | false | high | |
| checkip.dyndns.org | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 142.250.186.78 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
| 149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
| 104.21.112.1 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false | |
| 216.58.206.33 | drive.usercontent.google.com | United States | 15169 | GOOGLEUS | false | |
| 158.101.44.242 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1588102 |
| Start date and time: | 2025-01-10 21:23:10 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 7m 43s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 8 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | 4UQ5wnI389.exerenamed because original name is a hash value |
| Original Sample Name: | 280344d8a94a23a0e351b1c1553ed3f1ae6db9c06c75ecda292211f5562de552.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/8@5/5 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 20.109.210.53, 13.107.246.60
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 15:25:32 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 149.154.167.220 | Get hash | malicious | GuLoader, MassLogger RAT | Browse | ||
| Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | |||
| 104.21.112.1 | Get hash | malicious | FormBook | Browse |
| |
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
| Get hash | malicious | CMSBrute | Browse |
| ||
| 158.101.44.242 | Get hash | malicious | MassLogger RAT | Browse |
| |
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | DBatLoader, MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| checkip.dyndns.com | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| reallyfreegeoip.org | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| api.telegram.org | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| TELEGRAMRU | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| ORACLE-BMC-31898US | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | HTMLPhisher | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Strela Downloader | Browse |
| ||
| Get hash | malicious | KnowBe4 | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | LummaC, CAPTCHA Scam ClickFix, LummaC Stealer | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC, CAPTCHA Scam ClickFix, LummaC Stealer | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | LummaC, CAPTCHA Scam ClickFix, LummaC Stealer | Browse |
| ||
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nsw4EC8.tmp\System.dll | Get hash | malicious | GuLoader, MassLogger RAT | Browse | ||
| Get hash | malicious | Remcos | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Remcos, GuLoader | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | LummaC Stealer | Browse | |||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| Process: | C:\Users\user\Desktop\4UQ5wnI389.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 484658 |
| Entropy (8bit): | 7.809711763657168 |
| Encrypted: | false |
| SSDEEP: | 12288:W1S3xo63wl4biprI2S4WwWEcwxg9dvVAxZOCLF0DB:Wo3xX3y4bz2lWwWo6rSTZyd |
| MD5: | 5C727AE28F0DECF497FBB092BAE01B4E |
| SHA1: | AADE364AE8C2C91C6F59F85711B53078FB0763B7 |
| SHA-256: | 77CCACF58330509839E17A6CFD6B17FE3DE31577D8E2C37DC413839BA2FEEC80 |
| SHA-512: | 5246C0FBA41DF66AF89D986A3CEABC99B61DB9E9C217B28B2EC18AF31E3ED17C865387223CEB3A38A804243CF3307E07E557549026F49F52829BEBC4D4546C40 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\4UQ5wnI389.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 263905 |
| Entropy (8bit): | 7.804338822214614 |
| Encrypted: | false |
| SSDEEP: | 6144:+1dPzivkruZ4jppvyBohPP2eZHuy+5H0OMyfRmsnoBAXe3VnYyHeCYo6P/+:LA3+B0OFO+O3yCYo6e |
| MD5: | 2B84547146C33EACE918454BBB321D1E |
| SHA1: | F3E386DD5507B4D4217430616C67C6C7210C45D8 |
| SHA-256: | D2CBB5A4E949819D3D6F1959AAFE1690993CFD926EE2E57C0E632D9BBE0039C3 |
| SHA-512: | 3BAEA26BF26A41A20F822A28A0FD6F784499EFD6FEDE45C426046C8C43CF8C5603351DF866F3AFA0798F1DF998229C88FA342637421D40E217BB15A8DD72265D |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\4UQ5wnI389.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 112291 |
| Entropy (8bit): | 1.249420131631438 |
| Encrypted: | false |
| SSDEEP: | 768:5R+BCpkJWjYWL2MxTVLvUjpGqik9JiAfWA2DBQwD1PzUH+HYZmIo7x31sT:WCZY21w0I2NZYD |
| MD5: | 4D1D72CFC5940B09DFBD7B65916F532E |
| SHA1: | 30A45798B534842002B103A36A3B907063F8A96C |
| SHA-256: | 479F1904096978F1011DF05D52021FAEEE028D4CF331024C965CED8AF1C8D496 |
| SHA-512: | 048844A09E291903450188715BCDDF14F0F1F10BEAFBD005882EBF5D5E31A71D8F93EEBE788BD54B4AED2266C454F4DCA18AF4567977B7E773BBE29A38DEA45B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\4UQ5wnI389.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 362089 |
| Entropy (8bit): | 1.23992084267325 |
| Encrypted: | false |
| SSDEEP: | 768:xOeaameETrlE0+1mGOWb3h5WAV0hW+JSLSwzj2HlSdL0f6mhKZRaqOzWz6szt3cA:x+ds5dYOVxIW3hhdeRt6MeZ1W4vB |
| MD5: | A4340182CDDD2EC1F1480360218343F9 |
| SHA1: | 50EF929FEA713AA6FCC05E8B75F497B7946B285B |
| SHA-256: | B91E5B1FF5756F0B93DCF11CBC8B467CDA0C5792DE24D27EC86E7C74388B44B3 |
| SHA-512: | 021F198AFF7CCED92912C74FC97D1919A9E059F22E99AB1236FBAA36C16B520C07B78F47FC01FCFAC1B53A87CDAE3E440D0589FA2844612617FAB2EDB64A3573 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\4UQ5wnI389.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 78506 |
| Entropy (8bit): | 4.627866955287932 |
| Encrypted: | false |
| SSDEEP: | 1536:Jo2l2OoxXvyZR1CFGSp769MkepEHgYM23zF5Z:J7M/y/1K7x69cYF3zFH |
| MD5: | 9414AC12239022414DCE454B2F9DA8A1 |
| SHA1: | D2741280D6FCF98342864F050A70DB911A3258A3 |
| SHA-256: | 4A977072857D8FCFDBE8ABFF9BE46A3809544B21848EF7106DACDB1624F7D23C |
| SHA-512: | 6A7A88491782D8AA12FBE6D70267AE06727A956DB4EEC457A8394083E42938B670862A8C985D4C848AD2C9A57AA8994C8D6C1ADAC935315CCD8FE01E85C679E5 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\4UQ5wnI389.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 139354 |
| Entropy (8bit): | 1.2473328695625903 |
| Encrypted: | false |
| SSDEEP: | 768:9OsMSh8lSnJGyUzWZsO2ipzPFmDZC9kpzroto48tf2+5lVp:9delFlqNawgJp |
| MD5: | B0FB6B583D6902DE58E1202D12BA4832 |
| SHA1: | 7F585B5C3A4581CE76E373C78A6513F157B20480 |
| SHA-256: | E6EA5F6D0C7F5FA407269C7F4FF6D97149B7611071BF5BF6C454B810501AE661 |
| SHA-512: | E0894FFBD76C3476DC083DAFD24F88964BF6E09E4CA955766B43FE73A764A00247C930E9996652A22B57B27826CD94F88B8178514060CA398DE568675F9E4571 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\4UQ5wnI389.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1466952 |
| Entropy (8bit): | 5.449193204118006 |
| Encrypted: | false |
| SSDEEP: | 24576:sEo0OFO+IAoUo3xX3y4bz2lWwWo6rSTZyzq1o:L+IAoUoBXbz2luo6rS1yOa |
| MD5: | 9A9CCC3CCCE3305D7BF0D4EA385269AD |
| SHA1: | 40414B284951F2AE6FC28DE7685BC4EDEA5B8AA1 |
| SHA-256: | 486666369323B4030572089BABA690081877958623BE60CC383FE35A32BDFF9B |
| SHA-512: | 5ABB2C3A5DE3E95B3C7E8A311B56429C6B34904AF052539EB3FD1CC3D3A51EE2A1298106E5BDF6B76A31C69AE92C2A4A66B673821684D8D7731D87713C0593C8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\4UQ5wnI389.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 5.719859767584478 |
| Encrypted: | false |
| SSDEEP: | 192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6 |
| MD5: | 0D7AD4F45DC6F5AA87F606D0331C6901 |
| SHA1: | 48DF0911F0484CBE2A8CDD5362140B63C41EE457 |
| SHA-256: | 3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA |
| SHA-512: | C07DE7308CB54205E8BD703001A7FE4FD7796C9AC1B4BB330C77C872BF712B093645F40B80CE7127531FE6746A5B66E18EA073AB6A644934ABED9BB64126FEA9 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
| File type: | |
| Entropy (8bit): | 7.958826864523069 |
| TrID: |
|
| File name: | 4UQ5wnI389.exe |
| File size: | 1'007'544 bytes |
| MD5: | f28c3285968229b7e0c723633fb5c161 |
| SHA1: | 8be784dccfd84953c94642021a261a4459c68df8 |
| SHA256: | 280344d8a94a23a0e351b1c1553ed3f1ae6db9c06c75ecda292211f5562de552 |
| SHA512: | 3d4fef27b561a06e008d62f66f0b7981395e86a7a2b138110e9e08e7790bc98f038c13a606c0d12d72966fce37effc735ea12a292db959529dd9aaafadf8001c |
| SSDEEP: | 24576:9jwKCNPkrUC1yYQemy1+GOj3iQhDzKZukJETb9HLIpk:V1CFkzm/jyrzendJ |
| TLSH: | C025330AA096DE47D1D68BF0A60798EF7D756D0308A0D65737600E2E3E39AFB8D197D0 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...$..\.................f...*..... |
 | |
| Icon Hash: | 46224e4c19391d03 |
| Entrypoint: | 0x4034a5 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x5C157F24 [Sat Dec 15 22:24:36 2018 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 1f23f452093b5c1ff091a2f9fb4fa3e9 |
| Instruction |
|---|
| sub esp, 000002D4h |
| push ebx |
| push esi |
| push edi |
| push 00000020h |
| pop edi |
| xor ebx, ebx |
| push 00008001h |
| mov dword ptr [esp+14h], ebx |
| mov dword ptr [esp+10h], 0040A230h |
| mov dword ptr [esp+1Ch], ebx |
| call dword ptr [004080ACh] |
| call dword ptr [004080A8h] |
| and eax, BFFFFFFFh |
| cmp ax, 00000006h |
| mov dword ptr [0042A24Ch], eax |
| je 00007F309919D453h |
| push ebx |
| call 00007F30991A071Dh |
| cmp eax, ebx |
| je 00007F309919D449h |
| push 00000C00h |
| call eax |
| mov esi, 004082B0h |
| push esi |
| call 00007F30991A0697h |
| push esi |
| call dword ptr [00408150h] |
| lea esi, dword ptr [esi+eax+01h] |
| cmp byte ptr [esi], 00000000h |
| jne 00007F309919D42Ch |
| push 0000000Ah |
| call 00007F30991A06F0h |
| push 00000008h |
| call 00007F30991A06E9h |
| push 00000006h |
| mov dword ptr [0042A244h], eax |
| call 00007F30991A06DDh |
| cmp eax, ebx |
| je 00007F309919D451h |
| push 0000001Eh |
| call eax |
| test eax, eax |
| je 00007F309919D449h |
| or byte ptr [0042A24Fh], 00000040h |
| push ebp |
| call dword ptr [00408044h] |
| push ebx |
| call dword ptr [004082A0h] |
| mov dword ptr [0042A318h], eax |
| push ebx |
| lea eax, dword ptr [esp+34h] |
| push 000002B4h |
| push eax |
| push ebx |
| push 004216E8h |
| call dword ptr [00408188h] |
| push 0040A384h |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8504 | 0xa0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x55000 | 0x21068 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x6409 | 0x6600 | bfe2b726d49cbd922b87bad5eea65e61 | False | 0.6540287990196079 | data | 6.416186322230332 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8000 | 0x1396 | 0x1400 | d45dcba8ca646543f7e339e20089687e | False | 0.45234375 | data | 5.154907432640367 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xa000 | 0x20358 | 0x600 | 8575fc5e872ca789611c386779287649 | False | 0.5026041666666666 | data | 4.004402321344153 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x2b000 | 0x2a000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x55000 | 0x21068 | 0x21200 | 03ed2ed76ba15352dac9e48819696134 | False | 0.8714696344339623 | data | 7.556190648348207 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_BITMAP | 0x554c0 | 0x368 | Device independent bitmap graphic, 96 x 16 x 4, image size 768 | English | United States | 0.23623853211009174 |
| RT_ICON | 0x55828 | 0xc2a3 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9966684729162903 |
| RT_ICON | 0x61ad0 | 0x86e0 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.990210843373494 |
| RT_ICON | 0x6a1b0 | 0x5085 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9867559307233299 |
| RT_ICON | 0x6f238 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.4358921161825726 |
| RT_ICON | 0x717e0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.4896810506566604 |
| RT_ICON | 0x72888 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | English | United States | 0.5367803837953091 |
| RT_ICON | 0x73730 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States | 0.6913357400722022 |
| RT_ICON | 0x73fd8 | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1152 | English | United States | 0.38597560975609757 |
| RT_ICON | 0x74640 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | English | United States | 0.4934971098265896 |
| RT_ICON | 0x74ba8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.651595744680851 |
| RT_ICON | 0x75010 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512 | English | United States | 0.46908602150537637 |
