Windows
Analysis Report
6cicUo3f8g.exe
Overview
General Information
Sample name: | 6cicUo3f8g.exerenamed because original name is a hash value |
Original sample name: | f800b332a02989cb73f92d0b58f9658f7f5389be1a966670c507ccbd32c31ce7.exe |
Analysis ID: | 1588271 |
MD5: | d721eab396039744df30c1c4ac89386e |
SHA1: | db06bcb42971088989f20c795e484611b37b35b0 |
SHA256: | f800b332a02989cb73f92d0b58f9658f7f5389be1a966670c507ccbd32c31ce7 |
Tags: | exeMassLoggeruser-adrian__luca |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- 6cicUo3f8g.exe (PID: 3428 cmdline:
"C:\Users\ user\Deskt op\6cicUo3 f8g.exe" MD5: D721EAB396039744DF30C1C4AC89386E) - toggeries.exe (PID: 5916 cmdline:
"C:\Users\ user\Deskt op\6cicUo3 f8g.exe" MD5: D721EAB396039744DF30C1C4AC89386E) - RegSvcs.exe (PID: 1672 cmdline:
"C:\Users\ user\Deskt op\6cicUo3 f8g.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
- wscript.exe (PID: 6540 cmdline:
"C:\Window s\System32 \WScript.e xe" "C:\Us ers\user\A ppData\Roa ming\Micro soft\Windo ws\Start M enu\Progra ms\Startup \toggeries .vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80) - toggeries.exe (PID: 2184 cmdline:
"C:\Users\ user\AppDa ta\Local\T hebesian\t oggeries.e xe" MD5: D721EAB396039744DF30C1C4AC89386E) - RegSvcs.exe (PID: 7076 cmdline:
"C:\Users\ user\AppDa ta\Local\T hebesian\t oggeries.e xe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
{"Exfil Mode": "SMTP", "Email ID": "cures@wxtp.store", "Password": "7213575aceACE@@", "Host": "mail.wxtp.store", "Port": "587", "Version": "4.4"}
{"Exfil Mode": "SMTP", "Username": "cures@wxtp.store", "Password": "7213575aceACE@@", "Host": "mail.wxtp.store", "Port": "587", "Version": "4.4"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
JoeSecurity_VIPKeylogger | Yara detected VIP Keylogger | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown |
| |
Click to see the 29 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_VIPKeylogger | Yara detected VIP Keylogger | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown |
| |
MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth |
| |
Click to see the 28 entries |
System Summary |
---|
Source: | Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: |
Source: | Author: Michael Haag: |
Data Obfuscation |
---|
Source: | Author: Joe Security: |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-10T23:19:18.688114+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49728 | 104.21.32.1 | 443 | TCP |
2025-01-10T23:19:20.066545+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49740 | 104.21.32.1 | 443 | TCP |
2025-01-10T23:19:26.879099+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49794 | 104.21.32.1 | 443 | TCP |
2025-01-10T23:19:28.190658+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49807 | 104.21.32.1 | 443 | TCP |
2025-01-10T23:19:33.598886+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49841 | 104.21.32.1 | 443 | TCP |
2025-01-10T23:19:34.910911+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49851 | 104.21.32.1 | 443 | TCP |
2025-01-10T23:19:40.191886+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49893 | 104.21.32.1 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-10T23:19:17.027297+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49716 | 132.226.247.73 | 80 | TCP |
2025-01-10T23:19:17.996068+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49716 | 132.226.247.73 | 80 | TCP |
2025-01-10T23:19:19.449161+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49734 | 132.226.247.73 | 80 | TCP |
2025-01-10T23:19:32.058579+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49826 | 132.226.247.73 | 80 | TCP |
2025-01-10T23:19:32.996111+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49826 | 132.226.247.73 | 80 | TCP |
2025-01-10T23:19:34.355465+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49845 | 132.226.247.73 | 80 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-10T23:19:29.119581+0100 | 1810007 | 1 | Potentially Bad Traffic | 192.168.2.6 | 49811 | 149.154.167.220 | 443 | TCP |
2025-01-10T23:19:43.713922+0100 | 1810007 | 1 | Potentially Bad Traffic | 192.168.2.6 | 61868 | 149.154.167.220 | 443 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: | ||
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Location Tracking |
---|
Source: | DNS query: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_0094445A | |
Source: | Code function: | 0_2_0094C6D1 | |
Source: | Code function: | 0_2_0094C75C | |
Source: | Code function: | 0_2_0094EF95 | |
Source: | Code function: | 0_2_0094F0F2 | |
Source: | Code function: | 0_2_0094F3F3 | |
Source: | Code function: | 0_2_009437EF | |
Source: | Code function: | 0_2_00943B12 | |
Source: | Code function: | 0_2_0094BCBC | |
Source: | Code function: | 2_2_00B4445A | |
Source: | Code function: | 2_2_00B4C6D1 | |
Source: | Code function: | 2_2_00B4C75C | |
Source: | Code function: | 2_2_00B4EF95 | |
Source: | Code function: | 2_2_00B4F0F2 | |
Source: | Code function: | 2_2_00B4F3F3 | |
Source: | Code function: | 2_2_00B437EF | |
Source: | Code function: | 2_2_00B43B12 | |
Source: | Code function: | 2_2_00B4BCBC |
Source: | Code function: | 3_2_010AF631 | |
Source: | Code function: | 3_2_010AFA88 | |
Source: | Code function: | 3_2_05857720 | |
Source: | Code function: | 3_2_05858B58 | |
Source: | Code function: | 3_2_0585E588 | |
Source: | Code function: | 3_2_0585C598 | |
Source: | Code function: | 3_2_058565C0 | |
Source: | Code function: | 3_2_058515F8 | |
Source: | Code function: | 3_2_05850D48 | |
Source: | Code function: | 3_2_05850498 | |
Source: | Code function: | 3_2_0585AC31 | |
Source: | Code function: | 3_2_0585AC40 | |
Source: | Code function: | 3_2_0585DC68 | |
Source: | Code function: | 3_2_0585BC78 | |
Source: | Code function: | 3_2_05855780 | |
Source: | Code function: | 3_2_0585F7C8 | |
Source: | Code function: | 3_2_0585D7D8 | |
Source: | Code function: | 3_2_0585B7E8 | |
Source: | Code function: | 3_2_05852758 | |
Source: | Code function: | 3_2_05851EA8 | |
Source: | Code function: | 3_2_0585EEA8 | |
Source: | Code function: | 3_2_0585CEB8 | |
Source: | Code function: | 3_2_0585AEC8 | |
Source: | Code function: | 3_2_05854ED0 | |
Source: | Code function: | 3_2_05854620 | |
Source: | Code function: | 3_2_05856E70 | |
Source: | Code function: | 3_2_058511A0 | |
Source: | Code function: | 3_2_058541C8 | |
Source: | Code function: | 3_2_0585C108 | |
Source: | Code function: | 3_2_058508F0 | |
Source: | Code function: | 3_2_0585E0F8 | |
Source: | Code function: | 3_2_05853008 | |
Source: | Code function: | 3_2_05856030 | |
Source: | Code function: | 3_2_05850040 | |
Source: | Code function: | 3_2_05852BB0 | |
Source: | Code function: | 3_2_05855BD8 | |
Source: | Code function: | 3_2_05852300 | |
Source: | Code function: | 3_2_05855328 | |
Source: | Code function: | 3_2_0585F338 | |
Source: | Code function: | 3_2_0585D348 | |
Source: | Code function: | 3_2_0585B358 | |
Source: | Code function: | 3_2_058572C8 | |
Source: | Code function: | 3_2_05856A18 | |
Source: | Code function: | 3_2_0585EA18 | |
Source: | Code function: | 3_2_0585CA28 | |
Source: | Code function: | 3_2_05851A50 | |
Source: | Code function: | 3_2_05854A78 | |
Source: | Code function: | 8_2_0089F630 | |
Source: | Code function: | 8_2_0089FA88 | |
Source: | Code function: | 8_2_05FD2DC8 | |
Source: | Code function: | 8_2_05FD2968 | |
Source: | Code function: | 8_2_05FD0B30 | |
Source: | Code function: | 8_2_05FD0B30 | |
Source: | Code function: | 8_2_05FDE258 | |
Source: | Code function: | 8_2_05FD2DBE | |
Source: | Code function: | 8_2_05FDD9A8 | |
Source: | Code function: | 8_2_05FDD550 | |
Source: | Code function: | 8_2_05FD310E | |
Source: | Code function: | 8_2_05FDD0F8 | |
Source: | Code function: | 8_2_05FDCCA0 | |
Source: | Code function: | 8_2_05FD0853 | |
Source: | Code function: | 8_2_05FD0040 | |
Source: | Code function: | 8_2_05FDF810 | |
Source: | Code function: | 8_2_05FDF3B8 | |
Source: | Code function: | 8_2_05FDEF60 | |
Source: | Code function: | 8_2_05FDEB08 | |
Source: | Code function: | 8_2_05FDE6B0 | |
Source: | Code function: | 8_2_05FD0673 | |
Source: | Code function: | 8_2_05FDDE00 |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_009522EE |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_00954164 |
Source: | Code function: | 0_2_00954164 | |
Source: | Code function: | 2_2_00B54164 |
Source: | Code function: | 0_2_00953F66 |
Source: | Code function: | 0_2_0094001C |
