Edit tour
Windows
Analysis Report
xXUnP7uCBJ.exe
Overview
General Information
| Sample name: | xXUnP7uCBJ.exerenamed because original name is a hash value |
| Original sample name: | 95125d2296df5f467e524ca8978bbe74f0f3ce9520f6014d7a7172b2d7c29f86.exe |
| Analysis ID: | 1588130 |
| MD5: | 37caf3903448f4b7d38a4d8e180f54dd |
| SHA1: | 97ce4432b6d1220fad4b622bbefdf8c43d3d02ca |
| SHA256: | 95125d2296df5f467e524ca8978bbe74f0f3ce9520f6014d7a7172b2d7c29f86 |
| Tags: | exeGuLoaderuser-adrian__luca |
| Infos: |  |
 | |
Detection
GuLoader, MassLogger RAT
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected MassLogger RAT
Yara detected Telegram RAT
AI detected suspicious sample
Disable Task Manager(disabletaskmgr)
Disables CMD prompt
Disables the Windows task manager (taskmgr)
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Classification
- System is w10x64
xXUnP7uCBJ.exe (PID: 1608 cmdline:
"C:\Users\ user\Deskt op\xXUnP7u CBJ.exe" MD5: 37CAF3903448F4B7D38A4D8E180F54DD) "C:\Users\ user\Deskt op\xXUnP7u CBJ.exe" MD5: 37CAF3903448F4B7D38A4D8E180F54DD)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
{"C2 url": "https://api.telegram.org/bot7766574905:AAGkK12NqfgMWNTsNJqrFtr2J3oH0W_DuqA/sendMessage"}{"EXfil Mode": "Telegram", "Telegram Token": "7766574905:AAGkK12NqfgMWNTsNJqrFtr2J3oH0W_DuqA", "Telegram Chatid": "2065242915"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | ||
| Click to see the 2 entries | ||||
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T21:41:17.793698+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49867 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:19.687049+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49880 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:21.485754+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49891 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:23.161952+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49904 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:24.917668+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49917 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:26.614738+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49929 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:28.223995+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49942 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:30.314610+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49955 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:31.879631+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49965 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:33.495391+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49977 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:35.188701+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49989 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:36.757896+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 50001 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:38.364189+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 50006 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:40.055332+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 50008 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:41.697330+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 50010 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:43.436345+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 50012 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:45.015846+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 50014 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:47.639350+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 50016 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:49.349565+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 50018 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:50.928807+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 50020 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:52.471215+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 50022 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:53.992976+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 50024 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:55.601059+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 50026 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:57.166640+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 50028 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:58.844952+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 50030 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:00.554468+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 50032 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:02.309175+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 50034 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:03.939152+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 50036 | 149.154.167.220 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T21:41:09.855799+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.8 | 49819 | 193.122.6.168 | 80 | TCP |
| 2025-01-10T21:41:16.746397+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.8 | 49819 | 193.122.6.168 | 80 | TCP |
| 2025-01-10T21:41:18.668334+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.8 | 49875 | 193.122.6.168 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T21:41:04.978467+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.8 | 49785 | 142.250.181.238 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T21:41:17.415525+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49867 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:19.224861+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49880 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:21.006084+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49891 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:22.756876+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49904 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:24.655050+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49917 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:26.262843+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49929 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:27.913903+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49942 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:29.890487+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49955 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:31.567980+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49965 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:33.138548+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49977 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:34.875730+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49989 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:36.530641+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 50001 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:38.043435+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 50006 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:39.657095+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 50008 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:41.352591+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 50010 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:43.109284+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 50012 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:44.746178+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 50014 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:46.294566+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 50016 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:48.959134+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 50018 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:50.630293+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 50020 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:52.194413+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 50022 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:53.768230+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 50024 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:55.294687+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 50026 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:56.863743+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 50028 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:58.487650+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 50030 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:00.308605+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 50032 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:01.891414+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 50034 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:03.586916+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 50036 | 149.154.167.220 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Integrated Neural Analysis Model: | ||
Location Tracking | |
|---|
| Source: | DNS query: | ||
| Source: | Code function: | 5_2_38FCD1EC | |
| Source: | Code function: | 5_2_38FCD9D9 | |
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_0040672B | |
| Source: | Code function: | 0_2_00405AFA | |
| Source: | Code function: | 0_2_00402868 | |
| Source: | Code function: | 5_2_00402868 | |
| Source: | Code function: | 5_2_0040672B | |
| Source: | Code function: | 5_2_00405AFA | |
| Source: | Code function: | 5_2_38FC03AF | |
| Source: | Code function: | 5_2_38FC0C28 | |
| Source: | Code function: | 5_2_38FCC638 | |
| Source: | Code function: | 5_2_38FCB07F | |
| Source: | Code function: | 5_2_38FCF054 | |
| Source: | Code function: | 5_2_38FCC1F2 | |
| Source: | Code function: | 5_2_38FCB930 | |
| Source: | Code function: | 5_2_38FCDA89 | |
| Source: | Code function: | 5_2_38FCEBF2 | |
| Source: | Code function: | 5_2_38FCE339 | |
| Source: | Code function: | 5_2_38FCB4EC | |
| Source: | Code function: | 5_2_38FC0C1A | |
| Source: | Code function: | 5_2_38FCBD9C | |
| Source: | Code function: | 5_2_38FCDEE1 | |
| Source: | Code function: | 5_2_38FCE790 | |
| Source: | Code function: | 5_2_38FC0F6F | |
| Source: | Code function: | 5_2_3956BDF0 | |
| Source: | Code function: | 5_2_39568650 | |
| Source: | Code function: | 5_2_39568650 | |
| Source: | Code function: | 5_2_39562108 | |
| Source: | Code function: | 5_2_3956C92F | |
| Source: | Code function: | 5_2_39568193 | |
| Source: | Code function: | 5_2_395629B8 | |
| Source: | Code function: | 5_2_39561858 | |
| Source: | Code function: | 5_2_39567070 | |
| Source: | Code function: | 5_2_39564820 | |
| Source: | Code function: | 5_2_39567B4F | |
| Source: | Code function: | 5_2_39568373 | |
| Source: | Code function: | 5_2_39566368 | |
| Source: | Code function: | 5_2_39563B18 | |
| Source: | Code function: | 5_2_395643C8 | |
| Source: | Code function: | 5_2_3956CBE7 | |
| Source: | Code function: | 5_2_39563268 | |
| Source: | Code function: | 5_2_39565208 | |
| Source: | Code function: | 5_2_39565AB8 | |
| Source: | Code function: | 5_2_39562560 | |
| Source: | Code function: | 5_2_39564DB0 | |
| Source: | Code function: | 5_2_39566C18 | |
| Source: | Code function: | 5_2_39561400 | |
| Source: | Code function: | 5_2_395674C8 | |
| Source: | Code function: | 5_2_39561CB0 | |
| Source: | Code function: | 5_2_39563F70 | |
| Source: | Code function: | 5_2_39565F10 | |
| Source: | Code function: | 5_2_395667C0 | |
| Source: | Code function: | 5_2_39560FA8 | |
| Source: | Code function: | 5_2_39565660 | |
| Source: | Code function: | 5_2_39562E10 | |
| Source: | Code function: | 5_2_395636C0 | |
| Source: | Code function: | 5_2_39A9E7C8 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_0040558F | |
| Source: | Code function: | 0_2_004034A5 | |
| Source: | Code function: | 5_2_004034A5 | |
| Source: | Code function: | 0_2_00404DCC | |
| Source: | Code function: | 0_2_00406AF2 | |
| Source: | Code function: | 0_2_701A1B5F | |
| Source: | Code function: | 5_2_00404DCC | |
| Source: | Code function: | 5_2_00406AF2 | |
| Source: | Code function: | 5_2_00174328 | |
| Source: | Code function: | 5_2_00178DA0 | |
| Source: | Code function: | 5_2_00175F90 | |
| Source: | Code function: | 5_2_00172DD1 | |
| Source: | Code function: | 5_2_38FC2130 | |
| Source: | Code function: | 5_2_38FC03AF | |
| Source: | Code function: | 5_2_38FC3318 | |
| Source: | Code function: | 5_2_38FCCCA0 | |
| Source: | Code function: | 5_2_38FCC638 | |
| Source: | Code function: | 5_2_38FC7628 | |
| Source: | Code function: | 5_2_38FCB07F | |
| Source: | Code function: | 5_2_38FCF054 | |
| Source: | Code function: | 5_2_38FC7848 | |
| Source: | Code function: | 5_2_38FCC1F2 | |
| Source: | Code function: | 5_2_38FC69CB | |
| Source: | Code function: | 5_2_38FCB930 | |
| Source: | Code function: | 5_2_38FCAAE8 | |
| Source: | Code function: | 5_2_38FCDA89 | |
| Source: | Code function: | 5_2_38FC6A43 | |
| Source: | Code function: | 5_2_38FCEBF2 | |
| Source: | Code function: | 5_2_38FCE347 | |
| Source: | Code function: | 5_2_38FCB4EC | |
| Source: | Code function: | 5_2_38FCCCA2 | |
| Source: | Code function: | 5_2_38FCBD9C | |
| Source: | Code function: | 5_2_38FCDEE1 | |
| Source: | Code function: | 5_2_38FC6EA0 | |
| Source: | Code function: | 5_2_38FC6E91 | |
| Source: | Code function: | 5_2_38FC7E1E | |
| Source: | Code function: | 5_2_38FCE79F | |
| Source: | Code function: | 5_2_3956A9B0 | |
| Source: | Code function: | 5_2_3956A360 | |
| Source: | Code function: | 5_2_39569D10 | |
| Source: | Code function: | 5_2_3956BDF0 | |
| Source: | Code function: | 5_2_39568650 | |
| Source: | Code function: | 5_2_395696C8 | |
| Source: | Code function: | 5_2_39562108 | |
| Source: | Code function: | 5_2_3956F130 | |
| Source: | Code function: | 5_2_395651F8 | |
| Source: | Code function: | 5_2_395629B8 | |
| Source: | Code function: | 5_2_3956A9A0 | |
| Source: | Code function: | 5_2_39561858 | |
| Source: | Code function: | 5_2_39560040 | |
| Source: | Code function: | 5_2_39561848 | |
| Source: | Code function: | 5_2_39567070 | |
| Source: | Code function: | 5_2_39567061 | |
| Source: | Code function: | 5_2_39564820 | |
| Source: | Code function: | 5_2_395620F8 | |
| Source: | Code function: | 5_2_3956A352 | |
| Source: | Code function: | 5_2_39566358 | |
| Source: | Code function: | 5_2_39567B4F | |
| Source: | Code function: | 5_2_39566368 | |
| Source: | Code function: | 5_2_39563B18 | |
| Source: | Code function: | 5_2_39563B08 | |
| Source: | Code function: | 5_2_395643C8 | |
| Source: | Code function: | 5_2_39563258 | |
| Source: | Code function: | 5_2_39563268 | |
| Source: | Code function: | 5_2_39565208 | |
| Source: | Code function: | 5_2_3956BA97 | |
| Source: | Code function: | 5_2_39565AB8 | |
| Source: | Code function: | 5_2_39565AA8 | |
| Source: | Code function: | 5_2_3956255F | |
| Source: | Code function: | 5_2_39562560 | |
| Source: | Code function: | 5_2_39569D00 | |
| Source: | Code function: | 5_2_39564DB2 | |
| Source: | Code function: | 5_2_39564DB0 | |
| Source: | Code function: | 5_2_39566C18 | |
| Source: | Code function: | 5_2_39561400 | |
| Source: | Code function: | 5_2_39566C09 | |
| Source: | Code function: | 5_2_395674C8 | |
| Source: | Code function: | 5_2_39561CB0 | |
| Source: | Code function: | 5_2_395674B8 | |
| Source: | Code function: | 5_2_39561CA0 | |
| Source: | Code function: | 5_2_39563F72 | |
| Source: | Code function: | 5_2_39563F70 | |
| Source: | Code function: | 5_2_39565F10 | |
| Source: | Code function: | 5_2_395667C0 | |
| Source: | Code function: | 5_2_3956AFF7 | |
| Source: | Code function: | 5_2_3956AFF8 | |
| Source: | Code function: | 5_2_3956AFE8 | |
| Source: | Code function: | 5_2_395667B0 | |
| Source: | Code function: | 5_2_39560FA8 | |
| Source: | Code function: | 5_2_39565650 | |
| Source: | Code function: | 5_2_3956565F | |
| Source: | Code function: | 5_2_39568640 | |
| Source: | Code function: | 5_2_39565660 | |
| Source: | Code function: | 5_2_39562E10 | |
| Source: | Code function: | 5_2_39562E00 | |
| Source: | Code function: | 5_2_395636C2 | |
| Source: | Code function: | 5_2_395636C0 | |
| Source: | Code function: | 5_2_395696B8 | |
| Source: | Code function: | 5_2_39560EB9 | |
| Source: | Code function: | 5_2_39A96FA0 | |
| Source: | Code function: | 5_2_39A9E7C8 | |
| Source: | Code function: | 5_2_39A9D608 | |
| Source: | Code function: | 5_2_39A98328 | |
| Source: | Code function: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_004034A5 | |
| Source: | Code function: | 5_2_004034A5 | |
| Source: | Code function: | 0_2_00404850 | |
| Source: | Code function: | 0_2_00402104 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | Code function: | 0_2_701A1B5F | |
| Source: | File created: | Jump to dropped file | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | API coverage: | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 0_2_0040672B | |
| Source: | Code function: | 0_2_00405AFA | |
| Source: | Code function: | 0_2_00402868 | |
| Source: | Code function: | 5_2_00402868 | |
| Source: | Code function: | 5_2_0040672B | |
| Source: | Code function: | 5_2_00405AFA | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-4589 | ||
| Source: | API call chain: | graph_0-4747 | ||
| Source: | Code function: | 0_2_701A1B5F | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_004034A5 | |
| Source: | Key value queried: | Jump to behavior | ||
Lowering of HIPS / PFW / Operating System Security Settings | |
|---|
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry key created or modified: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Access Token Manipulation | 1 Masquerading | 1 OS Credential Dumping | 21 Security Software Discovery | Remote Services | 1 Email Collection | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 11 Process Injection | 31 Disable or Modify Tools | LSASS Memory | 31 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 31 Virtualization/Sandbox Evasion | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | 1 Data from Local System | 1 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Access Token Manipulation | NTDS | 1 System Network Configuration Discovery | Distributed Component Object Model | 1 Clipboard Data | 3 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Process Injection | LSA Secrets | 2 File and Directory Discovery | SSH | Keylogging | 14 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Deobfuscate/Decode Files or Information | Cached Domain Credentials | 215 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Obfuscated Files or Information | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 58% | Virustotal | Browse | ||