| RT_ICON | 0x752f8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | English | United States | 0.5472972972972973 |
| RT_DIALOG | 0x75420 | 0x120 | data | English | United States | 0.53125 |
| RT_DIALOG | 0x75540 | 0x118 | data | English | United States | 0.5678571428571428 |
| RT_DIALOG | 0x75658 | 0x120 | data | English | United States | 0.5104166666666666 |
| RT_DIALOG | 0x75778 | 0xf8 | data | English | United States | 0.6330645161290323 |
| RT_DIALOG | 0x75870 | 0xa0 | data | English | United States | 0.6125 |
| RT_DIALOG | 0x75910 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0x75970 | 0xae | data | English | United States | 0.6091954022988506 |
| RT_VERSION | 0x75a20 | 0x308 | data | English | United States | 0.47036082474226804 |
| RT_MANIFEST | 0x75d28 | 0x33e | XML 1.0 document, ASCII text, with very long lines (830), with no line terminators | English | United States | 0.5542168674698795 |
| DLL | Import |
|---|---|
| KERNEL32.dll | ExitProcess, SetFileAttributesW, Sleep, GetTickCount, CreateFileW, GetFileSize, GetModuleFileNameW, GetCurrentProcess, SetCurrentDirectoryW, GetFileAttributesW, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, CopyFileW, GetShortPathNameW, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalUnlock, GetDiskFreeSpaceW, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW |
| USER32.dll | GetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage |
| GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
| SHELL32.dll | SHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW |
| ADVAPI32.dll | AdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
| COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
| ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T21:25:12.948033+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.8 | 49708 | 142.250.186.78 | 443 | TCP |
| 2025-01-10T21:25:26.788911+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.8 | 49711 | 158.101.44.242 | 80 | TCP |
| 2025-01-10T21:25:33.617012+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.8 | 49711 | 158.101.44.242 | 80 | TCP |
| 2025-01-10T21:25:34.243472+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49724 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:36.607170+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49724 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:38.007777+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.8 | 49745 | 158.101.44.242 | 80 | TCP |
| 2025-01-10T21:25:38.597069+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49751 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:38.885501+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49751 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:42.066599+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49778 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:42.267307+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49778 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:43.511266+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49785 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:43.686228+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49785 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:45.909104+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49802 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:46.161082+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49802 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:47.365103+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49814 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:48.476323+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49814 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:49.719264+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49826 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:49.899223+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49826 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:51.193548+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49838 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:51.442796+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49838 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:54.693478+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49862 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:25:54.951438+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49862 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:26:02.276649+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49913 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:26:02.454225+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49913 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:26:05.931191+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49939 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:26:06.180000+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49939 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:26:12.110863+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49981 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:26:12.402659+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49981 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:26:13.640645+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49992 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:26:13.818735+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49992 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:26:16.047903+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 50006 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:26:16.222254+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 50006 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:26:17.585743+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 50008 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:26:17.759166+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 50008 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:26:25.835431+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 50011 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:26:26.089180+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 50011 | 149.154.167.220 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 10, 2025 21:25:11.866556883 CET | 49708 | 443 | 192.168.2.8 | 142.250.186.78 |
| Jan 10, 2025 21:25:11.866600037 CET | 443 | 49708 | 142.250.186.78 | 192.168.2.8 |
| Jan 10, 2025 21:25:11.866683006 CET | 49708 | 443 | 192.168.2.8 | 142.250.186.78 |
| Jan 10, 2025 21:25:11.897017002 CET | 49708 | 443 | 192.168.2.8 | 142.250.186.78 |
| Jan 10, 2025 21:25:11.897032022 CET | 443 | 49708 | 142.250.186.78 | 192.168.2.8 |
| Jan 10, 2025 21:25:12.558836937 CET | 443 | 49708 | 142.250.186.78 | 192.168.2.8 |
| Jan 10, 2025 21:25:12.558953047 CET | 49708 | 443 | 192.168.2.8 | 142.250.186.78 |
| Jan 10, 2025 21:25:12.560558081 CET | 443 | 49708 | 142.250.186.78 | 192.168.2.8 |
| Jan 10, 2025 21:25:12.560609102 CET | 49708 | 443 | 192.168.2.8 | 142.250.186.78 |
| Jan 10, 2025 21:25:12.624341965 CET | 49708 | 443 | 192.168.2.8 | 142.250.186.78 |
| Jan 10, 2025 21:25:12.624372959 CET | 443 | 49708 | 142.250.186.78 | 192.168.2.8 |
| Jan 10, 2025 21:25:12.624741077 CET | 443 | 49708 | 142.250.186.78 | 192.168.2.8 |
| Jan 10, 2025 21:25:12.624830961 CET | 49708 | 443 | 192.168.2.8 | 142.250.186.78 |
| Jan 10, 2025 21:25:12.628591061 CET | 49708 | 443 | 192.168.2.8 | 142.250.186.78 |
| Jan 10, 2025 21:25:12.671334028 CET | 443 | 49708 | 142.250.186.78 | 192.168.2.8 |
| Jan 10, 2025 21:25:12.947999001 CET | 443 | 49708 | 142.250.186.78 | 192.168.2.8 |
| Jan 10, 2025 21:25:12.948090076 CET | 49708 | 443 | 192.168.2.8 | 142.250.186.78 |
| Jan 10, 2025 21:25:12.948339939 CET | 49708 | 443 | 192.168.2.8 | 142.250.186.78 |
| Jan 10, 2025 21:25:12.948381901 CET | 443 | 49708 | 142.250.186.78 | 192.168.2.8 |
| Jan 10, 2025 21:25:12.948512077 CET | 49708 | 443 | 192.168.2.8 | 142.250.186.78 |
| Jan 10, 2025 21:25:12.990782976 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:12.990861893 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:12.990953922 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:12.991281986 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:12.991297007 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:13.677922964 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:13.678014040 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:13.684185028 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:13.684205055 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:13.684428930 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:13.684489965 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:13.691621065 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:13.735354900 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.290021896 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.290141106 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.295675993 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.295768023 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.309463024 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.309547901 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.309568882 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.309617996 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.317594051 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.317687035 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.382086992 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.382179976 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.382209063 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.382249117 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.382263899 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.382299900 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.382416010 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.382471085 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.382478952 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.382524967 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.385323048 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.385456085 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.385478020 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.385545969 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.391592026 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.391668081 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.391678095 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.391755104 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.397901058 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.398042917 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.398063898 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.398129940 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.404081106 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.404195070 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.404244900 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.404301882 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.410434961 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.410505056 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.410520077 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.410574913 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.416728973 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.416826010 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.416857004 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.416922092 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.422672987 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.422749043 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.422769070 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.422837973 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.428656101 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.428754091 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.428775072 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.428826094 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.434581995 