Source: | Code function: | 0_2_0096CABC | |
Source: | Code function: | 2_2_00B6CABC |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_008E3B3A | |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | memstr_eafafbf7-b | |
Source: | String found in binary or memory: | memstr_2809f34d-7 | |
Source: | String found in binary or memory: | memstr_8a999768-8 | |
Source: | String found in binary or memory: | memstr_9382d570-5 | |
Source: | Code function: | 2_2_00AE3B3A | |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | memstr_ec7982b0-e | |
Source: | String found in binary or memory: | memstr_3f2def34-6 | |
Source: | String found in binary or memory: | memstr_d34a216e-e | |
Source: | String found in binary or memory: | memstr_d7881e21-3 | |
Source: | String found in binary or memory: | memstr_f2194f30-d | |
Source: | String found in binary or memory: | memstr_2ad712c6-4 | |
Source: | String found in binary or memory: | memstr_40e5e3df-e | |
Source: | String found in binary or memory: | memstr_97ac1136-3 |
Source: | COM Object queried: | Jump to behavior |
Source: | Code function: | 0_2_0094A1EF |
Source: | Code function: | 0_2_00938310 |
Source: | Code function: | 0_2_009451BD | |
Source: | Code function: | 2_2_00B451BD |
Source: | Code function: | 0_2_008EE6A0 | |
Source: | Code function: | 0_2_0090D975 | |
Source: | Code function: | 0_2_008EFCE0 | |
Source: | Code function: | 0_2_009021C5 | |
Source: | Code function: | 0_2_009162D2 | |
Source: | Code function: | 0_2_009603DA | |
Source: | Code function: | 0_2_0091242E | |
Source: | Code function: | 0_2_009025FA | |
Source: | Code function: | 0_2_008F66E1 | |
Source: | Code function: | 0_2_0093E616 | |
Source: | Code function: | 0_2_0091878F | |
Source: | Code function: | 0_2_00948889 | |
Source: | Code function: | 0_2_008F8808 | |
Source: | Code function: | 0_2_00960857 | |
Source: | Code function: | 0_2_00916844 | |
Source: | Code function: | 0_2_0090CB21 | |
Source: | Code function: | 0_2_00916DB6 | |
Source: | Code function: | 0_2_008F6F9E | |
Source: | Code function: | 0_2_008F3030 | |
Source: | Code function: | 0_2_00903187 | |
Source: | Code function: | 0_2_0090F1D9 | |
Source: | Code function: | 0_2_008E1287 | |
Source: | Code function: | 0_2_00901484 | |
Source: | Code function: | 0_2_008F5520 | |
Source: | Code function: | 0_2_00907696 | |
Source: | Code function: | 0_2_008F5760 | |
Source: | Code function: | 0_2_00901978 | |
Source: | Code function: | 0_2_00919AB5 | |
Source: | Code function: | 0_2_00901D90 | |
Source: | Code function: | 0_2_0090BDA6 | |
Source: | Code function: | 0_2_00967DDB | |
Source: | Code function: | 0_2_008F3FE0 | |
Source: | Code function: | 0_2_008EDF00 | |
Source: | Code function: | 0_2_01674D28 | |
Source: | Code function: | 2_2_00AEE6A0 | |
Source: | Code function: | 2_2_00B0D975 | |
Source: | Code function: | 2_2_00AEFCE0 | |
Source: | Code function: | 2_2_00B021C5 | |
Source: | Code function: | 2_2_00B162D2 | |
Source: | Code function: | 2_2_00B603DA | |
Source: | Code function: | 2_2_00B1242E | |
Source: | Code function: | 2_2_00B025FA | |
Source: | Code function: | 2_2_00AF66E1 | |
Source: | Code function: | 2_2_00B3E616 | |
Source: | Code function: | 2_2_00B1878F | |
Source: | Code function: | 2_2_00B48889 | |
Source: | Code function: | 2_2_00AF8808 | |
Source: | Code function: | 2_2_00B60857 | |
Source: | Code function: | 2_2_00B16844 | |
Source: | Code function: | 2_2_00B0CB21 | |
Source: | Code function: | 2_2_00B16DB6 | |
Source: | Code function: | 2_2_00AF6F9E | |
Source: | Code function: | 2_2_00AF3030 | |
Source: | Code function: | 2_2_00B03187 | |
Source: | Code function: | 2_2_00B0F1D9 | |
Source: | Code function: | 2_2_00AE1287 | |
Source: | Code function: | 2_2_00B01484 | |
Source: | Code function: | 2_2_00AF5520 | |
Source: | Code function: | 2_2_00B07696 | |
Source: | Code function: | 2_2_00AF5760 | |
Source: | Code function: | 2_2_00B01978 | |
Source: | Code function: | 2_2_00B19AB5 | |
Source: | Code function: | 2_2_00B0BDA6 | |
Source: | Code function: | 2_2_00B01D90 | |
Source: | Code function: | 2_2_00B67DDB | |
Source: | Code function: | 2_2_00AF3FE0 | |
Source: | Code function: | 2_2_00AEDF00 | |
Source: | Code function: | 2_2_00F66C88 | |
Source: | Code function: | 3_2_010A7118 | |
Source: | Code function: | 3_2_010AC146 | |
Source: | Code function: | 3_2_010AA088 | |
Source: | Code function: | 3_2_010A5362 | |
Source: | Code function: | 3_2_010AD278 | |
Source: | Code function: | 3_2_010AC468 | |
Source: | Code function: | 3_2_010AC738 | |
Source: | Code function: | 3_2_010AE988 | |
Source: | Code function: | 3_2_010A69A0 | |
Source: | Code function: | 3_2_010ACA08 | |
Source: | Code function: | 3_2_010ACCD8 | |
Source: | Code function: | 3_2_010ACFAA | |
Source: | Code function: | 3_2_010AA088 | |
Source: | Code function: | 3_2_010AA088 | |
Source: | Code function: | 3_2_010AA088 | |
Source: | Code function: | 3_2_010AA088 | |
Source: | Code function: | 3_2_010AF631 | |
Source: | Code function: | 3_2_010AE97A | |
Source: | Code function: | 3_2_010A39EE | |
Source: | Code function: | 3_2_010A29EC | |
Source: | Code function: | 3_2_010AFA88 | |
Source: | Code function: | 3_2_010A3AA1 | |
Source: | Code function: | 3_2_010A3E09 | |
Source: | Code function: | 3_2_05857D78 | |
Source: | Code function: | 3_2_05857720 | |
Source: | Code function: | 3_2_05858B58 | |
Source: | Code function: | 3_2_0585E588 | |
Source: | Code function: | 3_2_0585C588 | |
Source: | Code function: | 3_2_0585C598 | |
Source: | Code function: | 3_2_058565C0 | |
Source: | Code function: | 3_2_058515E9 | |
Source: | Code function: | 3_2_058515F8 | |
Source: | Code function: | 3_2_05850D38 | |
Source: | Code function: | 3_2_05850D48 | |
Source: | Code function: | 3_2_0585E578 | |
Source: | Code function: | 3_2_05850488 | |
Source: | Code function: | 3_2_05850498 | |
Source: | Code function: | 3_2_0585FC48 | |
Source: | Code function: | 3_2_0585DC57 | |
Source: | Code function: | 3_2_0585FC58 | |
Source: | Code function: | 3_2_0585BC67 | |
Source: | Code function: | 3_2_05853460 | |
Source: | Code function: | 3_2_0585DC68 | |
Source: | Code function: | 3_2_0585BC78 | |
Source: | Code function: | 3_2_05855780 | |
Source: | Code function: | 3_2_0585F7B9 | |
Source: | Code function: | 3_2_0585D7C9 | |
Source: | Code function: | 3_2_0585F7C8 | |
Source: | Code function: | 3_2_0585B7D9 | |
Source: | Code function: | 3_2_0585D7D8 | |
Source: | Code function: | 3_2_0585B7E8 | |
Source: | Code function: | 3_2_05852FF8 | |
Source: | Code function: | 3_2_05857711 | |
Source: | Code function: | 3_2_05852748 | |
Source: | Code function: | 3_2_05852758 | |
Source: | Code function: | 3_2_0585EE97 | |
Source: | Code function: | 3_2_05851E98 | |
Source: | Code function: | 3_2_0585CEA7 | |
Source: | Code function: | 3_2_05851EA8 | |
Source: | Code function: | 3_2_0585EEA8 | |
Source: | Code function: | 3_2_0585AEB7 | |
Source: | Code function: | 3_2_0585CEB8 | |
Source: | Code function: | 3_2_05854EC2 | |
Source: | Code function: | 3_2_0585AEC8 | |
Source: | Code function: | 3_2_05854ED0 | |
Source: | Code function: | 3_2_05854610 | |
Source: | Code function: | 3_2_05854620 | |
Source: | Code function: | 3_2_05856E60 | |
Source: | Code function: | 3_2_05856E70 | |
Source: | Code function: | 3_2_05851190 | |
Source: | Code function: | 3_2_058511A0 | |
Source: | Code function: | 3_2_058541B8 | |
Source: | Code function: | 3_2_058541C8 | |
Source: | Code function: | 3_2_0585C108 | |
Source: | Code function: | 3_2_0585A0D0 | |
Source: | Code function: | 3_2_058508E1 | |
Source: | Code function: | 3_2_0585A0E0 | |
Source: | Code function: | 3_2_0585E0E8 | |
Source: | Code function: | 3_2_058508F0 | |
Source: | Code function: | 3_2_0585E0F8 | |
Source: | Code function: | 3_2_0585C0F8 | |
Source: | Code function: | 3_2_05850007 | |
Source: | Code function: | 3_2_05853008 | |
Source: | Code function: | 3_2_05856020 | |
Source: | Code function: | 3_2_05856030 | |
Source: | Code function: | 3_2_05850040 | |
Source: | Code function: | 3_2_05852BAF | |
Source: | Code function: | 3_2_05852BB0 | |
Source: | Code function: | 3_2_05855BCA | |
Source: | Code function: | 3_2_05855BD8 | |
Source: | Code function: | 3_2_05852300 | |
Source: | Code function: | 3_2_05855318 | |
Source: | Code function: | 3_2_05855328 | |
Source: | Code function: | 3_2_0585F328 | |
Source: | Code function: | 3_2_0585D337 | |