| 58% | ReversingLabs | Win32.Ransomware.TelegramRAT | ||
| 100% | Avira | HEUR/AGEN.1337946 |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| drive.google.com | 142.250.181.238 | true | false | high | |
| drive.usercontent.google.com | 216.58.206.65 | true | false | high | |
| reallyfreegeoip.org | 104.21.64.1 | true | false | high | |
| api.telegram.org | 149.154.167.220 | true | false | high | |
| checkip.dyndns.com | 193.122.6.168 | true | false | high | |
| checkip.dyndns.org | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 142.250.181.238 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
| 149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
| 193.122.6.168 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false | |
| 104.21.64.1 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false | |
| 216.58.206.65 | drive.usercontent.google.com | United States | 15169 | GOOGLEUS | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1588130 |
| Start date and time: | 2025-01-10 21:38:32 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 8m 25s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 8 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | xXUnP7uCBJ.exerenamed because original name is a hash value |
| Original Sample Name: | 95125d2296df5f467e524ca8978bbe74f0f3ce9520f6014d7a7172b2d7c29f86.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/8@5/5 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 20.109.210.53, 13.107.246.45
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 15:41:15 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 149.154.167.220 | Get hash | malicious | GuLoader, MassLogger RAT | Browse | ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| 193.122.6.168 | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| checkip.dyndns.com | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| reallyfreegeoip.org | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| api.telegram.org | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| ORACLE-BMC-31898US | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| TELEGRAMRU | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Strela Downloader | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC, CAPTCHA Scam ClickFix, LummaC Stealer | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nswC272.tmp\System.dll | Get hash | malicious | GuLoader, MassLogger RAT | Browse | ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | Remcos | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Remcos, GuLoader | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | LummaC Stealer | Browse |
| Process: | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 484658 |
| Entropy (8bit): | 7.809711763657168 |
| Encrypted: | false |
| SSDEEP: | 12288:W1S3xo63wl4biprI2S4WwWEcwxg9dvVAxZOCLF0DB:Wo3xX3y4bz2lWwWo6rSTZyd |
| MD5: | 5C727AE28F0DECF497FBB092BAE01B4E |
| SHA1: | AADE364AE8C2C91C6F59F85711B53078FB0763B7 |
| SHA-256: | 77CCACF58330509839E17A6CFD6B17FE3DE31577D8E2C37DC413839BA2FEEC80 |
| SHA-512: | 5246C0FBA41DF66AF89D986A3CEABC99B61DB9E9C217B28B2EC18AF31E3ED17C865387223CEB3A38A804243CF3307E07E557549026F49F52829BEBC4D4546C40 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 112291 |
| Entropy (8bit): | 1.249420131631438 |
| Encrypted: | false |
| SSDEEP: | 768:5R+BCpkJWjYWL2MxTVLvUjpGqik9JiAfWA2DBQwD1PzUH+HYZmIo7x31sT:WCZY21w0I2NZYD |
| MD5: | 4D1D72CFC5940B09DFBD7B65916F532E |
| SHA1: | 30A45798B534842002B103A36A3B907063F8A96C |
| SHA-256: | 479F1904096978F1011DF05D52021FAEEE028D4CF331024C965CED8AF1C8D496 |
| SHA-512: | 048844A09E291903450188715BCDDF14F0F1F10BEAFBD005882EBF5D5E31A71D8F93EEBE788BD54B4AED2266C454F4DCA18AF4567977B7E773BBE29A38DEA45B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 362089 |
| Entropy (8bit): | 1.23992084267325 |
| Encrypted: | false |
| SSDEEP: | 768:xOeaameETrlE0+1mGOWb3h5WAV0hW+JSLSwzj2HlSdL0f6mhKZRaqOzWz6szt3cA:x+ds5dYOVxIW3hhdeRt6MeZ1W4vB |
| MD5: | A4340182CDDD2EC1F1480360218343F9 |
| SHA1: | 50EF929FEA713AA6FCC05E8B75F497B7946B285B |
| SHA-256: | B91E5B1FF5756F0B93DCF11CBC8B467CDA0C5792DE24D27EC86E7C74388B44B3 |
| SHA-512: | 021F198AFF7CCED92912C74FC97D1919A9E059F22E99AB1236FBAA36C16B520C07B78F47FC01FCFAC1B53A87CDAE3E440D0589FA2844612617FAB2EDB64A3573 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 139354 |
| Entropy (8bit): | 1.2473328695625903 |
| Encrypted: | false |
| SSDEEP: | 768:9OsMSh8lSnJGyUzWZsO2ipzPFmDZC9kpzroto48tf2+5lVp:9delFlqNawgJp |
| MD5: | B0FB6B583D6902DE58E1202D12BA4832 |
| SHA1: | 7F585B5C3A4581CE76E373C78A6513F157B20480 |
| SHA-256: | E6EA5F6D0C7F5FA407269C7F4FF6D97149B7611071BF5BF6C454B810501AE661 |
| SHA-512: | E0894FFBD76C3476DC083DAFD24F88964BF6E09E4CA955766B43FE73A764A00247C930E9996652A22B57B27826CD94F88B8178514060CA398DE568675F9E4571 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 59352 |
| Entropy (8bit): | 4.6055171720025925 |
| Encrypted: | false |
| SSDEEP: | 768:GaBwstm76l/QgRRh0RyVJj0/EERsGjtk8/9HVmbS4wvoVgZupFunmRUR:GaBwsUqYgDCRyVJj0xygLt+LPFuX |
| MD5: | 7C9411EA91E482DC1E0429DC4A724C1E |
| SHA1: | 7A5C47AA7E18CBE7338A36745E2ED3FBDA72C151 |
| SHA-256: | E459DA34252A72CCC523B3D09993BDA16AF7E31D590326B2AAB908331C64C659 |
| SHA-512: | E856CFC763EC98A14E5557805403B1754B1C05D3C2893D0A50F8D4EE2553E00BE69CB01DCD922F3B415BD882005312412B8BE14A0FBA268DB530C30C147162F5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 277278 |
| Entropy (8bit): | 7.7629865827998215 |
| Encrypted: | false |
| SSDEEP: | 6144:RK/S7x2KE2b09WfTNPuGX8PrnIxn/fsg6o+H:RK/St2KLb6WfTNP7X8zI5/Ug6oK |
| MD5: | C393EAC7881EDF25C455E93EFE022FDD |
| SHA1: | C976E3FCA0837E58EB1AD7EA829329193F8A04A3 |
| SHA-256: | 964FBE933545B89BB329C71560812ECCBF9851E4A6232AED3B81EC0FD8F77E4B |
| SHA-512: | 41BAB80A1D4669FBAA24853B00063DE922F6E3DE81389D0FB45594A734449874DB08F541EC45C10F5A54BFC0F0F106AFE3D8CF050A79C15AA2B332636E7CC724 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1461253 |
| Entropy (8bit): | 5.480995253366477 |
| Encrypted: | false |
| SSDEEP: | 24576:Qt2KzfTNP7Xy2/Ug6oZo3xX3y4bz2lWwWo6rSTZyM:xKzfTtD38gHZoBXbz2luo6rS1yM |
| MD5: | D77F1BC7FDBEB6091CD500766A08797C |
| SHA1: | A00176ABC94B46C5AD40020795DDD02C04C0DF3C |
| SHA-256: | 602931BA074065C34F5FEC7B94D7D3A2F6536763C8756511BADD4FC7969320E2 |
| SHA-512: | 529246201A153F78CACEB572C67CB7C14EA68FA9832D0CE48CAE7643DFE42AE76544CC34281BD0860C61CC1927ADD471F72D36B6A92AB2487B711D3BF92BE02C |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 5.719859767584478 |
| Encrypted: | false |
| SSDEEP: | 192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6 |
| MD5: | 0D7AD4F45DC6F5AA87F606D0331C6901 |
| SHA1: | 48DF0911F0484CBE2A8CDD5362140B63C41EE457 |
| SHA-256: | 3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA |
| SHA-512: | C07DE7308CB54205E8BD703001A7FE4FD7796C9AC1B4BB330C77C872BF712B093645F40B80CE7127531FE6746A5B66E18EA073AB6A644934ABED9BB64126FEA9 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
| File type: | |
| Entropy (8bit): | 7.958945220389528 |
| TrID: |
|
| File name: | xXUnP7uCBJ.exe |
| File size: | 1'007'802 bytes |
| MD5: | 37caf3903448f4b7d38a4d8e180f54dd |
| SHA1: | 97ce4432b6d1220fad4b622bbefdf8c43d3d02ca |
| SHA256: | 95125d2296df5f467e524ca8978bbe74f0f3ce9520f6014d7a7172b2d7c29f86 |
| SHA512: | 0d74b65eb09923f623a19fd1478dff22eb7b871bb30c511585b0a433df8521784d28138805f3973275c4aa4e6b998dbebd5eef3e7b7750c73708f9d729425de2 |
| SSDEEP: | 24576:9jwKCN0pPVZUK9S85r80u7ZiJH6uaYiIEv:V1CqpNGqf+dFiEV9IEv |
| TLSH: | 1C2523013AE2E633C09CE5F4BD5199193F6DEE436837851723201EAD3E32BC65E256E6 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...$..\.................f...*..... |
 | |
| Icon Hash: | 46224e4c19391d03 |
| Entrypoint: | 0x4034a5 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x5C157F24 [Sat Dec 15 22:24:36 2018 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 1f23f452093b5c1ff091a2f9fb4fa3e9 |
| Instruction |
|---|
| sub esp, 000002D4h |
| push ebx |
| push esi |
| push edi |
| push 00000020h |
| pop edi |
| xor ebx, ebx |
| push 00008001h |
| mov dword ptr [esp+14h], ebx |
| mov dword ptr [esp+10h], 0040A230h |
| mov dword ptr [esp+1Ch], ebx |
| call dword ptr [004080ACh] |
| call dword ptr [004080A8h] |
| and eax, BFFFFFFFh |
| cmp ax, 00000006h |
| mov dword ptr [0042A24Ch], eax |
| je 00007F44A4940BD3h |
| push ebx |
| call 00007F44A4943E9Dh |
| cmp eax, ebx |
| je 00007F44A4940BC9h |
| push 00000C00h |
| call eax |
| mov esi, 004082B0h |
| push esi |
| call 00007F44A4943E17h |
| push esi |
| call dword ptr [00408150h] |
| lea esi, dword ptr [esi+eax+01h] |
| cmp byte ptr [esi], 00000000h |
| jne 00007F44A4940BACh |
| push 0000000Ah |
| call 00007F44A4943E70h |
| push 00000008h |
| call 00007F44A4943E69h |
| push 00000006h |
| mov dword ptr [0042A244h], eax |
| call 00007F44A4943E5Dh |
| cmp eax, ebx |
| je 00007F44A4940BD1h |
| push 0000001Eh |
| call eax |
| test eax, eax |
| je 00007F44A4940BC9h |
| or byte ptr [0042A24Fh], 00000040h |
| push ebp |
| call dword ptr [00408044h] |
| push ebx |
| call dword ptr [004082A0h] |
| mov dword ptr [0042A318h], eax |
| push ebx |
| lea eax, dword ptr [esp+34h] |
| push 000002B4h |
| push eax |
| push ebx |
| push 004216E8h |
| call dword ptr [00408188h] |
| push 0040A384h |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8504 | 0xa0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x55000 | 0x21068 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x6409 | 0x6600 | bfe2b726d49cbd922b87bad5eea65e61 | False | 0.6540287990196079 | data | 6.416186322230332 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8000 | 0x1396 | 0x1400 | d45dcba8ca646543f7e339e20089687e | False | 0.45234375 | data | 5.154907432640367 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xa000 | 0x20358 | 0x600 | 8575fc5e872ca789611c386779287649 | False | 0.5026041666666666 | data | 4.004402321344153 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x2b000 | 0x2a000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x55000 | 0x21068 | 0x21200 | 03ed2ed76ba15352dac9e48819696134 | False | 0.8714696344339623 | data | 7.556190648348207 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_BITMAP | 0x554c0 | 0x368 | Device independent bitmap graphic, 96 x 16 x 4, image size 768 | English | United States | 0.23623853211009174 |
| RT_ICON | 0x55828 | 0xc2a3 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9966684729162903 |
| RT_ICON | 0x61ad0 | 0x86e0 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.990210843373494 |
| RT_ICON | 0x6a1b0 | 0x5085 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9867559307233299 |
| RT_ICON | 0x6f238 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.4358921161825726 |
| RT_ICON | 0x717e0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.4896810506566604 |
| RT_ICON | 0x72888 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | English | United States | 0.5367803837953091 |
| RT_ICON | 0x73730 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States | 0.6913357400722022 |
| RT_ICON | 0x73fd8 | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1152 | English | United States | 0.38597560975609757 |
| RT_ICON | 0x74640 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | English | United States | 0.4934971098265896 |
| RT_ICON | 0x74ba8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.651595744680851 |
| RT_ICON | 0x75010 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512 | English | United States | 0.46908602150537637 |
| RT_ICON | 0x752f8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | English | United States | 0.5472972972972973 |
| RT_DIALOG | 0x75420 | 0x120 | data | English | United States | 0.53125 |
| RT_DIALOG | 0x75540 | 0x118 | data | English | United States | 0.5678571428571428 |
| RT_DIALOG | 0x75658 | 0x120 | data | English | United States | 0.5104166666666666 |
| RT_DIALOG | 0x75778 | 0xf8 | data | English | United States | 0.6330645161290323 |
| RT_DIALOG | 0x75870 | 0xa0 | data | English | United States | 0.6125 |
| RT_DIALOG | 0x75910 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0x75970 | 0xae | data | English | United States | 0.6091954022988506 |
| RT_VERSION | 0x75a20 | 0x308 | data | English | United States | 0.47036082474226804 |
| RT_MANIFEST | 0x75d28 | 0x33e | XML 1.0 document, ASCII text, with very long lines (830), with no line terminators | English | United States | 0.5542168674698795 |
| DLL | Import |
|---|---|
| KERNEL32.dll | ExitProcess, SetFileAttributesW, Sleep, GetTickCount, CreateFileW, GetFileSize, GetModuleFileNameW, GetCurrentProcess, SetCurrentDirectoryW, GetFileAttributesW, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, CopyFileW, GetShortPathNameW, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalUnlock, GetDiskFreeSpaceW, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW |
| USER32.dll | GetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage |
| GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
| SHELL32.dll | SHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW |
| ADVAPI32.dll | AdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
| COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
| ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T21:41:04.978467+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.8 | 49785 | 142.250.181.238 | 443 | TCP |
| 2025-01-10T21:41:09.855799+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.8 | 49819 | 193.122.6.168 | 80 | TCP |
| 2025-01-10T21:41:16.746397+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.8 | 49819 | 193.122.6.168 | 80 | TCP |
| 2025-01-10T21:41:17.415525+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49867 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:17.793698+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49867 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:18.668334+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.8 | 49875 | 193.122.6.168 | 80 | TCP |
| 2025-01-10T21:41:19.224861+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49880 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:19.687049+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49880 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:21.006084+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49891 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:21.485754+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49891 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:22.756876+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49904 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:23.161952+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49904 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:24.655050+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49917 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:24.917668+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49917 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:26.262843+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49929 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:26.614738+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49929 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:27.913903+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49942 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:28.223995+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49942 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:29.890487+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49955 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:30.314610+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49955 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:31.567980+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49965 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:31.879631+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49965 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:33.138548+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49977 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:33.495391+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49977 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:34.875730+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49989 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:35.188701+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49989 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:36.530641+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 50001 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:36.757896+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 50001 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:38.043435+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 50006 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:38.364189+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 50006 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:39.657095+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 50008 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:40.055332+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 50008 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:41.352591+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 50010 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:41.697330+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 50010 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:43.109284+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 50012 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:43.436345+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 50012 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:44.746178+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 50014 