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.434730053 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.434747934 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.434815884 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.440573931 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.440658092 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.451926947 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.452039003 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.452069044 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.452146053 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.474239111 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.474339962 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.474366903 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.474442005 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.474462986 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.474534988 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.474816084 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.474853992 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.474875927 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.474896908 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.474905014 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.474973917 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.475800037 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.475858927 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.475862026 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.475874901 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.475912094 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.475950003 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.476473093 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.476541996 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.477415085 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.477484941 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.481863022 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.481929064 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.481952906 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.482012987 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.486994028 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.487106085 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.487127066 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.487194061 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.491956949 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.492008924 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.492019892 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.492063999 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.496490002 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.496581078 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.496611118 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.496666908 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.501127958 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.501210928 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.501243114 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.501307011 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.505778074 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.505868912 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.505899906 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.505965948 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.510391951 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.510468960 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.510499001 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.510590076 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.515105009 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.515182972 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.515208960 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.515261889 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.519726992 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.519823074 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.519848108 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.519906044 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.524044991 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.524286985 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.524355888 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.524452925 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.528405905 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.528475046 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.528516054 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.528526068 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.528542995 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.528583050 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.528667927 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:16.528718948 CET | 443 | 49710 | 216.58.206.33 | 192.168.2.8 |
| Jan 10, 2025 21:25:16.528775930 CET | 49710 | 443 | 192.168.2.8 | 216.58.206.33 |
| Jan 10, 2025 21:25:18.418550968 CET | 49711 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:18.423367977 CET | 80 | 49711 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:18.423458099 CET | 49711 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:18.423686981 CET | 49711 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:18.428459883 CET | 80 | 49711 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:24.552647114 CET | 80 | 49711 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:24.578846931 CET | 49711 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:24.583690882 CET | 80 | 49711 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:26.742908955 CET | 80 | 49711 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:26.788911104 CET | 49711 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:27.085820913 CET | 49712 | 443 | 192.168.2.8 | 104.21.112.1 |
| Jan 10, 2025 21:25:27.085848093 CET | 443 | 49712 | 104.21.112.1 | 192.168.2.8 |
| Jan 10, 2025 21:25:27.085941076 CET | 49712 | 443 | 192.168.2.8 | 104.21.112.1 |
| Jan 10, 2025 21:25:27.088551998 CET | 49712 | 443 | 192.168.2.8 | 104.21.112.1 |
| Jan 10, 2025 21:25:27.088567972 CET | 443 | 49712 | 104.21.112.1 | 192.168.2.8 |
| Jan 10, 2025 21:25:27.557523966 CET | 443 | 49712 | 104.21.112.1 | 192.168.2.8 |
| Jan 10, 2025 21:25:27.557660103 CET | 49712 | 443 | 192.168.2.8 | 104.21.112.1 |
| Jan 10, 2025 21:25:27.561531067 CET | 49712 | 443 | 192.168.2.8 | 104.21.112.1 |
| Jan 10, 2025 21:25:27.561554909 CET | 443 | 49712 | 104.21.112.1 | 192.168.2.8 |
| Jan 10, 2025 21:25:27.561858892 CET | 443 | 49712 | 104.21.112.1 | 192.168.2.8 |
| Jan 10, 2025 21:25:27.566097021 CET | 49712 | 443 | 192.168.2.8 | 104.21.112.1 |
| Jan 10, 2025 21:25:27.611329079 CET | 443 | 49712 | 104.21.112.1 | 192.168.2.8 |
| Jan 10, 2025 21:25:27.703856945 CET | 443 | 49712 | 104.21.112.1 | 192.168.2.8 |
| Jan 10, 2025 21:25:27.704042912 CET | 443 | 49712 | 104.21.112.1 | 192.168.2.8 |
| Jan 10, 2025 21:25:27.704268932 CET | 49712 | 443 | 192.168.2.8 | 104.21.112.1 |
| Jan 10, 2025 21:25:27.710549116 CET | 49712 | 443 | 192.168.2.8 | 104.21.112.1 |
| Jan 10, 2025 21:25:33.177756071 CET | 49711 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:33.182677031 CET | 80 | 49711 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:33.567478895 CET | 80 | 49711 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:33.579891920 CET | 49724 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:33.579929113 CET | 443 | 49724 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:33.580010891 CET | 49724 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:33.580446005 CET | 49724 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:33.580460072 CET | 443 | 49724 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:33.617012024 CET | 49711 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:34.195794106 CET | 443 | 49724 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:34.195888996 CET | 49724 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:34.197735071 CET | 49724 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:34.197741032 CET | 443 | 49724 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:34.198056936 CET | 443 | 49724 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:34.199697971 CET | 49724 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:34.243324995 CET | 443 | 49724 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:34.243391991 CET | 49724 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:34.243397951 CET | 443 | 49724 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:36.607184887 CET | 443 | 49724 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:36.607319117 CET | 443 | 49724 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:36.607546091 CET | 49724 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:36.613394976 CET | 49724 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:36.775409937 CET | 49711 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:36.776585102 CET | 49745 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:36.780477047 CET | 80 | 49711 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:36.780592918 CET | 49711 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:36.781523943 CET | 80 | 49745 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:36.781671047 CET | 49745 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:36.781773090 CET | 49745 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:36.787647009 CET | 80 | 49745 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:37.959285021 CET | 80 | 49745 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:37.960813999 CET | 49751 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:37.960886955 CET | 443 | 49751 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:37.960953951 CET | 49751 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:37.961751938 CET | 49751 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:37.961771965 CET | 443 | 49751 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:38.007776976 CET | 49745 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:38.595074892 CET | 443 | 49751 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:38.596874952 CET | 49751 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:38.596929073 CET | 443 | 49751 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:38.597018003 CET | 49751 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:38.597026110 CET | 443 | 49751 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:38.885530949 CET | 443 | 49751 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:38.886945963 CET | 443 | 49751 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:38.887027979 CET | 49751 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:38.887367964 CET | 49751 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:38.891849995 CET | 49757 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:38.896714926 CET | 80 | 49757 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:38.896847963 CET | 49757 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:38.896965981 CET | 49757 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:38.901779890 CET | 80 | 49757 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:41.458250046 CET | 80 | 49757 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:41.459539890 CET | 49778 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:41.459564924 CET | 443 | 49778 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:41.459693909 CET | 49778 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:41.459914923 CET | 49778 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:41.459924936 CET | 443 | 49778 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:41.507812023 CET | 49757 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:42.064522982 CET | 443 | 49778 