Source: | Code function: | 3_2_0585F338 | |
Source: | Code function: | 3_2_0585D348 | |
Source: | Code function: | 3_2_05858B48 | |
Source: | Code function: | 3_2_0585B348 | |
Source: | Code function: | 3_2_0585B358 | |
Source: | Code function: | 3_2_058572B8 | |
Source: | Code function: | 3_2_058572C8 | |
Source: | Code function: | 3_2_058522F1 | |
Source: | Code function: | 3_2_0585EA07 | |
Source: | Code function: | 3_2_0585CA17 | |
Source: | Code function: | 3_2_05856A18 | |
Source: | Code function: | 3_2_0585EA18 | |
Source: | Code function: | 3_2_05856A1A | |
Source: | Code function: | 3_2_0585CA28 | |
Source: | Code function: | 3_2_05851A40 | |
Source: | Code function: | 3_2_05851A50 | |
Source: | Code function: | 3_2_05854A68 | |
Source: | Code function: | 3_2_05854A78 | |
Source: | Code function: | 7_2_00C40BA0 | |
Source: | Code function: | 8_2_0089A088 | |
Source: | Code function: | 8_2_0089C147 | |
Source: | Code function: | 8_2_0089D278 | |
Source: | Code function: | 8_2_00895362 | |
Source: | Code function: | 8_2_0089C468 | |
Source: | Code function: | 8_2_0089C738 | |
Source: | Code function: | 8_2_0089E988 | |
Source: | Code function: | 8_2_008969A0 | |
Source: | Code function: | 8_2_008939F0 | |
Source: | Code function: | 8_2_0089CA08 | |
Source: | Code function: | 8_2_0089CCD8 | |
Source: | Code function: | 8_2_0089CFAA | |
Source: | Code function: | 8_2_00896FC8 | |
Source: | Code function: | 8_2_0089F630 | |
Source: | Code function: | 8_2_008929EC | |
Source: | Code function: | 8_2_0089E97A | |
Source: | Code function: | 8_2_0089FA88 | |
Source: | Code function: | 8_2_00893E09 | |
Source: | Code function: | 8_2_05FD2968 | |
Source: | Code function: | 8_2_05FD9548 | |
Source: | Code function: | 8_2_05FD5028 | |
Source: | Code function: | 8_2_05FD9C18 | |
Source: | Code function: | 8_2_05FD17A0 | |
Source: | Code function: | 8_2_05FD0B30 | |
Source: | Code function: | 8_2_05FD1E80 | |
Source: | Code function: | 8_2_05FDE258 | |
Source: | Code function: | 8_2_05FDDDFF | |
Source: | Code function: | 8_2_05FDD9A8 | |
Source: | Code function: | 8_2_05FDD999 | |
Source: | Code function: | 8_2_05FD295A | |
Source: | Code function: | 8_2_05FDD550 | |
Source: | Code function: | 8_2_05FDD540 | |
Source: | Code function: | 8_2_05FDD0F8 | |
Source: | Code function: | 8_2_05FDCCA0 | |
Source: | Code function: | 8_2_05FDCC8F | |
Source: | Code function: | 8_2_05FDFC68 | |
Source: | Code function: | 8_2_05FDFC58 | |
Source: | Code function: | 8_2_05FD0040 | |
Source: | Code function: | 8_2_05FD5018 | |
Source: | Code function: | 8_2_05FDF810 | |
Source: | Code function: | 8_2_05FD0006 | |
Source: | Code function: | 8_2_05FDF801 | |
Source: | Code function: | 8_2_05FDF3B8 | |
Source: | Code function: | 8_2_05FDF3A8 | |
Source: | Code function: | 8_2_05FD8BA0 | |
Source: | Code function: | 8_2_05FD178F | |
Source: | Code function: | 8_2_05FDEF60 | |
Source: | Code function: | 8_2_05FDEF51 | |
Source: | Code function: | 8_2_05FD0B20 | |
Source: | Code function: | 8_2_05FDEB08 | |
Source: | Code function: | 8_2_05FDEAF8 | |
Source: | Code function: | 8_2_05FDE6B0 | |
Source: | Code function: | 8_2_05FDE6AF | |
Source: | Code function: | 8_2_05FD1E70 | |
Source: | Code function: | 8_2_05FDE249 | |
Source: | Code function: | 8_2_05FDDE00 |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 0_2_0094A06A |
Source: | Code function: | 0_2_009381CB | |
Source: | Code function: | 0_2_009387E1 | |
Source: | Code function: | 2_2_00B381CB | |
Source: | Code function: | 2_2_00B387E1 |
Source: | Code function: | 0_2_0094B3FB |
Source: | Code function: | 0_2_0095EE0D |
Source: | Code function: | 0_2_0094C397 |
Source: | Code function: | 0_2_008E4E89 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Process created: |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_008E4B37 |
Source: | Code function: | 0_2_00908958 | |
Source: | Code function: | 2_2_00B08958 |
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_008E48D7 | |
Source: | Code function: | 0_2_00965376 | |
Source: | Code function: | 2_2_00AE48D7 | |
Source: | Code function: | 2_2_00B65376 |
Source: | Code function: | 0_2_00903187 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Evasive API call chain: | graph_0-105712 | ||
Source: | Evasive API call chain: |
Source: | API coverage: | ||
Source: | API coverage: |
Source: | Code function: | 0_2_0094445A | |
Source: | Code function: | 0_2_0094C6D1 | |
Source: | Code function: | 0_2_0094C75C | |
Source: | Code function: | 0_2_0094EF95 | |
Source: | Code function: | 0_2_0094F0F2 | |
Source: | Code function: | 0_2_0094F3F3 | |
Source: | Code function: | 0_2_009437EF | |
Source: | Code function: | 0_2_00943B12 | |
Source: | Code function: | 0_2_0094BCBC | |
Source: | Code function: | 2_2_00B4445A | |
Source: | Code function: | 2_2_00B4C6D1 | |
Source: | Code function: | 2_2_00B4C75C | |
Source: | Code function: | 2_2_00B4EF95 | |
Source: | Code function: | 2_2_00B4F0F2 | |
Source: | Code function: | 2_2_00B4F3F3 | |
Source: | Code function: | 2_2_00B437EF | |
Source: | Code function: | 2_2_00B43B12 | |
Source: | Code function: | 2_2_00B4BCBC |
Source: | Code function: | 0_2_008E49A0 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 8_2_05FD9548 |
Source: | Code function: | 0_2_00953F09 |
Source: | Code function: | 0_2_008E3B3A |
Source: | Code function: | 0_2_00915A7C |
Source: | Code function: | 0_2_008E4B37 |
Source: | Code function: | 0_2_01673558 | |
Source: | Code function: | 0_2_01674BB8 | |
Source: | Code function: | 0_2_01674C18 | |
Source: | Code function: | 2_2_00F654B8 | |
Source: | Code function: | 2_2_00F66B78 | |
Source: | Code function: | 2_2_00F66B18 | |
Source: | Code function: | 7_2_00C3F3D0 | |
Source: | Code function: | 7_2_00C40A90 | |
Source: | Code function: | 7_2_00C40A30 |
Source: | Code function: | 0_2_009380A9 |
Source: | Code function: | 0_2_0090A124 | |
Source: | Code function: | 0_2_0090A155 | |
Source: | Code function: | 2_2_00B0A124 | |
Source: | Code function: | 2_2_00B0A155 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Code function: | 0_2_009387B1 |
Source: | Code function: | 0_2_008E3B3A |
Source: | Code function: | 0_2_008E48D7 |
Source: | Code function: | 0_2_00944C27 |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00937CAF |
Source: | Code function: | 0_2_0093874B |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_0090862B |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_00914E87 |
Source: | Code function: | 0_2_00921E06 |
Source: | Code function: | 0_2_00913F3A |
Source: | Code function: | 0_2_008E49A0 |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_00956283 | |
Source: | Code function: | 0_2_00956747 | |
Source: | Code function: | 2_2_00B56283 | |
Source: | Code function: | 2_2_00B56747 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 111 Scripting | 2 Valid Accounts | 2 Native API | 111 Scripting | 1 Exploitation for Privilege Escalation | 11 Disable or Modify Tools | 1 OS Credential Dumping | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | 21 Input Capture | 1 Account Discovery | Remote Desktop Protocol | 1 Data from Local System | 4 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | 2 Valid Accounts | 2 Valid Accounts | 3 Obfuscated Files or Information | Security Account Manager | 2 File and Directory Discovery | SMB/Windows Admin Shares | 1 Email Collection | 11 Encrypted Channel | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | 2 Registry Run Keys / Startup Folder | 21 Access Token Manipulation | 1 DLL Side-Loading | NTDS | 127 System Information Discovery | Distributed Component Object Model | 21 Input Capture | 3 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 212 Process Injection | 1 Masquerading | LSA Secrets | 231 Security Software Discovery | SSH | 3 Clipboard Data | 14 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | 2 Registry Run Keys / Startup Folder | 2 Valid Accounts | Cached Domain Credentials | 11 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 11 Virtualization/Sandbox Evasion | DCSync | 2 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 21 Access Token Manipulation | Proc Filesystem | 11 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 212 Process Injection | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | Dynamic API Resolution | Network Sniffing | 1 System Network Configuration Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