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:45.015846+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 50014 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:46.294566+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 50016 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:47.639350+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 50016 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:48.959134+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 50018 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:49.349565+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 50018 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:50.630293+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 50020 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:50.928807+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 50020 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:52.194413+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 50022 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:52.471215+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 50022 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:53.768230+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 50024 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:53.992976+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 50024 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:55.294687+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 50026 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:55.601059+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 50026 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:56.863743+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 50028 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:57.166640+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 50028 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:58.487650+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 50030 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:58.844952+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 50030 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:00.308605+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 50032 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:00.554468+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 50032 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:01.891414+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 50034 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:02.309175+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 50034 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:03.586916+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 50036 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:03.939152+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 50036 | 149.154.167.220 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 10, 2025 21:41:03.770004034 CET | 49785 | 443 | 192.168.2.8 | 142.250.181.238 |
| Jan 10, 2025 21:41:03.770046949 CET | 443 | 49785 | 142.250.181.238 | 192.168.2.8 |
| Jan 10, 2025 21:41:03.770143986 CET | 49785 | 443 | 192.168.2.8 | 142.250.181.238 |
| Jan 10, 2025 21:41:03.783288002 CET | 49785 | 443 | 192.168.2.8 | 142.250.181.238 |
| Jan 10, 2025 21:41:03.783322096 CET | 443 | 49785 | 142.250.181.238 | 192.168.2.8 |
| Jan 10, 2025 21:41:04.574706078 CET | 443 | 49785 | 142.250.181.238 | 192.168.2.8 |
| Jan 10, 2025 21:41:04.574775934 CET | 49785 | 443 | 192.168.2.8 | 142.250.181.238 |
| Jan 10, 2025 21:41:04.575809002 CET | 443 | 49785 | 142.250.181.238 | 192.168.2.8 |
| Jan 10, 2025 21:41:04.575910091 CET | 49785 | 443 | 192.168.2.8 | 142.250.181.238 |
| Jan 10, 2025 21:41:04.671637058 CET | 49785 | 443 | 192.168.2.8 | 142.250.181.238 |
| Jan 10, 2025 21:41:04.671659946 CET | 443 | 49785 | 142.250.181.238 | 192.168.2.8 |
| Jan 10, 2025 21:41:04.672015905 CET | 443 | 49785 | 142.250.181.238 | 192.168.2.8 |
| Jan 10, 2025 21:41:04.672080040 CET | 49785 | 443 | 192.168.2.8 | 142.250.181.238 |
| Jan 10, 2025 21:41:04.677010059 CET | 49785 | 443 | 192.168.2.8 | 142.250.181.238 |
| Jan 10, 2025 21:41:04.719342947 CET | 443 | 49785 | 142.250.181.238 | 192.168.2.8 |
| Jan 10, 2025 21:41:04.978503942 CET | 443 | 49785 | 142.250.181.238 | 192.168.2.8 |
| Jan 10, 2025 21:41:04.978563070 CET | 49785 | 443 | 192.168.2.8 | 142.250.181.238 |
| Jan 10, 2025 21:41:04.978578091 CET | 443 | 49785 | 142.250.181.238 | 192.168.2.8 |
| Jan 10, 2025 21:41:04.978605032 CET | 443 | 49785 | 142.250.181.238 | 192.168.2.8 |
| Jan 10, 2025 21:41:04.978629112 CET | 49785 | 443 | 192.168.2.8 | 142.250.181.238 |
| Jan 10, 2025 21:41:04.978653908 CET | 49785 | 443 | 192.168.2.8 | 142.250.181.238 |
| Jan 10, 2025 21:41:04.980153084 CET | 49785 | 443 | 192.168.2.8 | 142.250.181.238 |
| Jan 10, 2025 21:41:04.980179071 CET | 443 | 49785 | 142.250.181.238 | 192.168.2.8 |
| Jan 10, 2025 21:41:05.004508972 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:05.004559040 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:05.004646063 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:05.005023956 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:05.005043983 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:05.649202108 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:05.649321079 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:05.654588938 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:05.654596090 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:05.654905081 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:05.655056953 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:05.660360098 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:05.707331896 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.229330063 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.229418993 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.235208988 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.235277891 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.247733116 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.247798920 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.247808933 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.247843981 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.253961086 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.254010916 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.315769911 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.315836906 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.315839052 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.315849066 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.315882921 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.315907955 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.318370104 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.318423033 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.318429947 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.318466902 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.324764013 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.325059891 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.325076103 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.325179100 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.331615925 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.331679106 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.331685066 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.331748009 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.347232103 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.347291946 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.347299099 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.347356081 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.373136997 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.373265982 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.373272896 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.373321056 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.379013062 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.379076958 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.379081011 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.379165888 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.385402918 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.385504961 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.385510921 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.385543108 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.392738104 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.392815113 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.392837048 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.392891884 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.395222902 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.395337105 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.395342112 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.395385981 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.396183014 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.396229029 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.396234035 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.396415949 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.397105932 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.397172928 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.397190094 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.397233963 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.397764921 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.397833109 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.402575970 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.402622938 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.402651072 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.402698994 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.402698994 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.402698994 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.402705908 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.402853012 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.402946949 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.403007030 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.404889107 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.405015945 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.407038927 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.407176971 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.430672884 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.430746078 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.430773973 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.430773973 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.430788040 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.430859089 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.438433886 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.438523054 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.438530922 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.438714981 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.439979076 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.440042019 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.440049887 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.440141916 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.442323923 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.442387104 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.442394972 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.442501068 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.443912029 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.443984985 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.443990946 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.444041967 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.444540024 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.444596052 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.444600105 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.444735050 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.444930077 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.445050955 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.445055962 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.445106983 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.445173025 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.445442915 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.459956884 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.460027933 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.460042953 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.460051060 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.460067034 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.460119963 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.465363026 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.465526104 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.465807915 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.466074944 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.472302914 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.472376108 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.472383022 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.472548962 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.479104042 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.479288101 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.479295015 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.479341030 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.481553078 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.481609106 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.481663942 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.481663942 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.481673002 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.481723070 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.481729031 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.481739044 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.481775045 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.481775045 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.481781006 CET | 443 | 49794 | 216.58.206.65 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.481813908 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.481813908 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.481813908 CET | 49794 | 443 | 192.168.2.8 | 216.58.206.65 |
| Jan 10, 2025 21:41:08.804792881 CET | 49819 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:08.809820890 CET | 80 | 49819 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.809895992 CET | 49819 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:08.810267925 CET | 49819 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:08.815177917 CET | 80 | 49819 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:09.614402056 CET | 80 | 49819 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:09.618716002 CET | 49819 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:09.623878956 CET | 80 | 49819 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:09.803895950 CET | 80 | 49819 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:09.855798960 CET | 49819 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:10.257215023 CET | 49828 | 443 | 192.168.2.8 | 104.21.64.1 |
| Jan 10, 2025 21:41:10.257268906 CET | 443 | 49828 | 104.21.64.1 | 192.168.2.8 |
| Jan 10, 2025 21:41:10.257352114 CET | 49828 | 443 | 192.168.2.8 | 104.21.64.1 |
| Jan 10, 2025 21:41:10.259759903 CET | 49828 | 443 | 192.168.2.8 | 104.21.64.1 |
| Jan 10, 2025 21:41:10.259787083 CET | 443 | 49828 | 104.21.64.1 | 192.168.2.8 |
| Jan 10, 2025 21:41:10.774475098 CET | 443 | 49828 | 104.21.64.1 | 192.168.2.8 |
| Jan 10, 2025 21:41:10.774712086 CET | 49828 | 443 | 192.168.2.8 | 104.21.64.1 |
| Jan 10, 2025 21:41:10.778330088 CET | 49828 | 443 | 192.168.2.8 | 104.21.64.1 |
| Jan 10, 2025 21:41:10.778367996 CET | 443 | 49828 | 104.21.64.1 | 192.168.2.8 |
| Jan 10, 2025 21:41:10.778722048 CET | 443 | 49828 | 104.21.64.1 | 192.168.2.8 |
| Jan 10, 2025 21:41:10.782228947 CET | 49828 | 443 | 192.168.2.8 | 104.21.64.1 |
| Jan 10, 2025 21:41:10.827332020 CET | 443 | 49828 | 104.21.64.1 | 192.168.2.8 |
| Jan 10, 2025 21:41:10.925339937 CET | 443 | 49828 | 104.21.64.1 | 192.168.2.8 |
| Jan 10, 2025 21:41:10.925489902 CET | 443 | 49828 | 104.21.64.1 | 192.168.2.8 |
| Jan 10, 2025 21:41:10.925718069 CET | 49828 | 443 | 192.168.2.8 | 104.21.64.1 |
| Jan 10, 2025 21:41:10.931377888 CET | 49828 | 443 | 192.168.2.8 | 104.21.64.1 |