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:42.066178083 CET | 49778 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:42.066189051 CET | 443 | 49778 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:42.066546917 CET | 49778 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:42.066553116 CET | 443 | 49778 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:42.267386913 CET | 443 | 49778 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:42.267472982 CET | 443 | 49778 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:42.267541885 CET | 49778 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:42.268034935 CET | 49778 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:42.271742105 CET | 49757 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:42.272985935 CET | 49783 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:42.276685953 CET | 80 | 49757 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:42.276957035 CET | 49757 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:42.277767897 CET | 80 | 49783 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:42.277875900 CET | 49783 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:42.278125048 CET | 49783 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:42.282883883 CET | 80 | 49783 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:42.863244057 CET | 80 | 49783 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:42.864866018 CET | 49785 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:42.864919901 CET | 443 | 49785 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:42.865022898 CET | 49785 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:42.865291119 CET | 49785 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:42.865300894 CET | 443 | 49785 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:42.913929939 CET | 49783 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:43.476423979 CET | 443 | 49785 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:43.511004925 CET | 49785 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:43.511024952 CET | 443 | 49785 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:43.511137009 CET | 49785 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:43.511147022 CET | 443 | 49785 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:43.686285019 CET | 443 | 49785 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:43.686352015 CET | 443 | 49785 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:43.686466932 CET | 49785 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:43.686801910 CET | 49785 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:43.692188025 CET | 49783 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:43.692732096 CET | 49791 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:43.697604895 CET | 80 | 49783 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:43.697622061 CET | 80 | 49791 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:43.697690010 CET | 49783 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:43.697742939 CET | 49791 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:43.697879076 CET | 49791 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:43.702704906 CET | 80 | 49791 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:45.259149075 CET | 80 | 49791 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:45.260529995 CET | 49802 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:45.260581970 CET | 443 | 49802 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:45.260715961 CET | 49802 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:45.261425972 CET | 49802 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:45.261440039 CET | 443 | 49802 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:45.304667950 CET | 49791 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:45.906946898 CET | 443 | 49802 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:45.908931971 CET | 49802 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:45.908946991 CET | 443 | 49802 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:45.909054995 CET | 49802 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:45.909060955 CET | 443 | 49802 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:46.161154985 CET | 443 | 49802 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:46.161248922 CET | 443 | 49802 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:46.161463976 CET | 49802 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:46.162041903 CET | 49802 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:46.171550035 CET | 49791 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:46.173119068 CET | 49813 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:46.176677942 CET | 80 | 49791 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:46.176912069 CET | 49791 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:46.177973032 CET | 80 | 49813 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:46.181761026 CET | 49813 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:46.181885958 CET | 49813 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:46.186686039 CET | 80 | 49813 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:46.752300978 CET | 80 | 49813 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:46.754540920 CET | 49814 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:46.754580975 CET | 443 | 49814 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:46.754724026 CET | 49814 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:46.755100012 CET | 49814 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:46.755117893 CET | 443 | 49814 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:46.804548025 CET | 49813 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:47.363198042 CET | 443 | 49814 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:47.364918947 CET | 49814 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:47.364939928 CET | 443 | 49814 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:47.364994049 CET | 49814 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:47.365000963 CET | 443 | 49814 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:48.476320028 CET | 443 | 49814 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:48.476382017 CET | 443 | 49814 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:48.476469994 CET | 49814 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:48.477365017 CET | 49814 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:48.480050087 CET | 49813 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:48.481071949 CET | 49820 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:48.485955954 CET | 80 | 49820 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:48.485986948 CET | 80 | 49813 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:48.486063957 CET | 49813 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:48.486083984 CET | 49820 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:48.486207962 CET | 49820 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:48.490979910 CET | 80 | 49820 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:49.051666975 CET | 80 | 49820 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:49.053010941 CET | 49826 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:49.053061008 CET | 443 | 49826 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:49.053220987 CET | 49826 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:49.053426981 CET | 49826 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:49.053443909 CET | 443 | 49826 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:49.101418018 CET | 49820 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:49.700676918 CET | 443 | 49826 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:49.719048023 CET | 49826 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:49.719060898 CET | 443 | 49826 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:49.719208956 CET | 49826 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:49.719213963 CET | 443 | 49826 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:49.899260998 CET | 443 | 49826 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:49.899369001 CET | 443 | 49826 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:49.899561882 CET | 49826 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:49.909547091 CET | 49826 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:49.972455978 CET | 49820 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:49.977570057 CET | 80 | 49820 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:49.977650881 CET | 49820 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:49.991106033 CET | 49832 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:49.995959997 CET | 80 | 49832 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:49.996037960 CET | 49832 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:49.996225119 CET | 49832 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:50.001091003 CET | 80 | 49832 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:50.579760075 CET | 80 | 49832 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:50.581260920 CET | 49838 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:50.581312895 CET | 443 | 49838 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:50.581392050 CET | 49838 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:50.581671953 CET | 49838 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:50.581690073 CET | 443 | 49838 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:50.632663965 CET | 49832 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:51.190716028 CET | 443 | 49838 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:51.193368912 CET | 49838 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:51.193382978 CET | 443 | 49838 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:51.193521976 CET | 49838 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:51.193526983 CET | 443 | 49838 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:51.442809105 CET | 443 | 49838 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:51.442898035 CET | 443 | 49838 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:51.443011999 CET | 49838 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:51.443698883 CET | 49838 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:51.447585106 CET | 49832 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:51.448764086 CET | 49844 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:51.452632904 CET | 80 | 49832 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:51.453047991 CET | 49832 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:51.453589916 CET | 80 | 49844 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:51.453676939 CET | 49844 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:51.453834057 CET | 49844 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:51.458610058 CET | 80 | 49844 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:54.057730913 CET | 80 | 49844 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:54.058886051 CET | 49862 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:54.058933973 CET | 443 | 49862 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:54.058998108 CET | 49862 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:54.059263945 CET | 49862 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:54.059279919 CET | 443 | 49862 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:54.101558924 CET | 49844 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:54.690731049 CET | 443 | 49862 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:54.693283081 CET | 49862 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:54.693306923 CET | 443 | 49862 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:54.693367958 CET | 49862 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:54.693377018 CET | 443 | 49862 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:54.951482058 CET | 443 | 49862 