83% | ReversingLabs | Win32.Spyware.Snakekeylogger | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
83% | ReversingLabs | Win32.Spyware.Snakekeylogger |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
reallyfreegeoip.org | 104.21.32.1 | true | false | high | |
api.telegram.org | 149.154.167.220 | true | false | high | |
checkip.dyndns.com | 132.226.247.73 | true | false | high | |
checkip.dyndns.org | unknown | unknown | false | high | |
206.23.85.13.in-addr.arpa | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
104.21.32.1 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false | |
132.226.247.73 | checkip.dyndns.com | United States | 16989 | UTMEMUS | false |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1588271 |
Start date and time: | 2025-01-10 23:18:16 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 10m 45s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Sample name: | 6cicUo3f8g.exerenamed because original name is a hash value |
Original Sample Name: | f800b332a02989cb73f92d0b58f9658f7f5389be1a966670c507ccbd32c31ce7.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.expl.evad.winEXE@10/6@5/3 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded IPs from analysis (whitelisted): 13.107.246.45, 4.175.87.197, 13.85.23.206, 172.202.163.200
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target RegSvcs.exe, PID 1672 because it is empty
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- VT rate limit hit for: 6cicUo3f8g.exe
Time | Type | Description |
---|---|---|
17:19:16 | API Interceptor | |
23:19:16 | Autostart |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
149.154.167.220 | Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse | ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
104.21.32.1 | Get hash | malicious | FormBook | Browse |
| |
Get hash | malicious | CMSBrute | Browse |
| ||
132.226.247.73 | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
reallyfreegeoip.org | Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| |
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
checkip.dyndns.com | Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| |
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
api.telegram.org | Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
TELEGRAMRU | Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
UTMEMUS | Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| |
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | LummaC Stealer | Browse |
| |
Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | MassLogger RAT | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| |
Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
|
Process: | C:\Users\user\Desktop\6cicUo3f8g.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 128668 |
Entropy (8bit): | 7.899969736428741 |
Encrypted: | false |
SSDEEP: | 3072:A1aXNknskqvWcOonhfb70XNJPqYqu0zcEeYQV/Q/G:AkXmXPcOonhWNtqYqUf4/G |
MD5: | 85F79BF6C6F6C04600110CE3F25DC877 |
SHA1: | 1E3257B75E6AF562DDE1AF8FE00C9127E28D2040 |
SHA-256: | 36DB44B1D2612B411465ED21A00B80CA791B76BF67DD0443186227D00B01D70C |
SHA-512: | 6EB079FAA2A98C640BB5F79CC46B4B92E2696881E6D09534888FD18F190DEC83BD2C33C48FFD39AC3A5F42996A0E2EE2D4A5116D60984C9051F550D561CFAE8D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\Thebesian\toggeries.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 128668 |
Entropy (8bit): | 7.899969736428741 |
Encrypted: | false |
SSDEEP: | 3072:A1aXNknskqvWcOonhfb70XNJPqYqu0zcEeYQV/Q/G:AkXmXPcOonhWNtqYqUf4/G |
MD5: | 85F79BF6C6F6C04600110CE3F25DC877 |
SHA1: | 1E3257B75E6AF562DDE1AF8FE00C9127E28D2040 |
SHA-256: | 36DB44B1D2612B411465ED21A00B80CA791B76BF67DD0443186227D00B01D70C |
SHA-512: | 6EB079FAA2A98C640BB5F79CC46B4B92E2696881E6D09534888FD18F190DEC83BD2C33C48FFD39AC3A5F42996A0E2EE2D4A5116D60984C9051F550D561CFAE8D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\Thebesian\toggeries.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 128668 |
Entropy (8bit): | 7.899969736428741 |
Encrypted: | false |
SSDEEP: | 3072:A1aXNknskqvWcOonhfb70XNJPqYqu0zcEeYQV/Q/G:AkXmXPcOonhWNtqYqUf4/G |
MD5: | 85F79BF6C6F6C04600110CE3F25DC877 |
SHA1: | 1E3257B75E6AF562DDE1AF8FE00C9127E28D2040 |
SHA-256: | 36DB44B1D2612B411465ED21A00B80CA791B76BF67DD0443186227D00B01D70C |
SHA-512: | 6EB079FAA2A98C640BB5F79CC46B4B92E2696881E6D09534888FD18F190DEC83BD2C33C48FFD39AC3A5F42996A0E2EE2D4A5116D60984C9051F550D561CFAE8D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\6cicUo3f8g.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 274432 |
Entropy (8bit): | 6.8669926666203205 |
Encrypted: | false |
SSDEEP: | 6144:BIVsmbREB8KIpH91iOCLbUmGhooQVd7/ArauXoQATIrgMl0X:uVscEB8KIpH91iOCLbUmGhooQVd7/Arm |
MD5: | DD27F42376CB50AA257B4E8884D1BC54 |
SHA1: | F245E8A786BBA274D8058B3F0AD637AB4CD9DEFE |
SHA-256: | DBCFBCC5F610189F9A4F724DF7DC942FB6F6CE773C54C108F0AC175EC4D8D88B |
SHA-512: | 8C88D4113E92060312EBD50EA35C00D2533C9B51F053592BD40432C9790D4D297623B8FF712B3E8D5E0EDA3A4D159CEEA19C40F34174B1E9C53E2763869CEB73 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\6cicUo3f8g.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1033728 |
Entropy (8bit): | 7.023800861027484 |
Encrypted: | false |
SSDEEP: | 24576:Ou6J33O0c+JY5UZ+XC0kGso6Fa4rtKwUtjWWY:Au0c++OCvkGs9Fa4rInTY |
MD5: | D721EAB396039744DF30C1C4AC89386E |
SHA1: | DB06BCB42971088989F20C795E484611B37B35B0 |
SHA-256: | F800B332A02989CB73F92D0B58F9658F7F5389BE1A966670C507CCBD32C31CE7 |
SHA-512: | AAB9F2EA6979D26DF263378E629FF9058652C3622BDA8C913968DD45C461D546CF1CBC337387EE344109F0273248476C44640B0E9F14DEBA944C92FAC1F8E226 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\toggeries.vbs
Download File
Process: | C:\Users\user\AppData\Local\Thebesian\toggeries.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 284 |
Entropy (8bit): | 3.3748911086851305 |
Encrypted: | false |
SSDEEP: | 6:DMM8lfm3OOQdUfclzXUEZ+lX105WlMTY8km6nriIM8lfQVn:DsO+vNlDQ105WM4mA2n |
MD5: | F6035D95C478EF360E3340AEC2308803 |
SHA1: | C34588B378C7CFC98E5258752CF2F2E2621B46D5 |
SHA-256: | C5F5A4B3F5609462321499211E5073BE19157D15E797564761E2557B2F9BF1F5 |
SHA-512: | 81A4E93429A6CBD8A0DD739FD1E0CA6C22F60EF3C44ED8DAF1BA63CE2B266D6008378AF8AC33FB6DA40D0C3902BDE6D40E375A9FF4F73210F694E3F486E88AB4 |
Malicious: | true |
Preview: |
File type: | |
Entropy (8bit): | 7.023800861027484 |
TrID: |
|
File name: | 6cicUo3f8g.exe |
File size: | 1'033'728 bytes |
MD5: | d721eab396039744df30c1c4ac89386e |
SHA1: | db06bcb42971088989f20c795e484611b37b35b0 |
SHA256: | f800b332a02989cb73f92d0b58f9658f7f5389be1a966670c507ccbd32c31ce7 |
SHA512: | aab9f2ea6979d26df263378e629ff9058652c3622bda8c913968dd45c461d546cf1cbc337387ee344109f0273248476c44640b0e9f14deba944c92fac1f8e226 |
SSDEEP: | 24576:Ou6J33O0c+JY5UZ+XC0kGso6Fa4rtKwUtjWWY:Au0c++OCvkGs9Fa4rInTY |
TLSH: | 8D25BE22B3DDC361CB669173BF6973016EBF7C650630B85B2F880D79A950171262DBA3 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r}..r}..r}..4,".p}......s}.../..A}.../#..}.../".G}..{.@.{}..{.P.W}..r}..R.....)."}......s}.../..s}..r}T.s}......s}..Richr}. |
Icon Hash: | 6b69616563c36a25 |
Entrypoint: | 0x427dcd |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x6756275D [Sun Dec 8 23:10:21 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | afcdf79be1557326c854b6e20cb900a7 |
Instruction |
---|
call 00007F02AC975E7Ah |
jmp 00007F02AC968C44h |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
push edi |
push esi |
mov esi, dword ptr [esp+10h] |
mov ecx, dword ptr [esp+14h] |
mov edi, dword ptr [esp+0Ch] |
mov eax, ecx |
mov edx, ecx |
add eax, esi |
cmp edi, esi |
jbe 00007F02AC968DCAh |
cmp edi, eax |
jc 00007F02AC96912Eh |
bt dword ptr [004C31FCh], 01h |
jnc 00007F02AC968DC9h |
rep movsb |
jmp 00007F02AC9690DCh |
cmp ecx, 00000080h |
jc 00007F02AC968F94h |
mov eax, edi |
xor eax, esi |
test eax, 0000000Fh |
jne 00007F02AC968DD0h |
bt dword ptr [004BE324h], 01h |
jc 00007F02AC9692A0h |
bt dword ptr [004C31FCh], 00000000h |
jnc 00007F02AC968F6Dh |
test edi, 00000003h |
jne 00007F02AC968F7Eh |
test esi, 00000003h |
jne 00007F02AC968F5Dh |
bt edi, 02h |
jnc 00007F02AC968DCFh |
mov eax, dword ptr [esi] |
sub ecx, 04h |
lea esi, dword ptr [esi+04h] |
mov dword ptr [edi], eax |
lea edi, dword ptr [edi+04h] |
bt edi, 03h |
jnc 00007F02AC968DD3h |
movq xmm1, qword ptr [esi] |
sub ecx, 08h |
lea esi, dword ptr [esi+08h] |
movq qword ptr [edi], xmm1 |
lea edi, dword ptr [edi+08h] |
test esi, 00000007h |
je 00007F02AC968E25h |
bt esi, 03h |