| Jan 10, 2025 21:41:16.495522022 CET | 49819 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:16.500324965 CET | 80 | 49819 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:16.694782019 CET | 80 | 49819 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:16.707104921 CET | 49867 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:16.707154036 CET | 443 | 49867 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:16.707214117 CET | 49867 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:16.707662106 CET | 49867 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:16.707683086 CET | 443 | 49867 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:16.746397018 CET | 49819 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:17.317369938 CET | 443 | 49867 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:17.317478895 CET | 49867 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:17.344470978 CET | 49867 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:17.344495058 CET | 443 | 49867 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:17.344847918 CET | 443 | 49867 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:17.371156931 CET | 49867 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:17.415335894 CET | 443 | 49867 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:17.415399075 CET | 49867 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:17.415421009 CET | 443 | 49867 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:17.793725014 CET | 443 | 49867 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:17.793813944 CET | 443 | 49867 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:17.794198990 CET | 49867 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:17.794421911 CET | 49867 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:17.953216076 CET | 49819 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:17.955277920 CET | 49875 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:17.958261967 CET | 80 | 49819 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:17.958477020 CET | 49819 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:17.960118055 CET | 80 | 49875 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:17.960191011 CET | 49875 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:17.960401058 CET | 49875 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:17.965179920 CET | 80 | 49875 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:18.613688946 CET | 80 | 49875 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:18.614960909 CET | 49880 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:18.615004063 CET | 443 | 49880 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:18.615156889 CET | 49880 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:18.615632057 CET | 49880 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:18.615645885 CET | 443 | 49880 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:18.668334007 CET | 49875 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:19.222309113 CET | 443 | 49880 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:19.224546909 CET | 49880 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:19.224561930 CET | 443 | 49880 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:19.224674940 CET | 49880 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:19.224684954 CET | 443 | 49880 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:19.687100887 CET | 443 | 49880 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:19.687191010 CET | 443 | 49880 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:19.687325954 CET | 49880 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:19.687755108 CET | 49880 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:19.691416025 CET | 49885 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:19.696368933 CET | 80 | 49885 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:19.698801994 CET | 49885 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:19.698868036 CET | 49885 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:19.703651905 CET | 80 | 49885 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:20.378555059 CET | 80 | 49885 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:20.379586935 CET | 49891 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:20.379642963 CET | 443 | 49891 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:20.379709959 CET | 49891 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:20.380002975 CET | 49891 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:20.380012989 CET | 443 | 49891 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:20.418275118 CET | 49885 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:21.003854990 CET | 443 | 49891 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:21.005868912 CET | 49891 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:21.005892038 CET | 443 | 49891 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:21.005981922 CET | 49891 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:21.005990982 CET | 443 | 49891 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:21.485801935 CET | 443 | 49891 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:21.485884905 CET | 443 | 49891 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:21.485934019 CET | 49891 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:21.486335993 CET | 49891 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:21.490037918 CET | 49885 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:21.490858078 CET | 49898 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:21.495070934 CET | 80 | 49885 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:21.495122910 CET | 49885 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:21.495682001 CET | 80 | 49898 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:21.495757103 CET | 49898 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:21.495853901 CET | 49898 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:21.500690937 CET | 80 | 49898 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:22.121169090 CET | 80 | 49898 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:22.122656107 CET | 49904 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:22.122684002 CET | 443 | 49904 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:22.123646021 CET | 49904 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:22.123909950 CET | 49904 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:22.123920918 CET | 443 | 49904 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:22.168400049 CET | 49898 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:22.743493080 CET | 443 | 49904 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:22.756608009 CET | 49904 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:22.756624937 CET | 443 | 49904 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:22.756782055 CET | 49904 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:22.756788015 CET | 443 | 49904 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:23.162013054 CET | 443 | 49904 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:23.162096977 CET | 443 | 49904 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:23.162225008 CET | 49904 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:23.162683010 CET | 49904 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:23.166049004 CET | 49898 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:23.167129993 CET | 49910 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:23.170989037 CET | 80 | 49898 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:23.171046972 CET | 49898 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:23.171940088 CET | 80 | 49910 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:23.171999931 CET | 49910 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:23.172087908 CET | 49910 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:23.176862001 CET | 80 | 49910 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:24.005698919 CET | 80 | 49910 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:24.007307053 CET | 49917 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:24.007348061 CET | 443 | 49917 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:24.007440090 CET | 49917 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:24.007783890 CET | 49917 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:24.007797956 CET | 443 | 49917 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:24.058945894 CET | 49910 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:24.653040886 CET | 443 | 49917 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:24.654793978 CET | 49917 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:24.654815912 CET | 443 | 49917 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:24.654877901 CET | 49917 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:24.654886007 CET | 443 | 49917 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:24.917733908 CET | 443 | 49917 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:24.917809010 CET | 443 | 49917 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:24.917861938 CET | 49917 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:24.918559074 CET | 49917 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:24.922050953 CET | 49910 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:24.923125982 CET | 49924 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:24.927000046 CET | 80 | 49910 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:24.927069902 CET | 49910 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:24.928004026 CET | 80 | 49924 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:24.928073883 CET | 49924 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:24.928162098 CET | 49924 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:24.932897091 CET | 80 | 49924 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:25.634325027 CET | 80 | 49924 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:25.635641098 CET | 49929 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:25.635677099 CET | 443 | 49929 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:25.635756016 CET | 49929 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:25.636054039 CET | 49929 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:25.636068106 CET | 443 | 49929 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:25.684012890 CET | 49924 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:26.260580063 CET | 443 | 49929 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:26.262624979 CET | 49929 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:26.262655973 CET | 443 | 49929 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:26.262727976 CET | 49929 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:26.262741089 CET | 443 | 49929 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:26.614814043 CET | 443 | 49929 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:26.614893913 CET | 443 | 49929 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:26.614940882 CET | 49929 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:26.615278959 CET | 49929 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:26.618729115 CET | 49924 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:26.621162891 CET | 49937 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:26.623713970 CET | 80 | 49924 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:26.623776913 CET | 49924 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:26.626051903 CET | 80 | 49937 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:26.626235962 CET | 49937 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:26.626281023 CET | 49937 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:26.631078959 CET | 80 | 49937 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:27.253050089 CET | 80 | 49937 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:27.254251957 CET | 49942 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:27.254300117 CET | 443 | 49942 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:27.254365921 CET | 49942 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:27.254601002 CET | 49942 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:27.254616976 CET | 443 | 49942 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:27.293292046 CET | 49937 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:27.912113905 CET | 443 | 49942 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:27.913748026 CET | 49942 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:27.913765907 CET | 443 | 49942 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:27.913820028 CET | 49942 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:27.913829088 CET | 443 | 49942 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:28.224004984 CET | 443 | 49942 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:28.224075079 CET | 443 | 49942 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:28.224271059 CET | 49942 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:28.224535942 CET | 49942 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:28.228176117 CET | 49937 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:28.228537083 CET | 49948 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:28.233549118 CET | 80 | 49948 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:28.233635902 CET | 49948 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:28.233674049 CET | 80 | 49937 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:28.233841896 CET | 49948 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:28.234213114 CET | 49937 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:28.239419937 CET | 80 | 49948 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:29.235835075 CET | 80 | 49948 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:29.237102985 CET | 49955 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:29.237138987 CET | 443 | 49955 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:29.237226963 CET | 49955 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:29.237474918 CET | 49955 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:29.237484932 CET | 443 | 49955 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:29.277657986 CET | 49948 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:29.887833118 CET | 443 | 49955 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:29.890290976 CET | 49955 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:29.890331984 CET | 443 | 49955 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:29.890384912 CET | 49955 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:29.890394926 CET | 443 | 49955 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:30.314641953 CET | 443 | 49955 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:30.314733028 CET | 443 | 49955 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:30.314793110 CET | 49955 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:30.315135002 CET | 49955 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:30.319107056 CET | 49948 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:30.320558071 CET | 49960 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:30.324093103 CET | 80 | 49948 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:30.324141026 CET | 49948 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:30.325475931 CET | 80 | 49960 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:30.325532913 CET | 49960 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:30.325670004 CET | 49960 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:30.330431938 CET | 80 | 49960 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:30.949132919 CET | 80 | 49960 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:30.951092005 CET | 49965 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:30.951132059 CET | 443 | 49965 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:30.951284885 CET | 49965 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:30.951472044 CET | 49965 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:30.951488018 CET | 443 | 49965 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:30.996427059 CET | 49960 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:31.565001965 CET | 443 | 49965 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:31.567729950 CET | 49965 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:31.567773104 CET | 443 | 49965 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:31.567922115 CET | 49965 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:31.567929029 CET | 443 | 49965 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:31.879698992 CET | 443 | 49965 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:31.879827976 CET | 443 | 49965 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:31.882776022 CET | 49965 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:31.883013964 CET | 49965 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:31.886105061 CET | 49960 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:31.886806011 CET | 49972 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:31.891026974 CET | 80 | 49960 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:31.891613960 CET | 80 | 49972 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:31.891685963 CET | 49960 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:31.891705990 CET | 49972 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:31.891844988 CET | 49972 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:31.896584988 CET | 80 | 49972 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:32.517910957 CET | 80 | 49972 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:32.519346952 CET | 49977 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:32.519398928 CET | 443 | 49977 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:32.519468069 CET | 49977 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:32.519793034 CET | 49977 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:32.519805908 CET | 443 | 49977 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:32.558943987 CET | 49972 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:33.136620045 CET | 443 | 49977 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:33.138360977 CET | 49977 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:33.138390064 CET | 443 | 49977 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:33.138452053 CET | 49977 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:33.138464928 CET | 443 | 49977 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:33.495404005 CET | 443 | 49977 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:33.495510101 CET | 443 | 49977 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:33.495564938 CET | 49977 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:33.496006012 CET | 49977 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:33.499191999 CET | 49972 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:33.500356913 CET | 49984 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:33.504338980 CET | 80 | 49972 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:33.504405022 CET | 49972 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:33.505232096 CET | 80 | 49984 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:33.505294085 CET | 49984 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:33.505443096 CET | 49984 