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:54.951558113 CET | 443 | 49862 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:25:54.951621056 CET | 49862 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:54.952029943 CET | 49862 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:25:54.955152035 CET | 49844 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:54.956414938 CET | 49869 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:54.961342096 CET | 80 | 49869 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:54.961451054 CET | 49869 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:54.961532116 CET | 49869 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:54.962057114 CET | 80 | 49844 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:54.962131977 CET | 49844 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:54.966486931 CET | 80 | 49869 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:58.523112059 CET | 80 | 49869 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:58.570312023 CET | 49869 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:58.808672905 CET | 49869 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:58.809436083 CET | 49892 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:58.813610077 CET | 80 | 49869 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:58.813668966 CET | 49869 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:58.814260960 CET | 80 | 49892 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:25:58.814363003 CET | 49892 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:58.814627886 CET | 49892 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:25:58.819408894 CET | 80 | 49892 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:01.638802052 CET | 80 | 49892 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:01.640264988 CET | 49913 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:01.640384912 CET | 443 | 49913 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:01.640503883 CET | 49913 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:01.640839100 CET | 49913 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:01.640877962 CET | 443 | 49913 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:01.679611921 CET | 49892 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:02.274605989 CET | 443 | 49913 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:02.276470900 CET | 49913 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:02.276503086 CET | 443 | 49913 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:02.276560068 CET | 49913 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:02.276571989 CET | 443 | 49913 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:02.454267025 CET | 443 | 49913 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:02.454355955 CET | 443 | 49913 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:02.454461098 CET | 49913 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:02.455056906 CET | 49913 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:02.458142996 CET | 49892 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:02.459357023 CET | 49919 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:02.463129997 CET | 80 | 49892 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:02.463195086 CET | 49892 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:02.464356899 CET | 80 | 49919 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:02.464446068 CET | 49919 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:02.464571953 CET | 49919 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:02.469341993 CET | 80 | 49919 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:05.312028885 CET | 80 | 49919 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:05.313504934 CET | 49939 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:05.313549042 CET | 443 | 49939 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:05.313654900 CET | 49939 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:05.313920975 CET | 49939 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:05.313934088 CET | 443 | 49939 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:05.351475000 CET | 49919 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:05.928780079 CET | 443 | 49939 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:05.930896997 CET | 49939 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:05.930926085 CET | 443 | 49939 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:05.931127071 CET | 49939 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:05.931133986 CET | 443 | 49939 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:06.180064917 CET | 443 | 49939 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:06.180147886 CET | 443 | 49939 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:06.180223942 CET | 49939 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:06.180705070 CET | 49939 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:06.183927059 CET | 49919 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:06.185296059 CET | 49945 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:06.188958883 CET | 80 | 49919 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:06.189059019 CET | 49919 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:06.190109968 CET | 80 | 49945 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:06.190221071 CET | 49945 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:06.190325022 CET | 49945 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:06.195091963 CET | 80 | 49945 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:09.752568007 CET | 80 | 49945 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:09.757383108 CET | 49967 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:09.762217999 CET | 80 | 49967 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:09.762336969 CET | 49967 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:09.762434959 CET | 49967 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:09.767177105 CET | 80 | 49967 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:09.804579020 CET | 49945 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:11.476747036 CET | 80 | 49967 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:11.478574991 CET | 49981 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:11.478619099 CET | 443 | 49981 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:11.479340076 CET | 49945 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:11.480138063 CET | 49981 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:11.480385065 CET | 49981 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:11.480397940 CET | 443 | 49981 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:11.484565020 CET | 80 | 49945 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:11.484662056 CET | 49945 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:11.523334980 CET | 49967 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:12.099795103 CET | 443 | 49981 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:12.110443115 CET | 49981 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:12.110471010 CET | 443 | 49981 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:12.110548019 CET | 49981 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:12.110558987 CET | 443 | 49981 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:12.402734041 CET | 443 | 49981 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:12.402812004 CET | 443 | 49981 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:12.402883053 CET | 49981 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:12.403342962 CET | 49981 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:12.406708002 CET | 49967 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:12.407835007 CET | 49988 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:12.411732912 CET | 80 | 49967 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:12.411803007 CET | 49967 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:12.412631035 CET | 80 | 49988 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:12.412712097 CET | 49988 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:12.412791967 CET | 49988 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:12.417546034 CET | 80 | 49988 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:13.006381035 CET | 80 | 49988 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:13.007698059 CET | 49992 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:13.007754087 CET | 443 | 49992 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:13.007996082 CET | 49992 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:13.008222103 CET | 49992 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:13.008244038 CET | 443 | 49992 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:13.054594994 CET | 49988 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:13.638421059 CET | 443 | 49992 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:13.640352964 CET | 49992 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:13.640367985 CET | 443 | 49992 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:13.640578985 CET | 49992 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:13.640584946 CET | 443 | 49992 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:13.818754911 CET | 443 | 49992 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:13.818824053 CET | 443 | 49992 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:13.818947077 CET | 49992 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:13.819305897 CET | 49992 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:13.826349974 CET | 49988 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:13.827210903 CET | 49998 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:13.831295967 CET | 80 | 49988 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:13.831358910 CET | 49988 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:13.832078934 CET | 80 | 49998 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:13.832148075 CET | 49998 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:13.832356930 CET | 49998 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:13.837085962 CET | 80 | 49998 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:15.409513950 CET | 80 | 49998 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:15.411673069 CET | 50006 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:15.411716938 CET | 443 | 50006 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:15.411856890 CET | 50006 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:15.412148952 CET | 50006 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:15.412163019 CET | 443 | 50006 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:15.460863113 CET | 49998 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:16.044369936 CET | 443 | 50006 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:16.047653913 CET | 50006 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:16.047669888 CET | 443 | 50006 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:16.047857046 CET | 50006 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:16.047862053 CET | 443 | 50006 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:16.222280025 CET | 443 | 50006 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:16.222359896 CET | 443 | 50006 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:16.222819090 CET | 50006 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:16.223006964 CET | 50006 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:16.227449894 CET | 49998 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:16.228734970 CET | 50007 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:16.233534098 CET | 80 | 50007 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:16.235440969 CET | 50007 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:16.235554934 CET | 50007 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:16.240276098 CET | 80 | 50007 