jnc 00007F02AC968E78h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xba44c | 0x17c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xc7000 | 0x33c88 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xfb000 | 0x711c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x92bc0 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xa4870 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8f000 | 0x884 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x8dcc4 | 0x8de00 | d28a820a1d9ff26cda02d12b888ba4b4 | False | 0.5728679102422908 | data | 6.676118058520316 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x8f000 | 0x2e10e | 0x2e200 | 79b14b254506b0dbc8cd0ad67fb70ad9 | False | 0.33535526761517614 | OpenPGP Public Key | 5.76010872795207 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xbe000 | 0x8f74 | 0x5200 | 9f9d6f746f1a415a63de45f8b7983d33 | False | 0.1017530487804878 | data | 1.198745897703538 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0xc7000 | 0x33c88 | 0x33e00 | 08ffdb15cff6468fd529917e14706f53 | False | 0.957285391566265 | data | 7.930748096602802 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xfb000 | 0x711c | 0x7200 | 6fcae3cbbf6bfbabf5ec5bbe7cf612c3 | False | 0.7650767543859649 | data | 6.779031650454199 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0xc7458 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.7466216216216216 |
RT_ICON | 0xc7580 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors | English | Great Britain | 0.3277027027027027 |
RT_ICON | 0xc76a8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.3885135135135135 |
RT_ICON | 0xc77d0 | 0xe23 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | Great Britain | 0.8623929262227135 |
RT_MENU | 0xc85f4 | 0x50 | data | English | Great Britain | 0.9 |
RT_STRING | 0xc8644 | 0x594 | data | English | Great Britain | 0.3333333333333333 |
RT_STRING | 0xc8bd8 | 0x68a | data | English | Great Britain | 0.2747909199522103 |
RT_STRING | 0xc9264 | 0x490 | data | English | Great Britain | 0.3715753424657534 |
RT_STRING | 0xc96f4 | 0x5fc | data | English | Great Britain | 0.3087467362924282 |
RT_STRING | 0xc9cf0 | 0x65c | data | English | Great Britain | 0.34336609336609336 |
RT_STRING | 0xca34c | 0x466 | data | English | Great Britain | 0.3605683836589698 |
RT_STRING | 0xca7b4 | 0x158 | Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0 | English | Great Britain | 0.502906976744186 |
RT_RCDATA | 0xca90c | 0x2fe5d | data | 1.0003364102982328 | ||
RT_GROUP_ICON | 0xfa76c | 0x14 | data | English | Great Britain | 1.2 |
RT_GROUP_ICON | 0xfa780 | 0x14 | data | English | Great Britain | 1.25 |
RT_GROUP_ICON | 0xfa794 | 0x14 | data | English | Great Britain | 1.15 |
RT_GROUP_ICON | 0xfa7a8 | 0x14 | data | English | Great Britain | 1.25 |
RT_VERSION | 0xfa7bc | 0xdc | data | English | Great Britain | 0.6181818181818182 |
RT_MANIFEST | 0xfa898 | 0x3ef | ASCII text, with CRLF line terminators | English | Great Britain | 0.5074478649453823 |
DLL | Import |
---|---|
WSOCK32.dll | WSACleanup, socket, inet_ntoa, setsockopt, ntohs, recvfrom, ioctlsocket, htons, WSAStartup, __WSAFDIsSet, select, accept, listen, bind, closesocket, WSAGetLastError, recv, sendto, send, inet_addr, gethostbyname, gethostname, connect |
VERSION.dll | GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW |
WINMM.dll | timeGetTime, waveOutSetVolume, mciSendStringW |
COMCTL32.dll | ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create |
MPR.dll | WNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W |
WININET.dll | InternetQueryDataAvailable, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetConnectW |
PSAPI.DLL | GetProcessMemoryInfo |
IPHLPAPI.DLL | IcmpCreateFile, IcmpCloseHandle, IcmpSendEcho |
USERENV.dll | DestroyEnvironmentBlock, UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW |
UxTheme.dll | IsThemeActive |
KERNEL32.dll | DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, SetCurrentDirectoryW, GetLongPathNameW, GetShortPathNameW, DeleteFileW, FindNextFileW, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, GetCurrentProcess, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, LoadLibraryW, VirtualAlloc, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, GetCurrentThread, CloseHandle, GetFullPathNameW, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, WriteConsoleW, FindClose, SetEnvironmentVariableA |
USER32.dll | AdjustWindowRectEx, CopyImage, SetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, SetRect, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, MonitorFromRect, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, PeekMessageW, UnregisterHotKey, CheckMenuRadioItem, CharLowerBuffW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, LoadImageW, GetClassNameW |
GDI32.dll | StrokePath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, GetDeviceCaps, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, DeleteDC, GetPixel, CreateDCW, GetStockObject, GetTextFaceW, CreateFontW, SetTextColor, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, StrokeAndFillPath |
COMDLG32.dll | GetOpenFileNameW, GetSaveFileNameW |
ADVAPI32.dll | GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, RegCreateKeyExW, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, AddAce, SetSecurityDescriptorDacl, GetUserNameW, InitiateSystemShutdownExW |
SHELL32.dll | DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish |
ole32.dll | CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoSetProxyBlanket, CoCreateInstanceEx, CoInitializeSecurity |
OLEAUT32.dll | LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, RegisterTypeLib, CreateStdDispatch, DispCallFunc, VariantChangeType, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, VariantCopy, VariantClear, OleLoadPicture, QueryPathOfRegTypeLib, RegisterTypeLibForUser, UnRegisterTypeLibForUser, UnRegisterTypeLib, CreateDispTypeInfo, SysAllocString, VariantInit |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | Great Britain |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-10T23:19:17.027297+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.6 | 49716 | 132.226.247.73 | 80 | TCP |
2025-01-10T23:19:17.996068+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.6 | 49716 | 132.226.247.73 | 80 | TCP |
2025-01-10T23:19:18.688114+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.6 | 49728 | 104.21.32.1 | 443 | TCP |
2025-01-10T23:19:19.449161+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.6 | 49734 | 132.226.247.73 | 80 | TCP |
2025-01-10T23:19:20.066545+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.6 | 49740 | 104.21.32.1 | 443 | TCP |
2025-01-10T23:19:26.879099+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.6 | 49794 | 104.21.32.1 | 443 | TCP |
2025-01-10T23:19:28.190658+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.6 | 49807 | 104.21.32.1 | 443 | TCP |
2025-01-10T23:19:29.119581+0100 | 1810007 | Joe Security ANOMALY Telegram Send Message | 1 | 192.168.2.6 | 49811 | 149.154.167.220 | 443 | TCP |
2025-01-10T23:19:32.058579+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.6 | 49826 | 132.226.247.73 | 80 | TCP |
2025-01-10T23:19:32.996111+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.6 | 49826 | 132.226.247.73 | 80 | TCP |
2025-01-10T23:19:33.598886+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.6 | 49841 | 104.21.32.1 | 443 | TCP |
2025-01-10T23:19:34.355465+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.6 | 49845 | 132.226.247.73 | 80 | TCP |
2025-01-10T23:19:34.910911+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.6 | 49851 | 104.21.32.1 | 443 | TCP |
2025-01-10T23:19:40.191886+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.6 | 49893 | 104.21.32.1 | 443 | TCP |