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:33.510312080 CET | 80 | 49984 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:34.140646935 CET | 80 | 49984 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:34.142362118 CET | 49989 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:34.142407894 CET | 443 | 49989 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:34.142493963 CET | 49989 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:34.142745018 CET | 49989 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:34.142755985 CET | 443 | 49989 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:34.183917999 CET | 49984 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:34.873944998 CET | 443 | 49989 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:34.875524998 CET | 49989 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:34.875546932 CET | 443 | 49989 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:34.875677109 CET | 49989 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:34.875682116 CET | 443 | 49989 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:35.188759089 CET | 443 | 49989 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:35.188838959 CET | 443 | 49989 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:35.188937902 CET | 49989 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:35.189431906 CET | 49989 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:35.192322969 CET | 49984 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:35.193515062 CET | 49996 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:35.197592020 CET | 80 | 49984 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:35.197670937 CET | 49984 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:35.198540926 CET | 80 | 49996 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:35.198635101 CET | 49996 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:35.198707104 CET | 49996 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:35.203576088 CET | 80 | 49996 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:35.849348068 CET | 80 | 49996 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:35.852283955 CET | 50001 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:35.852335930 CET | 443 | 50001 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:35.852502108 CET | 50001 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:35.852771997 CET | 50001 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:35.852787971 CET | 443 | 50001 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:35.902709007 CET | 49996 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:36.528270006 CET | 443 | 50001 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:36.530433893 CET | 50001 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:36.530445099 CET | 443 | 50001 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:36.530514002 CET | 50001 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:36.530523062 CET | 443 | 50001 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:36.757973909 CET | 443 | 50001 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:36.758080959 CET | 443 | 50001 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:36.758121967 CET | 50001 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:36.758466005 CET | 50001 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:36.761246920 CET | 49996 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:36.762517929 CET | 50005 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:36.766170025 CET | 80 | 49996 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:36.766246080 CET | 49996 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:36.767303944 CET | 80 | 50005 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:36.767376900 CET | 50005 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:36.767517090 CET | 50005 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:36.772269011 CET | 80 | 50005 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:37.402733088 CET | 80 | 50005 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:37.404131889 CET | 50006 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:37.404162884 CET | 443 | 50006 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:37.404227018 CET | 50006 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:37.404659986 CET | 50006 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:37.404670000 CET | 443 | 50006 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:37.449547052 CET | 50005 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:38.041182041 CET | 443 | 50006 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:38.043237925 CET | 50006 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:38.043257952 CET | 443 | 50006 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:38.043334007 CET | 50006 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:38.043344021 CET | 443 | 50006 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:38.364238977 CET | 443 | 50006 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:38.364335060 CET | 443 | 50006 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:38.364409924 CET | 50006 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:38.364922047 CET | 50006 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:38.367835045 CET | 50005 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:38.369023085 CET | 50007 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:38.372802019 CET | 80 | 50005 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:38.372859955 CET | 50005 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:38.373822927 CET | 80 | 50007 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:38.373882055 CET | 50007 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:38.373991966 CET | 50007 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:38.378722906 CET | 80 | 50007 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:38.999644041 CET | 80 | 50007 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:39.009272099 CET | 50008 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:39.009313107 CET | 443 | 50008 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:39.009401083 CET | 50008 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:39.017889023 CET | 50008 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:39.017913103 CET | 443 | 50008 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:39.043354034 CET | 50007 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:39.655133963 CET | 443 | 50008 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:39.656912088 CET | 50008 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:39.656934023 CET | 443 | 50008 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:39.656987906 CET | 50008 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:39.656996965 CET | 443 | 50008 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:40.055389881 CET | 443 | 50008 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:40.055479050 CET | 443 | 50008 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:40.055566072 CET | 50008 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:40.056078911 CET | 50008 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:40.059149027 CET | 50007 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:40.060192108 CET | 50009 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:40.064249039 CET | 80 | 50007 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:40.064368963 CET | 50007 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:40.065141916 CET | 80 | 50009 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:40.065216064 CET | 50009 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:40.065366030 CET | 50009 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:40.070236921 CET | 80 | 50009 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:40.697213888 CET | 80 | 50009 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:40.698470116 CET | 50010 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:40.698528051 CET | 443 | 50010 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:40.698611021 CET | 50010 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:40.699038029 CET | 50010 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:40.699054956 CET | 443 | 50010 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:40.746537924 CET | 50009 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:41.350740910 CET | 443 | 50010 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:41.352417946 CET | 50010 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:41.352447987 CET | 443 | 50010 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:41.352504969 CET | 50010 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:41.352511883 CET | 443 | 50010 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:41.697351933 CET | 443 | 50010 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:41.697437048 CET | 443 | 50010 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:41.697493076 CET | 50010 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:41.697874069 CET | 50010 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:41.809706926 CET | 50009 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:41.810750961 CET | 50011 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:41.814600945 CET | 80 | 50009 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:41.814651012 CET | 50009 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:41.815501928 CET | 80 | 50011 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:41.815550089 CET | 50011 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:41.815677881 CET | 50011 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:41.820391893 CET | 80 | 50011 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:42.471446991 CET | 80 | 50011 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:42.472909927 CET | 50012 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:42.472971916 CET | 443 | 50012 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:42.473037958 CET | 50012 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:42.473351002 CET | 50012 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:42.473365068 CET | 443 | 50012 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:42.512089968 CET | 50011 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:43.107485056 CET | 443 | 50012 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:43.109098911 CET | 50012 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:43.109122992 CET | 443 | 50012 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:43.109205008 CET | 50012 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:43.109210014 CET | 443 | 50012 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:43.436357021 CET | 443 | 50012 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:43.436548948 CET | 443 | 50012 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:43.436609030 CET | 50012 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:43.437035084 CET | 50012 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:43.440242052 CET | 50011 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:43.441452026 CET | 50013 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:43.445888996 CET | 80 | 50011 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:43.445960999 CET | 50011 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:43.446811914 CET | 80 | 50013 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:43.446904898 CET | 50013 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:43.447027922 CET | 50013 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:43.451854944 CET | 80 | 50013 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:44.109529972 CET | 80 | 50013 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:44.110825062 CET | 50014 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:44.110873938 CET | 443 | 50014 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:44.110938072 CET | 50014 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:44.111258030 CET | 50014 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:44.111277103 CET | 443 | 50014 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:44.152808905 CET | 50013 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:44.744153976 CET | 443 | 50014 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:44.746022940 CET | 50014 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:44.746032000 CET | 443 | 50014 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:44.746090889 CET | 50014 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:44.746098042 CET | 443 | 50014 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:45.015908957 CET | 443 | 50014 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:45.015990019 CET | 443 | 50014 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:45.016045094 CET | 50014 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:45.016494989 CET | 50014 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:45.019598007 CET | 50013 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:45.020824909 CET | 50015 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:45.024594069 CET | 80 | 50013 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:45.024669886 CET | 50013 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:45.025616884 CET | 80 | 50015 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:45.025827885 CET | 50015 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:45.025974989 CET | 50015 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:45.030723095 CET | 80 | 50015 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:45.665112972 CET | 80 | 50015 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:45.666671038 CET | 50016 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:45.666707993 CET | 443 | 50016 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:45.666847944 CET | 50016 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:45.667160034 CET | 50016 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:45.667176008 CET | 443 | 50016 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:45.715363979 CET | 50015 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:46.292612076 CET | 443 | 50016 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:46.294342041 CET | 50016 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:46.294370890 CET | 443 | 50016 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:46.294430017 CET | 50016 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:46.294440031 CET | 443 | 50016 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:47.639400005 CET | 443 | 50016 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:47.639480114 CET | 443 | 50016 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:47.639528990 CET | 50016 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:47.640053034 CET | 50016 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:47.643091917 CET | 50015 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:47.644376040 CET | 50017 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:47.650275946 CET | 80 | 50017 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:47.650389910 CET | 50017 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:47.650533915 CET | 50017 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:47.655338049 CET | 80 | 50017 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:47.657702923 CET | 80 | 50015 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:47.657768965 CET | 50015 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:48.322406054 CET | 80 | 50017 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:48.323726892 CET | 50018 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:48.323765039 CET | 443 | 50018 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:48.323859930 CET | 50018 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:48.324142933 CET | 50018 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:48.324158907 CET | 443 | 50018 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:48.371447086 CET | 50017 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:48.957113028 CET | 443 | 50018 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:48.958898067 CET | 50018 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:48.958921909 CET | 443 | 50018 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:48.958980083 CET | 50018 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:48.958988905 CET | 443 | 50018 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:49.349524021 CET | 443 | 50018 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:49.349992990 CET | 443 | 50018 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:49.350073099 CET | 50018 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:49.350368023 CET | 50018 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:49.353503942 CET | 50017 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:49.354801893 CET | 50019 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:49.358412027 CET | 80 | 50017 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:49.358501911 CET | 50017 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:49.359585047 CET | 80 | 50019 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:49.359656096 CET | 50019 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:49.359824896 CET | 50019 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:49.366396904 CET | 80 | 50019 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:49.995424032 CET | 80 | 50019 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:49.996907949 CET | 50020 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:49.996965885 CET | 443 | 50020 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:49.997112036 CET | 50020 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:49.997339964 CET | 50020 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:49.997349977 CET | 443 | 50020 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:50.043373108 CET | 50019 