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:16.251821995 CET | 80 | 49998 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:16.252090931 CET | 49998 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:16.846008062 CET | 80 | 50007 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:16.847471952 CET | 50008 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:16.847520113 CET | 443 | 50008 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:16.847620964 CET | 50008 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:16.847852945 CET | 50008 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:16.847866058 CET | 443 | 50008 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:16.898318052 CET | 50007 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:17.583405018 CET | 443 | 50008 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:17.585360050 CET | 50008 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:17.585392952 CET | 443 | 50008 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:17.585452080 CET | 50008 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:17.585463047 CET | 443 | 50008 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:17.759254932 CET | 443 | 50008 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:17.759489059 CET | 443 | 50008 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:17.759567022 CET | 50008 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:17.759959936 CET | 50008 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:17.762919903 CET | 50007 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:17.763947964 CET | 50009 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:17.767844915 CET | 80 | 50007 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:17.767927885 CET | 50007 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:17.768754959 CET | 80 | 50009 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:17.768825054 CET | 50009 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:17.768923044 CET | 50009 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:17.773657084 CET | 80 | 50009 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:21.397540092 CET | 80 | 50009 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:21.403759956 CET | 50010 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:21.408682108 CET | 80 | 50010 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:21.411087036 CET | 50010 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:21.411242008 CET | 50010 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:21.416017056 CET | 80 | 50010 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:21.445287943 CET | 50009 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:22.824995995 CET | 80 | 50010 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:22.867096901 CET | 50010 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:25.191345930 CET | 50009 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:25.192147970 CET | 50011 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:25.192184925 CET | 443 | 50011 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:25.192259073 CET | 50011 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:25.192584991 CET | 50011 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:25.192600012 CET | 443 | 50011 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:25.196671009 CET | 80 | 50009 | 158.101.44.242 | 192.168.2.8 |
| Jan 10, 2025 21:26:25.196767092 CET | 50009 | 80 | 192.168.2.8 | 158.101.44.242 |
| Jan 10, 2025 21:26:25.833276987 CET | 443 | 50011 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:25.835258007 CET | 50011 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:25.835300922 CET | 443 | 50011 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:25.835352898 CET | 50011 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:26:25.835362911 CET | 443 | 50011 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:26.089237928 CET | 443 | 50011 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:26.089324951 CET | 443 | 50011 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:26:26.089435101 CET | 50011 | 443 | 192.168.2.8 | 149.154.167.220 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 10, 2025 21:25:11.850749016 CET | 56488 | 53 | 192.168.2.8 | 1.1.1.1 |
| Jan 10, 2025 21:25:11.858333111 CET | 53 | 56488 | 1.1.1.1 | 192.168.2.8 |
| Jan 10, 2025 21:25:12.982795954 CET | 50611 | 53 | 192.168.2.8 | 1.1.1.1 |
| Jan 10, 2025 21:25:12.989809990 CET | 53 | 50611 | 1.1.1.1 | 192.168.2.8 |
| Jan 10, 2025 21:25:18.406151056 CET | 56266 | 53 | 192.168.2.8 | 1.1.1.1 |
| Jan 10, 2025 21:25:18.414288044 CET | 53 | 56266 | 1.1.1.1 | 192.168.2.8 |
| Jan 10, 2025 21:25:27.074492931 CET | 51865 | 53 | 192.168.2.8 | 1.1.1.1 |
| Jan 10, 2025 21:25:27.084958076 CET | 53 | 51865 | 1.1.1.1 | 192.168.2.8 |
| Jan 10, 2025 21:25:33.571993113 CET | 61869 | 53 | 192.168.2.8 | 1.1.1.1 |
| Jan 10, 2025 21:25:33.579266071 CET | 53 | 61869 | 1.1.1.1 | 192.168.2.8 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Jan 10, 2025 21:25:11.850749016 CET | 192.168.2.8 | 1.1.1.1 | 0x1505 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 21:25:12.982795954 CET | 192.168.2.8 | 1.1.1.1 | 0xee65 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 21:25:18.406151056 CET | 192.168.2.8 | 1.1.1.1 | 0xbddb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 21:25:27.074492931 CET | 192.168.2.8 | 1.1.1.1 | 0x1df3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 21:25:33.571993113 CET | 192.168.2.8 | 1.1.1.1 | 0x3777 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Jan 10, 2025 21:25:11.858333111 CET | 1.1.1.1 | 192.168.2.8 | 0x1505 | No error (0) | 142.250.186.78 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:25:12.989809990 CET | 1.1.1.1 | 192.168.2.8 | 0xee65 | No error (0) | 216.58.206.33 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:25:18.414288044 CET | 1.1.1.1 | 192.168.2.8 | 0xbddb | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Jan 10, 2025 21:25:18.414288044 CET | 1.1.1.1 | 192.168.2.8 | 0xbddb | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:25:18.414288044 CET | 1.1.1.1 | 192.168.2.8 | 0xbddb | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:25:18.414288044 CET | 1.1.1.1 | 192.168.2.8 | 0xbddb | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:25:18.414288044 CET | 1.1.1.1 | 192.168.2.8 | 0xbddb | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:25:18.414288044 CET | 1.1.1.1 | 192.168.2.8 | 0xbddb | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:25:27.084958076 CET | 1.1.1.1 | 192.168.2.8 | 0x1df3 | No error (0) | 104.21.112.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:25:27.084958076 CET | 1.1.1.1 | 192.168.2.8 | 0x1df3 | No error (0) | 104.21.32.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:25:27.084958076 CET | 1.1.1.1 | 192.168.2.8 | 0x1df3 | No error (0) | 104.21.48.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:25:27.084958076 CET | 1.1.1.1 | 192.168.2.8 | 0x1df3 | No error (0) | 104.21.96.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:25:27.084958076 CET | 1.1.1.1 | 192.168.2.8 | 0x1df3 | No error (0) | 104.21.64.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:25:27.084958076 CET | 1.1.1.1 | 192.168.2.8 | 0x1df3 | No error (0) | 104.21.80.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:25:27.084958076 CET | 1.1.1.1 | 192.168.2.8 | 0x1df3 | No error (0) | 104.21.16.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:25:33.579266071 CET | 1.1.1.1 | 192.168.2.8 | 0x3777 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.8 | 49711 | 158.101.44.242 | 80 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:25:18.423686981 CET | 151 | OUT | |
| Jan 10, 2025 21:25:24.552647114 CET | 321 | IN | |
| Jan 10, 2025 21:25:24.578846931 CET | 127 | OUT | |
| Jan 10, 2025 21:25:26.742908955 CET | 321 | IN | |
| Jan 10, 2025 21:25:33.177756071 CET | 127 | OUT | |
| Jan 10, 2025 21:25:33.567478895 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.8 | 49745 | 158.101.44.242 | 80 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:25:36.781773090 CET | 127 | OUT | |
| Jan 10, 2025 21:25:37.959285021 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.8 | 49757 | 158.101.44.242 | 80 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:25:38.896965981 CET | 151 | OUT | |
| Jan 10, 2025 21:25:41.458250046 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.8 | 49783 | 158.101.44.242 | 80 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:25:42.278125048 CET | 151 | OUT | |
| Jan 10, 2025 21:25:42.863244057 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.8 | 49791 | 158.101.44.242 | 80 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:25:43.697879076 CET | 151 | OUT | |
| Jan 10, 2025 21:25:45.259149075 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.8 | 49813 | 158.101.44.242 | 80 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:25:46.181885958 CET | 151 | OUT | |
| Jan 10, 2025 21:25:46.752300978 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.8 | 49820 | 158.101.44.242 | 80 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:25:48.486207962 CET | 151 | OUT | |
| Jan 10, 2025 21:25:49.051666975 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.8 | 49832 | 158.101.44.242 | 80 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:25:49.996225119 CET | 151 | OUT | |
| Jan 10, 2025 21:25:50.579760075 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.8 | 49844 | 158.101.44.242 | 80 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:25:51.453834057 CET | 151 | OUT | |
| Jan 10, 2025 21:25:54.057730913 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.8 | 49869 | 158.101.44.242 | 80 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:25:54.961532116 CET | 151 | OUT | |
| Jan 10, 2025 21:25:58.523112059 CET | 745 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.8 | 49892 | 158.101.44.242 | 80 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:25:58.814627886 CET | 151 | OUT | |
| Jan 10, 2025 21:26:01.638802052 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.8 | 49919 | 158.101.44.242 | 80 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:26:02.464571953 CET | 151 | OUT | |
| Jan 10, 2025 21:26:05.312028885 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.8 | 49945 | 158.101.44.242 | 80 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:26:06.190325022 CET | 151 | OUT | |
| Jan 10, 2025 21:26:09.752568007 CET | 745 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.8 | 49967 | 158.101.44.242 | 80 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:26:09.762434959 CET | 151 | OUT | |
| Jan 10, 2025 21:26:11.476747036 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.8 | 49988 | 158.101.44.242 | 80 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:26:12.412791967 CET | 151 | OUT | |
| Jan 10, 2025 21:26:13.006381035 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.8 | 49998 | 158.101.44.242 | 80 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:26:13.832356930 CET | 151 | OUT | |
| Jan 10, 2025 21:26:15.409513950 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.8 | 50007 | 158.101.44.242 | 80 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:26:16.235554934 CET | 151 | OUT | |
| Jan 10, 2025 21:26:16.846008062 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 17 | 192.168.2.8 | 50009 | 158.101.44.242 | 80 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:26:17.768923044 CET | 151 | OUT | |
| Jan 10, 2025 21:26:21.397540092 CET | 745 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 18 | 192.168.2.8 | 50010 | 158.101.44.242 | 80 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:26:21.411242008 CET | 151 | OUT | |
| Jan 10, 2025 21:26:22.824995995 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.8 | 49708 | 142.250.186.78 | 443 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:25:12 UTC | 216 | OUT | |
| 2025-01-10 20:25:12 UTC | 1920 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.8 | 49710 | 216.58.206.33 | 443 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:25:13 UTC | 258 | OUT | |