2025-01-10T23:19:43.713922+0100 | 1810007 | Joe Security ANOMALY Telegram Send Message | 1 | 192.168.2.6 | 61868 | 149.154.167.220 | 443 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 10, 2025 23:19:16.078361034 CET | 49716 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:16.084445000 CET | 80 | 49716 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:16.084522963 CET | 49716 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:16.084886074 CET | 49716 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:16.089617014 CET | 80 | 49716 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:16.757812023 CET | 80 | 49716 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:16.762742996 CET | 49716 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:16.767633915 CET | 80 | 49716 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:16.972708941 CET | 80 | 49716 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:17.027297020 CET | 49716 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:17.040163994 CET | 49722 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:17.040203094 CET | 443 | 49722 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:17.042181969 CET | 49722 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:17.049207926 CET | 49722 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:17.049225092 CET | 443 | 49722 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:17.553848982 CET | 443 | 49722 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:17.554229975 CET | 49722 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:17.556942940 CET | 49722 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:17.556950092 CET | 443 | 49722 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:17.557411909 CET | 443 | 49722 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:17.605415106 CET | 49722 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:17.606704950 CET | 49722 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:17.647330046 CET | 443 | 49722 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:17.730053902 CET | 443 | 49722 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:17.730217934 CET | 443 | 49722 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:17.730268002 CET | 49722 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:17.737862110 CET | 49722 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:17.741214991 CET | 49716 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:17.746170998 CET | 80 | 49716 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:17.949717045 CET | 80 | 49716 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:17.952092886 CET | 49728 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:17.952145100 CET | 443 | 49728 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:17.952235937 CET | 49728 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:17.952490091 CET | 49728 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:17.952505112 CET | 443 | 49728 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:17.996068001 CET | 49716 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:18.540534973 CET | 443 | 49728 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:18.543248892 CET | 49728 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:18.543286085 CET | 443 | 49728 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:18.688169003 CET | 443 | 49728 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:18.688330889 CET | 443 | 49728 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:18.688385963 CET | 49728 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:18.688719034 CET | 49728 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:18.692174911 CET | 49716 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:18.693103075 CET | 49734 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:18.697221994 CET | 80 | 49716 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:18.697308064 CET | 49716 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:18.697887897 CET | 80 | 49734 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:18.698031902 CET | 49734 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:18.698031902 CET | 49734 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:18.703008890 CET | 80 | 49734 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:19.403620005 CET | 80 | 49734 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:19.411602974 CET | 49740 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:19.411669970 CET | 443 | 49740 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:19.411744118 CET | 49740 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:19.412010908 CET | 49740 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:19.412029028 CET | 443 | 49740 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:19.449161053 CET | 49734 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:19.914982080 CET | 443 | 49740 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:19.916640997 CET | 49740 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:19.916677952 CET | 443 | 49740 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:20.066543102 CET | 443 | 49740 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:20.066632032 CET | 443 | 49740 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:20.066929102 CET | 49740 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:20.067168951 CET | 49740 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:20.071379900 CET | 49746 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:20.076371908 CET | 80 | 49746 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:20.076472044 CET | 49746 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:20.076575041 CET | 49746 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:20.081425905 CET | 80 | 49746 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:20.768685102 CET | 80 | 49746 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:20.770207882 CET | 49752 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:20.770243883 CET | 443 | 49752 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:20.770415068 CET | 49752 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:20.770816088 CET | 49752 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:20.770828962 CET | 443 | 49752 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:20.808566093 CET | 49746 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:21.248460054 CET | 443 | 49752 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:21.251149893 CET | 49752 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:21.251163960 CET | 443 | 49752 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:21.398843050 CET | 443 | 49752 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:21.398997068 CET | 443 | 49752 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:21.399302006 CET | 49752 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:21.399458885 CET | 49752 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:21.402707100 CET | 49746 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:21.403778076 CET | 49756 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:21.407747030 CET | 80 | 49746 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:21.408395052 CET | 49746 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:21.408621073 CET | 80 | 49756 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:21.408735037 CET | 49756 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:21.408927917 CET | 49756 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:21.413667917 CET | 80 | 49756 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:22.123766899 CET | 80 | 49756 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:22.124989986 CET | 49760 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:22.125076056 CET | 443 | 49760 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:22.125149965 CET | 49760 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:22.125381947 CET | 49760 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:22.125415087 CET | 443 | 49760 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:22.167905092 CET | 49756 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:22.618340969 CET | 443 | 49760 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:22.623908043 CET | 49760 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:22.623991013 CET | 443 | 49760 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:22.777635098 CET | 443 | 49760 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:22.777800083 CET | 443 | 49760 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:22.777896881 CET | 49760 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:22.778455973 CET | 49760 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:22.781810045 CET | 49756 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:22.782550097 CET | 49765 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:22.786838055 CET | 80 | 49756 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:22.786897898 CET | 49756 