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:50.628360987 CET | 443 | 50020 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:50.630084991 CET | 50020 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:50.630100012 CET | 443 | 50020 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:50.630215883 CET | 50020 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:50.630222082 CET | 443 | 50020 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:50.928790092 CET | 443 | 50020 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:50.928885937 CET | 443 | 50020 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:50.928972960 CET | 50020 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:50.929467916 CET | 50020 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:50.933469057 CET | 50019 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:50.934473991 CET | 50021 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:50.938520908 CET | 80 | 50019 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:50.938591003 CET | 50019 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:50.939606905 CET | 80 | 50021 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:50.939677000 CET | 50021 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:50.939788103 CET | 50021 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:50.944909096 CET | 80 | 50021 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:51.566680908 CET | 80 | 50021 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:51.568346024 CET | 50022 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:51.568384886 CET | 443 | 50022 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:51.568541050 CET | 50022 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:51.569047928 CET | 50022 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:51.569066048 CET | 443 | 50022 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:51.621489048 CET | 50021 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:52.192374945 CET | 443 | 50022 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:52.194073915 CET | 50022 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:52.194098949 CET | 443 | 50022 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:52.194159985 CET | 50022 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:52.194174051 CET | 443 | 50022 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:52.471100092 CET | 443 | 50022 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:52.471188068 CET | 443 | 50022 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:52.471236944 CET | 50022 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:52.471764088 CET | 50022 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:52.474910975 CET | 50021 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:52.475979090 CET | 50023 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:52.479974985 CET | 80 | 50021 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:52.480020046 CET | 50021 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:52.480717897 CET | 80 | 50023 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:52.480768919 CET | 50023 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:52.481209040 CET | 50023 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:52.486015081 CET | 80 | 50023 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:53.124181032 CET | 80 | 50023 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:53.126791000 CET | 50024 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:53.126832008 CET | 443 | 50024 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:53.126900911 CET | 50024 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:53.127182961 CET | 50024 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:53.127192020 CET | 443 | 50024 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:53.168313980 CET | 50023 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:53.766230106 CET | 443 | 50024 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:53.768007040 CET | 50024 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:53.768028975 CET | 443 | 50024 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:53.768071890 CET | 50024 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:53.768079042 CET | 443 | 50024 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:53.993016005 CET | 443 | 50024 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:53.993088961 CET | 443 | 50024 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:53.993163109 CET | 50024 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:53.993613005 CET | 50024 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:53.996788025 CET | 50023 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:53.997998953 CET | 50025 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:54.001766920 CET | 80 | 50023 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:54.001833916 CET | 50023 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:54.002793074 CET | 80 | 50025 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:54.002969027 CET | 50025 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:54.003122091 CET | 50025 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:54.007894039 CET | 80 | 50025 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:54.652731895 CET | 80 | 50025 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:54.654052019 CET | 50026 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:54.654089928 CET | 443 | 50026 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:54.654191971 CET | 50026 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:54.654460907 CET | 50026 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:54.654474020 CET | 443 | 50026 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:54.699598074 CET | 50025 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:55.292296886 CET | 443 | 50026 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:55.294430971 CET | 50026 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:55.294524908 CET | 443 | 50026 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:55.294600964 CET | 50026 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:55.294617891 CET | 443 | 50026 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:55.601073027 CET | 443 | 50026 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:55.601150990 CET | 443 | 50026 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:55.601332903 CET | 50026 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:55.601675034 CET | 50026 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:55.604585886 CET | 50025 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:55.605892897 CET | 50027 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:55.609658003 CET | 80 | 50025 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:55.609760046 CET | 50025 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:55.610687971 CET | 80 | 50027 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:55.610764980 CET | 50027 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:55.610965967 CET | 50027 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:55.615923882 CET | 80 | 50027 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:56.246154070 CET | 80 | 50027 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:56.247479916 CET | 50028 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:56.247513056 CET | 443 | 50028 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:56.247577906 CET | 50028 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:56.247850895 CET | 50028 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:56.247868061 CET | 443 | 50028 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:56.293463945 CET | 50027 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:56.861699104 CET | 443 | 50028 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:56.863491058 CET | 50028 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:56.863509893 CET | 443 | 50028 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:56.863574028 CET | 50028 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:56.863588095 CET | 443 | 50028 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:57.166619062 CET | 443 | 50028 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:57.166682959 CET | 443 | 50028 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:57.166738987 CET | 50028 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:57.167167902 CET | 50028 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:57.170598030 CET | 50027 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:57.171367884 CET | 50029 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:57.175569057 CET | 80 | 50027 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:57.175649881 CET | 50027 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:57.176120043 CET | 80 | 50029 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:57.176224947 CET | 50029 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:57.176326036 CET | 50029 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:57.181054115 CET | 80 | 50029 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:57.844468117 CET | 80 | 50029 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:57.845689058 CET | 50030 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:57.845714092 CET | 443 | 50030 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:57.845783949 CET | 50030 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:57.846074104 CET | 50030 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:57.846087933 CET | 443 | 50030 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:57.887161016 CET | 50029 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:58.485811949 CET | 443 | 50030 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:58.487473011 CET | 50030 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:58.487485886 CET | 443 | 50030 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:58.487552881 CET | 50030 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:58.487567902 CET | 443 | 50030 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:58.844984055 CET | 443 | 50030 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:58.845072031 CET | 443 | 50030 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:58.845118999 CET | 50030 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:58.850820065 CET | 50030 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:58.915337086 CET | 50029 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:58.916059971 CET | 50031 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:58.920334101 CET | 80 | 50029 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:58.920413017 CET | 50029 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:58.920830965 CET | 80 | 50031 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:58.920960903 CET | 50031 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:58.921164989 CET | 50031 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:41:58.925910950 CET | 80 | 50031 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:59.693829060 CET | 80 | 50031 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:41:59.695197105 CET | 50032 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:59.695241928 CET | 443 | 50032 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:59.695336103 CET | 50032 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:59.695738077 CET | 50032 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:41:59.695755959 CET | 443 | 50032 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:41:59.746562958 CET | 50031 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:42:00.299566031 CET | 443 | 50032 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:42:00.308396101 CET | 50032 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:42:00.308418989 CET | 443 | 50032 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:42:00.308473110 CET | 50032 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:42:00.308481932 CET | 443 | 50032 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:42:00.554507017 CET | 443 | 50032 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:42:00.554609060 CET | 443 | 50032 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:42:00.554781914 CET | 50032 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:42:00.555279016 CET | 50032 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:42:00.564040899 CET | 50031 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:42:00.564522028 CET | 50033 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:42:00.568943024 CET | 80 | 50031 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:42:00.569319963 CET | 80 | 50033 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:42:00.569458961 CET | 50033 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:42:00.569467068 CET | 50031 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:42:00.569521904 CET | 50033 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:42:00.574259996 CET | 80 | 50033 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:42:01.222454071 CET | 80 | 50033 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:42:01.267803907 CET | 50034 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:42:01.267848015 CET | 443 | 50034 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:42:01.267949104 CET | 50034 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:42:01.268228054 CET | 50034 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:42:01.268243074 CET | 443 | 50034 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:42:01.277741909 CET | 50033 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:42:01.889246941 CET | 443 | 50034 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:42:01.891196966 CET | 50034 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:42:01.891242981 CET | 443 | 50034 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:42:01.891319036 CET | 50034 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:42:01.891338110 CET | 443 | 50034 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:42:02.309175968 CET | 443 | 50034 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:42:02.309278965 CET | 443 | 50034 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:42:02.309349060 CET | 50034 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:42:02.309771061 CET | 50034 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:42:02.312788010 CET | 50033 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:42:02.313990116 CET | 50035 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:42:02.317724943 CET | 80 | 50033 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:42:02.317806959 CET | 50033 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:42:02.318763971 CET | 80 | 50035 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:42:02.318933964 CET | 50035 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:42:02.319140911 CET | 50035 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:42:02.323996067 CET | 80 | 50035 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:42:02.958204031 CET | 80 | 50035 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:42:02.959719896 CET | 50036 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:42:02.959760904 CET | 443 | 50036 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:42:02.959872961 CET | 50036 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:42:02.960241079 CET | 50036 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:42:02.960252047 CET | 443 | 50036 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:42:03.012121916 CET | 50035 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:42:03.580976963 CET | 443 | 50036 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:42:03.582865953 CET | 50036 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:42:03.582889080 CET | 443 | 50036 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:42:03.586837053 CET | 50036 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:42:03.586843014 CET | 443 | 50036 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:42:03.939192057 CET | 443 | 50036 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:42:03.939274073 CET | 443 | 50036 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:42:03.939336061 CET | 50036 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:42:06.873197079 CET | 50036 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:42:06.882195950 CET | 50035 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:42:06.882807970 CET | 50037 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:42:06.887294054 CET | 80 | 50035 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:42:06.887342930 CET | 50035 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:42:06.888098955 CET | 80 | 50037 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:42:06.888156891 CET | 50037 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:42:06.888256073 CET | 50037 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:42:06.893105030 CET | 80 | 50037 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:42:07.556528091 CET | 80 | 50037 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 21:42:07.557790995 CET | 50038 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:42:07.557847023 CET | 443 | 50038 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:42:07.557928085 CET | 50038 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:42:07.558187008 CET | 50038 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 21:42:07.558202028 CET | 443 | 50038 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:42:07.605879068 CET | 50037 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 21:42:08.980269909 CET | 443 | 50038 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 21:42:09.027718067 CET | 50038 | 443 | 192.168.2.8 | 149.154.167.220 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 10, 2025 21:41:03.556583881 CET | 63235 | 53 | 192.168.2.8 | 1.1.1.1 |
| Jan 10, 2025 21:41:03.762213945 CET | 53 | 63235 | 1.1.1.1 | 192.168.2.8 |