| 2025-01-10 20:25:16 UTC | 4938 | IN | |
| 2025-01-10 20:25:16 UTC | 4938 | IN | |
| 2025-01-10 20:25:16 UTC | 4821 | IN | |
| 2025-01-10 20:25:16 UTC | 1390 | IN | |
| 2025-01-10 20:25:16 UTC | 1390 | IN | |
| 2025-01-10 20:25:16 UTC | 1390 | IN | |
| 2025-01-10 20:25:16 UTC | 1390 | IN | |
| 2025-01-10 20:25:16 UTC | 1390 | IN | |
| 2025-01-10 20:25:16 UTC | 1390 | IN | |
| 2025-01-10 20:25:16 UTC | 1390 | IN | |
| 2025-01-10 20:25:16 UTC | 1390 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.8 | 49712 | 104.21.112.1 | 443 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:25:27 UTC | 85 | OUT | |
| 2025-01-10 20:25:27 UTC | 861 | IN | |
| 2025-01-10 20:25:27 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.8 | 49724 | 149.154.167.220 | 443 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:25:34 UTC | 296 | OUT | |
| 2025-01-10 20:25:34 UTC | 1090 | OUT | |
| 2025-01-10 20:25:36 UTC | 347 | IN | |
| 2025-01-10 20:25:36 UTC | 58 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.8 | 49751 | 149.154.167.220 | 443 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:25:38 UTC | 296 | OUT | |
| 2025-01-10 20:25:38 UTC | 1090 | OUT | |
| 2025-01-10 20:25:38 UTC | 347 | IN | |
| 2025-01-10 20:25:38 UTC | 58 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.8 | 49778 | 149.154.167.220 | 443 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:25:42 UTC | 272 | OUT | |
| 2025-01-10 20:25:42 UTC | 1090 | OUT | |
| 2025-01-10 20:25:42 UTC | 347 | IN | |
| 2025-01-10 20:25:42 UTC | 58 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.8 | 49785 | 149.154.167.220 | 443 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:25:43 UTC | 272 | OUT | |
| 2025-01-10 20:25:43 UTC | 1090 | OUT | |
| 2025-01-10 20:25:43 UTC | 347 | IN | |
| 2025-01-10 20:25:43 UTC | 58 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.8 | 49802 | 149.154.167.220 | 443 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:25:45 UTC | 272 | OUT | |
| 2025-01-10 20:25:45 UTC | 1090 | OUT | |
| 2025-01-10 20:25:46 UTC | 347 | IN | |
| 2025-01-10 20:25:46 UTC | 58 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.8 | 49814 | 149.154.167.220 | 443 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:25:47 UTC | 272 | OUT | |
| 2025-01-10 20:25:47 UTC | 1090 | OUT | |
| 2025-01-10 20:25:48 UTC | 347 | IN | |
| 2025-01-10 20:25:48 UTC | 58 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.8 | 49826 | 149.154.167.220 | 443 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:25:49 UTC | 296 | OUT | |
| 2025-01-10 20:25:49 UTC | 1090 | OUT | |
| 2025-01-10 20:25:49 UTC | 347 | IN | |
| 2025-01-10 20:25:49 UTC | 58 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.8 | 49838 | 149.154.167.220 | 443 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:25:51 UTC | 296 | OUT | |
| 2025-01-10 20:25:51 UTC | 1090 | OUT | |
| 2025-01-10 20:25:51 UTC | 347 | IN | |
| 2025-01-10 20:25:51 UTC | 58 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.8 | 49862 | 149.154.167.220 | 443 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:25:54 UTC | 272 | OUT | |
| 2025-01-10 20:25:54 UTC | 1090 | OUT | |
| 2025-01-10 20:25:54 UTC | 347 | IN | |
| 2025-01-10 20:25:54 UTC | 58 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.8 | 49913 | 149.154.167.220 | 443 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:26:02 UTC | 296 | OUT | |
| 2025-01-10 20:26:02 UTC | 1090 | OUT | |
| 2025-01-10 20:26:02 UTC | 347 | IN | |
| 2025-01-10 20:26:02 UTC | 58 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.8 | 49939 | 149.154.167.220 | 443 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:26:05 UTC | 272 | OUT | |
| 2025-01-10 20:26:05 UTC | 1090 | OUT | |
| 2025-01-10 20:26:06 UTC | 347 | IN | |
| 2025-01-10 20:26:06 UTC | 58 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.8 | 49981 | 149.154.167.220 | 443 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:26:12 UTC | 296 | OUT | |
| 2025-01-10 20:26:12 UTC | 1090 | OUT | |
| 2025-01-10 20:26:12 UTC | 347 | IN | |
| 2025-01-10 20:26:12 UTC | 58 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.8 | 49992 | 149.154.167.220 | 443 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:26:13 UTC | 272 | OUT | |
| 2025-01-10 20:26:13 UTC | 1090 | OUT | |
| 2025-01-10 20:26:13 UTC | 347 | IN | |
| 2025-01-10 20:26:13 UTC | 58 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.8 | 50006 | 149.154.167.220 | 443 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:26:16 UTC | 296 | OUT | |
| 2025-01-10 20:26:16 UTC | 1090 | OUT | |
| 2025-01-10 20:26:16 UTC | 347 | IN | |
| 2025-01-10 20:26:16 UTC | 58 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 17 | 192.168.2.8 | 50008 | 149.154.167.220 | 443 | 5624 | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:26:17 UTC | 296 | OUT | |
| 2025-01-10 20:26:17 UTC | 1090 | OUT | |
| 2025-01-10 20:26:17 UTC | 347 | IN | |
| 2025-01-10 20:26:17 UTC | 58 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 18 | 192.168.2.8 | 50011 | 149.154.167.220 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:26:25 UTC | 296 | OUT | |
| 2025-01-10 20:26:25 UTC | 1090 | OUT | |
| 2025-01-10 20:26:26 UTC | 347 | IN | |
| 2025-01-10 20:26:26 UTC | 58 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 15:24:16 |
| Start date: | 10/01/2025 |
| Path: | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 1'007'544 bytes |
| MD5 hash: | F28C3285968229B7E0C723633FB5C161 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 5 |
| Start time: | 15:25:02 |
| Start date: | 10/01/2025 |
| Path: | C:\Users\user\Desktop\4UQ5wnI389.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 1'007'544 bytes |
| MD5 hash: | F28C3285968229B7E0C723633FB5C161 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 19.9% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 19.5% |
| Total number of Nodes: | 1599 |
| Total number of Limit Nodes: | 39 |
Graph
Function 004034A5 Relevance: 80.9, APIs: 32, Strings: 14, Instructions: 410stringfilecomCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404DCC Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405AFA Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406AF2 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403E86 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403AD8 Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402F30 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 203memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040640A Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 209stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406752 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004023E4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040591F Relevance: 6.0, APIs: 4, Instructions: 39COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004053C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004062B6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406F27 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407128 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406E3E Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406943 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406D91 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406EAF Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406DFB Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004032DE Relevance: 4.6, APIs: 3, Instructions: 101COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402032 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401B77 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004031D6 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004015C1 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401E49 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405EDE Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040599C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 70142AAC Relevance: 1.6, APIs: 1, Instructions: 143COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040167B Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004027EF Relevance: 1.5, APIs: 1, Instructions: 28COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F61 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F90 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 70142993 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040345D Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404394 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 7014121B Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040558F Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404850 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 70141B5F Relevance: 20.1, APIs: 13, Instructions: 576stringlibrarymemoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402104 Relevance: 1.6, APIs: 1, Instructions: 129comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402868 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040451E Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406034 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004043C6 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404D1A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402DF3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 70142569 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404C0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402598 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 701418D9 Relevance: 7.7, APIs: 5, Instructions: 194COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 70142394 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401DB9 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 7014161D Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405CBD Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405DC5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004059D1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 701410E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405E43 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 12.1% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 2.1% |
| Total number of Nodes: | 290 |
| Total number of Limit Nodes: | 18 |
Graph
Function 3818E8A8 Relevance: 2.0, Strings: 1, Instructions: 764COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B1BDF0 Relevance: 2.0, Strings: 1, Instructions: 758COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3818D6E8 Relevance: 1.9, APIs: 1, Instructions: 396COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158DA0 Relevance: 1.1, Instructions: 1138COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B18650 Relevance: .7, Instructions: 709COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00155968 Relevance: .5, Instructions: 511COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00155F90 Relevance: .5, Instructions: 467COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A6C638 Relevance: .3, Instructions: 321COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A603AF Relevance: .3, Instructions: 285COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B11400 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A60C1B Relevance: .2, Instructions: 240COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A60C28 Relevance: .2, Instructions: 220COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B19D10 Relevance: .2, Instructions: 219COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B1A360 Relevance: .2, Instructions: 219COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B196C8 Relevance: .2, Instructions: 218COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B1A9B0 Relevance: .2, Instructions: 218COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A60F6F Relevance: .2, Instructions: 202COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00154328 Relevance: .2, Instructions: 194COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B1BA97 Relevance: .2, Instructions: 191COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B1A9A0 Relevance: .2, Instructions: 174COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B18640 Relevance: .2, Instructions: 172COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B196B8 Relevance: .2, Instructions: 166COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3818F3F6 Relevance: .2, Instructions: 154COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B19D00 Relevance: .1, Instructions: 121COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B1A351 Relevance: .1, Instructions: 110COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B113F0 Relevance: .1, Instructions: 100COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38180971 Relevance: 6.1, APIs: 4, Instructions: 138threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38180980 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38180104 Relevance: 1.6, APIs: 1, Instructions: 120COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38180110 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38181854 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38180BC1 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38180BC8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3818D4C8 Relevance: 1.5, APIs: 1, Instructions: 47comCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38182019 Relevance: 1.5, APIs: 1, Instructions: 46timeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3818C618 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3818C6C4 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38182020 Relevance: 1.5, APIs: 1, Instructions: 44timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3818E7E0 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B1D548 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00157458 Relevance: .7, Instructions: 704COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001519B8 Relevance: .6, Instructions: 643COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001566B8 Relevance: .5, Instructions: 456COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00154F00 Relevance: .3, Instructions: 329COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B1C175 Relevance: .3, Instructions: 322COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B1C173 Relevance: .3, Instructions: 319COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00155460 Relevance: .2, Instructions: 228COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00150B29 Relevance: .2, Instructions: 203COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00156C98 Relevance: .2, Instructions: 201COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015AF90 Relevance: .2, Instructions: 201COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00150B30 Relevance: .2, Instructions: 200COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158A4B Relevance: .2, Instructions: 196COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158D90 Relevance: .2, Instructions: 190COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B1FAB8 Relevance: .2, Instructions: 189COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B1CC28 Relevance: .1, Instructions: 147COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B17920 Relevance: .1, Instructions: 147COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00153168 Relevance: .1, Instructions: 134COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001592C3 Relevance: .1, Instructions: 126COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00159EB0 Relevance: .1, Instructions: 121COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158BF0 Relevance: .1, Instructions: 105COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00154620 Relevance: .1, Instructions: 101COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B1FAA8 Relevance: .1, Instructions: 92COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00156F30 Relevance: .1, Instructions: 91COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B1D370 Relevance: .1, Instructions: 88COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00156F40 Relevance: .1, Instructions: 87COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B1D360 Relevance: .1, Instructions: 84COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001518C8 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0009D4DC Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001552C8 Relevance: .1, Instructions: 74COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD030 Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B17922 Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00150EC8 Relevance: .1, Instructions: 70COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015324D Relevance: .1, Instructions: 68COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015461D Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158729 Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FE60 Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001552C0 Relevance: .1, Instructions: 61COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001517B8 Relevance: .1, Instructions: 61COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015B2C8 Relevance: .1, Instructions: 59COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015B2E0 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0009D4D7 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B1B9C7 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B1B9C8 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD02B Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00154E5F Relevance: .1, Instructions: 52COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B1F098 Relevance: .1, Instructions: 51COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B1EBD4 Relevance: .0, Instructions: 50COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015B2F0 Relevance: .0, Instructions: 49COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B1CE51 Relevance: .0, Instructions: 49COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158D19 Relevance: .0, Instructions: 44COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FC3F Relevance: .0, Instructions: 43COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B1962C Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B1CE60 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B1D4C9 Relevance: .0, Instructions: 36COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B1964C Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015B158 Relevance: .0, Instructions: 32COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FE10 Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00151877 Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FE20 Relevance: .0, Instructions: 23COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00151888 Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001556FF Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00157EC0 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FF21 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B1CF31 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B1D49D Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00159F6D Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FFB0 Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FF30 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B1961C Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B1BD48 Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00155710 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B19544 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004034A5 Relevance: 75.7, APIs: 32, Strings: 11, Instructions: 410stringfilecomCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404DCC Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405AFA Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 148filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406AF2 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B17B4F Relevance: .6, Instructions: 611COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A6BD88 Relevance: .3, Instructions: 276COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A6B07F Relevance: .3, Instructions: 276COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A6F042 Relevance: .3, Instructions: 276COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A6DEE1 Relevance: .3, Instructions: 274COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A6E339 Relevance: .3, Instructions: 273COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A6DA89 Relevance: .3, Instructions: 273COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A6E790 Relevance: .3, Instructions: 272COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A6EBF7 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B10FA8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B167C0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B15F10 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B13F70 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B136C0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B12E10 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B15660 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B14DB0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B12560 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B11CB0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B174C8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B16C18 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B143C8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B13B18 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B16368 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B15AB8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B15208 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B13268 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B129B8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B12108 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B14820 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B17070 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37B11858 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A6C1F2 Relevance: .3, Instructions: 267COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A6B4EC Relevance: .3, Instructions: 265COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A6B944 Relevance: .3, Instructions: 265COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3818F6B8 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040558F Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403E86 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403AD8 Relevance: 38.7, APIs: 13, Strings: 9, Instructions: 215stringregistryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040451E Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 204windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404850 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406034 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402F30 Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 203memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040640A Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 209stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004043C6 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404D1A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406752 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402DF3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404C0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401DB9 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040591F Relevance: 6.0, APIs: 4, Instructions: 39COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405DC5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004053C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004059D1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406F27 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407128 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406E3E Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406943 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406D91 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406EAF Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406DFB Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405E43 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|