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:22.787370920 CET | 80 | 49765 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:22.787441015 CET | 49765 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:22.787517071 CET | 49765 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:22.792354107 CET | 80 | 49765 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:23.523907900 CET | 80 | 49765 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:23.525243044 CET | 49771 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:23.525290012 CET | 443 | 49771 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:23.525377035 CET | 49771 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:23.525594950 CET | 49771 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:23.525610924 CET | 443 | 49771 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:23.574170113 CET | 49765 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:24.030369997 CET | 443 | 49771 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:24.032893896 CET | 49771 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:24.032938957 CET | 443 | 49771 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:24.176331997 CET | 443 | 49771 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:24.176409960 CET | 443 | 49771 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:24.176543951 CET | 49771 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:24.177028894 CET | 49771 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:24.180433989 CET | 49765 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:24.180994034 CET | 49777 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:24.185513020 CET | 80 | 49765 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:24.185581923 CET | 49765 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:24.185815096 CET | 80 | 49777 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:24.185887098 CET | 49777 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:24.185946941 CET | 49777 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:24.190680027 CET | 80 | 49777 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:24.873136997 CET | 80 | 49777 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:24.874922037 CET | 49783 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:24.874959946 CET | 443 | 49783 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:24.875123978 CET | 49783 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:24.875422955 CET | 49783 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:24.875432968 CET | 443 | 49783 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:24.919091940 CET | 49777 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:25.387041092 CET | 443 | 49783 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:25.388978004 CET | 49783 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:25.389005899 CET | 443 | 49783 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:25.534141064 CET | 443 | 49783 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:25.534288883 CET | 443 | 49783 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:25.534354925 CET | 49783 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:25.534833908 CET | 49783 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:25.538960934 CET | 49777 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:25.539365053 CET | 49790 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:25.543952942 CET | 80 | 49777 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:25.544168949 CET | 80 | 49790 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:25.544363022 CET | 49790 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:25.544445992 CET | 49790 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:25.544930935 CET | 49777 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:25.549242020 CET | 80 | 49790 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:26.244102955 CET | 80 | 49790 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:26.245354891 CET | 49794 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:26.245410919 CET | 443 | 49794 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:26.245662928 CET | 49794 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:26.245956898 CET | 49794 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:26.245986938 CET | 443 | 49794 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:26.292922020 CET | 49790 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:26.708710909 CET | 443 | 49794 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:26.710901976 CET | 49794 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:26.710989952 CET | 443 | 49794 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:26.879167080 CET | 443 | 49794 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:26.879343987 CET | 443 | 49794 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:26.879703045 CET | 49794 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:26.880026102 CET | 49794 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:26.884480953 CET | 49790 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:26.885735989 CET | 49800 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:26.889457941 CET | 80 | 49790 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:26.889511108 CET | 49790 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:26.890523911 CET | 80 | 49800 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:26.890575886 CET | 49800 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:26.890674114 CET | 49800 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:26.895462036 CET | 80 | 49800 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:27.570959091 CET | 80 | 49800 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:27.572381973 CET | 49807 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:27.572419882 CET | 443 | 49807 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:27.572496891 CET | 49807 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:27.572748899 CET | 49807 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:27.572757959 CET | 443 | 49807 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:27.621057987 CET | 49800 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:28.047166109 CET | 443 | 49807 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:28.068474054 CET | 49807 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:28.068490028 CET | 443 | 49807 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:28.190753937 CET | 443 | 49807 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:28.190917969 CET | 443 | 49807 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:28.191037893 CET | 49807 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:28.191560030 CET | 49807 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:28.212661028 CET | 49800 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:28.217659950 CET | 80 | 49800 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:28.217832088 CET | 49800 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:28.225470066 CET | 49811 | 443 | 192.168.2.6 | 149.154.167.220 |
Jan 10, 2025 23:19:28.225505114 CET | 443 | 49811 | 149.154.167.220 | 192.168.2.6 |
Jan 10, 2025 23:19:28.225636959 CET | 49811 | 443 | 192.168.2.6 | 149.154.167.220 |
Jan 10, 2025 23:19:28.226231098 CET | 49811 | 443 | 192.168.2.6 | 149.154.167.220 |
Jan 10, 2025 23:19:28.226243973 CET | 443 | 49811 | 149.154.167.220 | 192.168.2.6 |
Jan 10, 2025 23:19:28.876218081 CET | 443 | 49811 | 149.154.167.220 | 192.168.2.6 |
Jan 10, 2025 23:19:28.876295090 CET | 49811 | 443 | 192.168.2.6 | 149.154.167.220 |
Jan 10, 2025 23:19:28.880736113 CET | 49811 | 443 | 192.168.2.6 | 149.154.167.220 |
Jan 10, 2025 23:19:28.880759954 CET | 443 | 49811 | 149.154.167.220 | 192.168.2.6 |
Jan 10, 2025 23:19:28.881172895 CET | 443 | 49811 | 149.154.167.220 | 192.168.2.6 |
Jan 10, 2025 23:19:28.882560968 CET | 49811 | 443 | 192.168.2.6 | 149.154.167.220 |
Jan 10, 2025 23:19:28.927331924 CET | 443 | 49811 | 149.154.167.220 | 192.168.2.6 |
Jan 10, 2025 23:19:29.119581938 CET | 443 | 49811 | 149.154.167.220 | 192.168.2.6 |
Jan 10, 2025 23:19:29.119668961 CET | 443 | 49811 | 149.154.167.220 | 192.168.2.6 |
Jan 10, 2025 23:19:29.119931936 CET | 49811 | 443 | 192.168.2.6 | 149.154.167.220 |
Jan 10, 2025 23:19:29.125955105 CET | 49811 | 443 | 192.168.2.6 | 149.154.167.220 |