| Jan 10, 2025 21:41:04.996329069 CET | 64572 | 53 | 192.168.2.8 | 1.1.1.1 |
| Jan 10, 2025 21:41:05.003546000 CET | 53 | 64572 | 1.1.1.1 | 192.168.2.8 |
| Jan 10, 2025 21:41:08.787539959 CET | 60608 | 53 | 192.168.2.8 | 1.1.1.1 |
| Jan 10, 2025 21:41:08.796761036 CET | 53 | 60608 | 1.1.1.1 | 192.168.2.8 |
| Jan 10, 2025 21:41:10.246839046 CET | 63662 | 53 | 192.168.2.8 | 1.1.1.1 |
| Jan 10, 2025 21:41:10.256417036 CET | 53 | 63662 | 1.1.1.1 | 192.168.2.8 |
| Jan 10, 2025 21:41:16.699421883 CET | 56999 | 53 | 192.168.2.8 | 1.1.1.1 |
| Jan 10, 2025 21:41:16.706104994 CET | 53 | 56999 | 1.1.1.1 | 192.168.2.8 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Jan 10, 2025 21:41:03.556583881 CET | 192.168.2.8 | 1.1.1.1 | 0x971f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 21:41:04.996329069 CET | 192.168.2.8 | 1.1.1.1 | 0x9bf6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 21:41:08.787539959 CET | 192.168.2.8 | 1.1.1.1 | 0x5375 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 21:41:10.246839046 CET | 192.168.2.8 | 1.1.1.1 | 0xced0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 21:41:16.699421883 CET | 192.168.2.8 | 1.1.1.1 | 0x716b | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Jan 10, 2025 21:41:03.762213945 CET | 1.1.1.1 | 192.168.2.8 | 0x971f | No error (0) | 142.250.181.238 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:05.003546000 CET | 1.1.1.1 | 192.168.2.8 | 0x9bf6 | No error (0) | 216.58.206.65 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:08.796761036 CET | 1.1.1.1 | 192.168.2.8 | 0x5375 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:08.796761036 CET | 1.1.1.1 | 192.168.2.8 | 0x5375 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:08.796761036 CET | 1.1.1.1 | 192.168.2.8 | 0x5375 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:08.796761036 CET | 1.1.1.1 | 192.168.2.8 | 0x5375 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:08.796761036 CET | 1.1.1.1 | 192.168.2.8 | 0x5375 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:08.796761036 CET | 1.1.1.1 | 192.168.2.8 | 0x5375 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:10.256417036 CET | 1.1.1.1 | 192.168.2.8 | 0xced0 | No error (0) | 104.21.64.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:10.256417036 CET | 1.1.1.1 | 192.168.2.8 | 0xced0 | No error (0) | 104.21.48.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:10.256417036 CET | 1.1.1.1 | 192.168.2.8 | 0xced0 | No error (0) | 104.21.16.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:10.256417036 CET | 1.1.1.1 | 192.168.2.8 | 0xced0 | No error (0) | 104.21.80.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:10.256417036 CET | 1.1.1.1 | 192.168.2.8 | 0xced0 | No error (0) | 104.21.96.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:10.256417036 CET | 1.1.1.1 | 192.168.2.8 | 0xced0 | No error (0) | 104.21.32.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:10.256417036 CET | 1.1.1.1 | 192.168.2.8 | 0xced0 | No error (0) | 104.21.112.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:16.706104994 CET | 1.1.1.1 | 192.168.2.8 | 0x716b | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.8 | 49819 | 193.122.6.168 | 80 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:08.810267925 CET | 151 | OUT | |
| Jan 10, 2025 21:41:09.614402056 CET | 273 | IN | |
| Jan 10, 2025 21:41:09.618716002 CET | 127 | OUT | |
| Jan 10, 2025 21:41:09.803895950 CET | 273 | IN | |
| Jan 10, 2025 21:41:16.495522022 CET | 127 | OUT | |
| Jan 10, 2025 21:41:16.694782019 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.8 | 49875 | 193.122.6.168 | 80 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:17.960401058 CET | 127 | OUT | |
| Jan 10, 2025 21:41:18.613688946 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.8 | 49885 | 193.122.6.168 | 80 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:19.698868036 CET | 151 | OUT | |
| Jan 10, 2025 21:41:20.378555059 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.8 | 49898 | 193.122.6.168 | 80 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:21.495853901 CET | 151 | OUT | |
| Jan 10, 2025 21:41:22.121169090 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.8 | 49910 | 193.122.6.168 | 80 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:23.172087908 CET | 151 | OUT | |
| Jan 10, 2025 21:41:24.005698919 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.8 | 49924 | 193.122.6.168 | 80 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:24.928162098 CET | 151 | OUT | |
| Jan 10, 2025 21:41:25.634325027 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.8 | 49937 | 193.122.6.168 | 80 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:26.626281023 CET | 151 | OUT | |
| Jan 10, 2025 21:41:27.253050089 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.8 | 49948 | 193.122.6.168 | 80 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:28.233841896 CET | 151 | OUT | |
| Jan 10, 2025 21:41:29.235835075 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.8 | 49960 | 193.122.6.168 | 80 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:30.325670004 CET | 151 | OUT | |
| Jan 10, 2025 21:41:30.949132919 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.8 | 49972 | 193.122.6.168 | 80 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:31.891844988 CET | 151 | OUT | |
| Jan 10, 2025 21:41:32.517910957 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.8 | 49984 | 193.122.6.168 | 80 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:33.505443096 CET | 151 | OUT | |
| Jan 10, 2025 21:41:34.140646935 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.8 | 49996 | 193.122.6.168 | 80 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:35.198707104 CET | 151 | OUT | |
| Jan 10, 2025 21:41:35.849348068 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.8 | 50005 | 193.122.6.168 | 80 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:36.767517090 CET | 151 | OUT | |
| Jan 10, 2025 21:41:37.402733088 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.8 | 50007 | 193.122.6.168 | 80 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:38.373991966 CET | 151 | OUT | |
| Jan 10, 2025 21:41:38.999644041 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.8 | 50009 | 193.122.6.168 | 80 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:40.065366030 CET | 151 | OUT | |
| Jan 10, 2025 21:41:40.697213888 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.8 | 50011 | 193.122.6.168 | 80 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:41.815677881 CET | 151 | OUT | |
| Jan 10, 2025 21:41:42.471446991 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.8 | 50013 | 193.122.6.168 | 80 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:43.447027922 CET | 151 | OUT | |
| Jan 10, 2025 21:41:44.109529972 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 17 | 192.168.2.8 | 50015 | 193.122.6.168 | 80 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:45.025974989 CET | 151 | OUT | |
| Jan 10, 2025 21:41:45.665112972 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 18 | 192.168.2.8 | 50017 | 193.122.6.168 | 80 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:47.650533915 CET | 151 | OUT | |
| Jan 10, 2025 21:41:48.322406054 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 19 | 192.168.2.8 | 50019 | 193.122.6.168 | 80 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:49.359824896 CET | 151 | OUT | |
| Jan 10, 2025 21:41:49.995424032 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 20 | 192.168.2.8 | 50021 | 193.122.6.168 | 80 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:50.939788103 CET | 151 | OUT | |
| Jan 10, 2025 21:41:51.566680908 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 21 | 192.168.2.8 | 50023 | 193.122.6.168 | 80 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:52.481209040 CET | 151 | OUT | |
| Jan 10, 2025 21:41:53.124181032 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 22 | 192.168.2.8 | 50025 | 193.122.6.168 | 80 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:54.003122091 CET | 151 | OUT | |
| Jan 10, 2025 21:41:54.652731895 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 23 | 192.168.2.8 | 50027 | 193.122.6.168 | 80 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:55.610965967 CET | 151 | OUT | |
| Jan 10, 2025 21:41:56.246154070 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 24 | 192.168.2.8 | 50029 | 193.122.6.168 | 80 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:57.176326036 CET | 151 | OUT | |
| Jan 10, 2025 21:41:57.844468117 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 25 | 192.168.2.8 | 50031 | 193.122.6.168 | 80 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:58.921164989 CET | 151 | OUT | |
| Jan 10, 2025 21:41:59.693829060 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 26 | 192.168.2.8 | 50033 | 193.122.6.168 | 80 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:42:00.569521904 CET | 151 | OUT | |
| Jan 10, 2025 21:42:01.222454071 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 27 | 192.168.2.8 | 50035 | 193.122.6.168 | 80 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:42:02.319140911 CET | 151 | OUT | |
| Jan 10, 2025 21:42:02.958204031 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 28 | 192.168.2.8 | 50037 | 193.122.6.168 | 80 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:42:06.888256073 CET | 151 | OUT | |
| Jan 10, 2025 21:42:07.556528091 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.8 | 49785 | 142.250.181.238 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:04 UTC | 216 | OUT | |
| 2025-01-10 20:41:04 UTC | 1920 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.8 | 49794 | 216.58.206.65 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:05 UTC | 258 | OUT | |
| 2025-01-10 20:41:08 UTC | 4954 | IN | |
| 2025-01-10 20:41:08 UTC | 4954 | IN | |
| 2025-01-10 20:41:08 UTC | 4787 | IN | |
| 2025-01-10 20:41:08 UTC | 1326 | IN | |
| 2025-01-10 20:41:08 UTC | 1390 | IN | |
| 2025-01-10 20:41:08 UTC | 1390 | IN | |
| 2025-01-10 20:41:08 UTC | 1390 | IN | |
| 2025-01-10 20:41:08 UTC | 1390 | IN | |
| 2025-01-10 20:41:08 UTC | 1390 | IN | |
| 2025-01-10 20:41:08 UTC | 1390 | IN | |
| 2025-01-10 20:41:08 UTC | 1390 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.8 | 49828 | 104.21.64.1 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:10 UTC | 85 | OUT | |
| 2025-01-10 20:41:10 UTC | 853 | IN | |
| 2025-01-10 20:41:10 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.8 | 49867 | 149.154.167.220 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:17 UTC | 296 | OUT | |
| 2025-01-10 20:41:17 UTC | 1090 | OUT | |
| 2025-01-10 20:41:17 UTC | 388 | IN | |
| 2025-01-10 20:41:17 UTC | 536 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.8 | 49880 | 149.154.167.220 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:19 UTC | 296 | OUT | |
| 2025-01-10 20:41:19 UTC | 1090 | OUT | |
| 2025-01-10 20:41:19 UTC | 388 | IN | |
| 2025-01-10 20:41:19 UTC | 539 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.8 | 49891 | 149.154.167.220 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:21 UTC | 272 | OUT | |
| 2025-01-10 20:41:21 UTC | 1090 | OUT | |
| 2025-01-10 20:41:21 UTC | 388 | IN | |
| 2025-01-10 20:41:21 UTC | 536 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.8 | 49904 | 149.154.167.220 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:22 UTC | 272 | OUT | |
| 2025-01-10 20:41:22 UTC | 1090 | OUT | |
| 2025-01-10 20:41:23 UTC | 388 | IN | |
| 2025-01-10 20:41:23 UTC | 536 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.8 | 49917 | 149.154.167.220 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:24 UTC | 272 | OUT | |
| 2025-01-10 20:41:24 UTC | 1090 | OUT | |
| 2025-01-10 20:41:24 UTC | 388 | IN | |
| 2025-01-10 20:41:24 UTC | 536 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.8 | 49929 | 149.154.167.220 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:26 UTC | 296 | OUT | |
| 2025-01-10 20:41:26 UTC | 1090 | OUT | |
| 2025-01-10 20:41:26 UTC | 388 | IN | |
| 2025-01-10 20:41:26 UTC | 536 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.8 | 49942 | 149.154.167.220 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:27 UTC | 296 | OUT | |
| 2025-01-10 20:41:27 UTC | 1090 | OUT | |
| 2025-01-10 20:41:28 UTC | 388 | IN | |
| 2025-01-10 20:41:28 UTC | 536 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.8 | 49955 | 149.154.167.220 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:29 UTC | 296 | OUT | |
| 2025-01-10 20:41:29 UTC | 1090 | OUT | |
| 2025-01-10 20:41:30 UTC | 388 | IN | |
| 2025-01-10 20:41:30 UTC | 536 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.8 | 49965 | 149.154.167.220 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:31 UTC | 296 | OUT | |
| 2025-01-10 20:41:31 UTC | 1090 | OUT | |
| 2025-01-10 20:41:31 UTC | 388 | IN | |
| 2025-01-10 20:41:31 UTC | 536 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.8 | 49977 | 149.154.167.220 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:33 UTC | 296 | OUT | |
| 2025-01-10 20:41:33 UTC | 1090 | OUT | |
| 2025-01-10 20:41:33 UTC | 388 | IN | |
| 2025-01-10 20:41:33 UTC | 536 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.8 | 49989 | 149.154.167.220 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:34 UTC | 296 | OUT | |
| 2025-01-10 20:41:34 UTC | 1090 | OUT | |
| 2025-01-10 20:41:35 UTC | 388 | IN | |
| 2025-01-10 20:41:35 UTC | 536 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.8 | 50001 | 149.154.167.220 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:36 UTC | 296 | OUT | |
| 2025-01-10 20:41:36 UTC | 1090 | OUT | |
| 2025-01-10 20:41:36 UTC | 388 | IN | |
| 2025-01-10 20:41:36 UTC | 537 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.8 | 50006 | 149.154.167.220 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:38 UTC | 296 | OUT | |
| 2025-01-10 20:41:38 UTC | 1090 | OUT | |
| 2025-01-10 20:41:38 UTC | 388 | IN | |
| 2025-01-10 20:41:38 UTC | 536 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.8 | 50008 | 149.154.167.220 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:39 UTC | 296 | OUT | |
| 2025-01-10 20:41:39 UTC | 1090 | OUT | |
| 2025-01-10 20:41:40 UTC | 388 | IN | |
| 2025-01-10 20:41:40 UTC | 536 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 17 | 192.168.2.8 | 50010 | 149.154.167.220 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:41 UTC | 296 | OUT | |
| 2025-01-10 20:41:41 UTC | 1090 | OUT | |
| 2025-01-10 20:41:41 UTC | 388 | IN | |
| 2025-01-10 20:41:41 UTC | 536 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 18 | 192.168.2.8 | 50012 | 149.154.167.220 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:43 UTC | 296 | OUT | |
| 2025-01-10 20:41:43 UTC | 1090 | OUT | |
| 2025-01-10 20:41:43 UTC | 388 | IN | |
| 2025-01-10 20:41:43 UTC | 536 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 19 | 192.168.2.8 | 50014 | 149.154.167.220 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:44 UTC | 296 | OUT | |
| 2025-01-10 20:41:44 UTC | 1090 | OUT | |
| 2025-01-10 20:41:45 UTC | 388 | IN | |
| 2025-01-10 20:41:45 UTC | 536 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 20 | 192.168.2.8 | 50016 | 149.154.167.220 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:46 UTC | 296 | OUT | |
| 2025-01-10 20:41:46 UTC | 1090 | OUT | |
| 2025-01-10 20:41:47 UTC | 388 | IN | |
| 2025-01-10 20:41:47 UTC | 537 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 21 | 192.168.2.8 | 50018 | 149.154.167.220 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:48 UTC | 296 | OUT | |
| 2025-01-10 20:41:48 UTC | 1090 | OUT | |
| 2025-01-10 20:41:49 UTC | 388 | IN | |
| 2025-01-10 20:41:49 UTC | 536 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 22 | 192.168.2.8 | 50020 | 149.154.167.220 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:50 UTC | 296 | OUT | |
| 2025-01-10 20:41:50 UTC | 1090 | OUT | |
| 2025-01-10 20:41:50 UTC | 388 | IN | |
| 2025-01-10 20:41:50 UTC | 536 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 23 | 192.168.2.8 | 50022 | 149.154.167.220 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:52 UTC | 296 | OUT | |
| 2025-01-10 20:41:52 UTC | 1090 | OUT | |
| 2025-01-10 20:41:52 UTC | 388 | IN | |
| 2025-01-10 20:41:52 UTC | 536 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 24 | 192.168.2.8 | 50024 | 149.154.167.220 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:53 UTC | 296 | OUT | |
| 2025-01-10 20:41:53 UTC | 1090 | OUT | |
| 2025-01-10 20:41:53 UTC | 388 | IN | |
| 2025-01-10 20:41:53 UTC | 536 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 25 | 192.168.2.8 | 50026 | 149.154.167.220 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:55 UTC | 296 | OUT | |
| 2025-01-10 20:41:55 UTC | 1090 | OUT | |
| 2025-01-10 20:41:55 UTC | 388 | IN | |
| 2025-01-10 20:41:55 UTC | 536 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 26 | 192.168.2.8 | 50028 | 149.154.167.220 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:56 UTC | 296 | OUT | |
| 2025-01-10 20:41:56 UTC | 1090 | OUT | |
| 2025-01-10 20:41:57 UTC | 388 | IN | |
| 2025-01-10 20:41:57 UTC | 536 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 27 | 192.168.2.8 | 50030 | 149.154.167.220 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:58 UTC | 296 | OUT | |
| 2025-01-10 20:41:58 UTC | 1090 | OUT | |
| 2025-01-10 20:41:58 UTC | 388 | IN | |
| 2025-01-10 20:41:58 UTC | 536 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 28 | 192.168.2.8 | 50032 | 149.154.167.220 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:42:00 UTC | 296 | OUT | |
| 2025-01-10 20:42:00 UTC | 1090 | OUT | |
| 2025-01-10 20:42:00 UTC | 388 | IN | |
| 2025-01-10 20:42:00 UTC | 536 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 29 | 192.168.2.8 | 50034 | 149.154.167.220 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:42:01 UTC | 296 | OUT | |
| 2025-01-10 20:42:01 UTC | 1090 | OUT | |
| 2025-01-10 20:42:02 UTC | 388 | IN | |
| 2025-01-10 20:42:02 UTC | 536 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 30 | 192.168.2.8 | 50036 | 149.154.167.220 | 443 | 5856 | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:42:03 UTC | 296 | OUT | |
| 2025-01-10 20:42:03 UTC | 1090 | OUT | |
| 2025-01-10 20:42:03 UTC | 388 | IN | |
| 2025-01-10 20:42:03 UTC | 537 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 15:39:56 |
| Start date: | 10/01/2025 |
| Path: | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 1'007'802 bytes |
| MD5 hash: | 37CAF3903448F4B7D38A4D8E180F54DD |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 5 |
| Start time: | 15:40:48 |
| Start date: | 10/01/2025 |
| Path: | C:\Users\user\Desktop\xXUnP7uCBJ.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 1'007'802 bytes |
| MD5 hash: | 37CAF3903448F4B7D38A4D8E180F54DD |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 20.3% |
| Dynamic/Decrypted Code Coverage: | 13.4% |
| Signature Coverage: | 19.5% |
| Total number of Nodes: | 1599 |
| Total number of Limit Nodes: | 38 |
Graph
Function 004034A5 Relevance: 84.4, APIs: 32, Strings: 16, Instructions: 410stringfilecomCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404DCC Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 701A1B5F Relevance: 20.1, APIs: 13, Instructions: 576stringlibrarymemoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405AFA Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406AF2 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403E86 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403AD8 Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402F30 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 203memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040640A Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 209stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406752 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004023E4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004053C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004062B6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406F27 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407128 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406E3E Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406943 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406D91 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406EAF Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406DFB Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402032 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004031D6 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401E49 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405EDE Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040599C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 701A2AAC Relevance: 1.6, APIs: 1, Instructions: 143COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040167B Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004027EF Relevance: 1.5, APIs: 1, Instructions: 28COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F61 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F90 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 701A2993 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040345D Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404394 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040558F Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404850 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402868 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040451E Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406034 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004043C6 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404D1A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402DF3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 701A2569 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404C0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402598 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 701A18D9 Relevance: 7.7, APIs: 5, Instructions: 194COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 701A2394 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401DB9 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 701A161D Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405CBD Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405DC5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004059D1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405D09 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 701A10E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405E43 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 10.4% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 2.5% |
| Total number of Nodes: | 238 |
| Total number of Limit Nodes: | 14 |
Graph
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38FC0C1A Relevance: 1.5, Strings: 1, Instructions: 237COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38FC0C28 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00178DA0 Relevance: 1.1, Instructions: 1138COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A9E7C8 Relevance: .8, Instructions: 764COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3956BDF0 Relevance: .8, Instructions: 758COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39568650 Relevance: .7, Instructions: 709COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00175F90 Relevance: .5, Instructions: 469COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38FCC638 Relevance: .3, Instructions: 303COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38FC03AF Relevance: .3, Instructions: 274COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3956A360 Relevance: .2, Instructions: 219COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39569D10 Relevance: .2, Instructions: 219COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3956A9B0 Relevance: .2, Instructions: 218COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 395696C8 Relevance: .2, Instructions: 218COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38FC0F6F Relevance: .2, Instructions: 202COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00174328 Relevance: .2, Instructions: 195COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3956BA97 Relevance: .2, Instructions: 191COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39568640 Relevance: .2, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3956A9A0 Relevance: .2, Instructions: 167COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 395696B8 Relevance: .2, Instructions: 166COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3956C92F Relevance: .2, Instructions: 153COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39569D00 Relevance: .1, Instructions: 110COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3956A352 Relevance: .1, Instructions: 108COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A90980 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00170B29 Relevance: 2.7, Strings: 2, Instructions: 203COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00170B30 Relevance: 2.7, Strings: 2, Instructions: 200COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A90104 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A90110 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A91DC0 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A9D3E8 Relevance: 1.6, APIs: 1, Instructions: 70comCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A90BC0 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A90BC8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A92018 Relevance: 1.5, APIs: 1, Instructions: 48timeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A9C560 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A9C60C Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A9E700 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39A92020 Relevance: 1.5, APIs: 1, Instructions: 44timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001789D0 Relevance: 1.5, Strings: 1, Instructions: 242COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3956D548 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00178729 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001719B8 Relevance: .9, Instructions: 854COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001766B8 Relevance: .5, Instructions: 456COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00174F00 Relevance: .3, Instructions: 329COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3956C175 Relevance: .3, Instructions: 322COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3956C173 Relevance: .3, Instructions: 319COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00175460 Relevance: .2, Instructions: 229COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00176C98 Relevance: .2, Instructions: 201COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0017AF90 Relevance: .2, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3956FAB0 Relevance: .2, Instructions: 189COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3956BA88 Relevance: .2, Instructions: 166COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3956C4CF Relevance: .2, Instructions: 155COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39567920 Relevance: .1, Instructions: 147COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3956CC28 Relevance: .1, Instructions: 145COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00173168 Relevance: .1, Instructions: 134COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39568721 Relevance: .1, Instructions: 130COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001792C3 Relevance: .1, Instructions: 125COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00179EB0 Relevance: .1, Instructions: 121COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00172C78 Relevance: .1, Instructions: 118COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00178BF0 Relevance: .1, Instructions: 105COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00174620 Relevance: .1, Instructions: 101COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3956CF30 Relevance: .1, Instructions: 96COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3956CF68 Relevance: .1, Instructions: 88COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00176F40 Relevance: .1, Instructions: 87COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3956FAA1 Relevance: .1, Instructions: 86COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39567911 Relevance: .1, Instructions: 78COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001718C8 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0009D4DC Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001752C8 Relevance: .1, Instructions: 74COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD030 Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00170EC8 Relevance: .1, Instructions: 70COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001717B8 Relevance: .1, Instructions: 64COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0017FE60 Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0017B2C2 Relevance: .1, Instructions: 61COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3956B9C7 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3956B9C8 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0009D4D7 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD02B Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00174E5F Relevance: .1, Instructions: 52COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3956E7F4 Relevance: .0, Instructions: 50COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0017B2F0 Relevance: .0, Instructions: 49COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3956CE50 Relevance: .0, Instructions: 47COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00178D19 Relevance: .0, Instructions: 44COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0017FC3E Relevance: .0, Instructions: 42COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 395695E8 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3956CE60 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39569608 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0017B158 Relevance: .0, Instructions: 32COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3956BD98 Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0017FE10 Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00171877 Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0017FE20 Relevance: .0, Instructions: 23COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00171888 Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001756FF Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0017FF21 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00179F6D Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3956D095 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 395695D8 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0017FF30 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0017FFB0 Relevance: .0, Instructions: 14COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3956BD48 Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 395694B4 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00175710 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004034A5 Relevance: 75.7, APIs: 32, Strings: 11, Instructions: 410stringfilecomCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404DCC Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405AFA Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 148filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406AF2 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38FCE790 Relevance: 1.5, Strings: 1, Instructions: 250COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39567B4F Relevance: .6, Instructions: 603COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38FCB930 Relevance: .3, Instructions: 277COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38FCB07F Relevance: .3, Instructions: 275COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38FCDEE1 Relevance: .3, Instructions: 274COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38FCDA89 Relevance: .3, Instructions: 272COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38FCEBF2 Relevance: .3, Instructions: 271COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39562108 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 395629B8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39561858 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39567070 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39564820 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39566368 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39563B18 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 395643C8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39563268 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39565208 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39565AB8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39562560 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39564DB0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39566C18 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39561400 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 395674C8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39561CB0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39563F70 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39565F10 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 395667C0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39560FA8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39565660 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39562E10 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 395636C0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38FCC1F2 Relevance: .3, Instructions: 267COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38FCF054 Relevance: .3, Instructions: 265COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38FCB4EC Relevance: .3, Instructions: 265COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38FCBD9C Relevance: .3, Instructions: 265COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38FCE339 Relevance: .2, Instructions: 249COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39568193 Relevance: .2, Instructions: 193COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39568373 Relevance: .1, Instructions: 116COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3956CBE7 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040558F Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403E86 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403AD8 Relevance: 38.7, APIs: 13, Strings: 9, Instructions: 215stringregistryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040451E Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 204windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404850 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406034 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402F30 Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 203memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040640A Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 209stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004043C6 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404D1A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406752 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402DF3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404C0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401DB9 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040591F Relevance: 6.0, APIs: 4, Instructions: 39COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405DC5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004053C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004059D1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406F27 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407128 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406E3E Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406943 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406D91 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406EAF Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406DFB Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405E43 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|