Jan 10, 2025 23:19:31.127842903 CET | 49826 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:31.132822990 CET | 80 | 49826 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:31.132956028 CET | 49826 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:31.133126020 CET | 49826 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:31.137907982 CET | 80 | 49826 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:31.804013014 CET | 80 | 49826 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:31.807331085 CET | 49826 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:31.812174082 CET | 80 | 49826 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:32.016213894 CET | 80 | 49826 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:32.048552036 CET | 49833 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:32.048655987 CET | 443 | 49833 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:32.048747063 CET | 49833 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:32.052582026 CET | 49833 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:32.052618027 CET | 443 | 49833 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:32.058578968 CET | 49826 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:32.547471046 CET | 443 | 49833 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:32.547545910 CET | 49833 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:32.549191952 CET | 49833 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:32.549222946 CET | 443 | 49833 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:32.549706936 CET | 443 | 49833 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:32.589828968 CET | 49833 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:32.594505072 CET | 49833 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:32.635337114 CET | 443 | 49833 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:32.709820032 CET | 443 | 49833 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:32.709901094 CET | 443 | 49833 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:32.709995985 CET | 49833 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:32.712992907 CET | 49833 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:32.716073990 CET | 49826 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:32.720952988 CET | 80 | 49826 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:32.949526072 CET | 80 | 49826 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:32.953133106 CET | 49841 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:32.953203917 CET | 443 | 49841 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:32.953299999 CET | 49841 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:32.953644991 CET | 49841 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:32.953671932 CET | 443 | 49841 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:32.996110916 CET | 49826 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:33.438858032 CET | 443 | 49841 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:33.440267086 CET | 49841 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:33.440331936 CET | 443 | 49841 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:33.598932981 CET | 443 | 49841 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:33.599015951 CET | 443 | 49841 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:33.599083900 CET | 49841 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:33.599504948 CET | 49841 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:33.602669001 CET | 49826 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:33.603760958 CET | 49845 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:33.607641935 CET | 80 | 49826 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:33.608593941 CET | 49826 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:33.608649969 CET | 80 | 49845 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:33.608731031 CET | 49845 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:33.608896017 CET | 49845 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:33.613681078 CET | 80 | 49845 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:34.301940918 CET | 80 | 49845 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:34.303122044 CET | 49851 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:34.303150892 CET | 443 | 49851 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:34.303231955 CET | 49851 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:34.303612947 CET | 49851 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:34.303627968 CET | 443 | 49851 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:34.355464935 CET | 49845 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:34.766153097 CET | 443 | 49851 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:34.767688036 CET | 49851 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:34.767718077 CET | 443 | 49851 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:34.911021948 CET | 443 | 49851 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:34.911222935 CET | 443 | 49851 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:34.911417007 CET | 49851 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:34.911616087 CET | 49851 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:34.916270018 CET | 49856 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:34.921092987 CET | 80 | 49856 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:34.921267986 CET | 49856 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:34.921372890 CET | 49856 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:34.926115036 CET | 80 | 49856 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:35.617870092 CET | 80 | 49856 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:35.619158983 CET | 49862 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:35.619225979 CET | 443 | 49862 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:35.619359970 CET | 49862 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:35.619589090 CET | 49862 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:35.619622946 CET | 443 | 49862 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:35.668001890 CET | 49856 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:36.094206095 CET | 443 | 49862 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:36.096353054 CET | 49862 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:36.096385956 CET | 443 | 49862 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:36.256346941 CET | 443 | 49862 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:36.256427050 CET | 443 | 49862 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:36.256660938 CET | 49862 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:36.256910086 CET | 49862 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:36.260040998 CET | 49856 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:36.261147022 CET | 49868 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:36.264954090 CET | 80 | 49856 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:36.265161037 CET | 49856 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:36.265984058 CET | 80 | 49868 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:36.266052008 CET | 49868 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:36.266180992 CET | 49868 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:36.270935059 CET | 80 | 49868 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:36.947066069 CET | 80 | 49868 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:36.948384047 CET | 49872 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:36.948407888 CET | 443 | 49872 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:36.948472977 CET | 49872 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:36.948724985 CET | 49872 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:36.948735952 CET | 443 | 49872 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:36.996078968 CET | 49868 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:37.421818018 CET | 443 | 49872 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:37.423290968 CET | 49872 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:37.423340082 CET | 443 | 49872 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:37.568108082 CET | 443 | 49872 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:37.568192005 CET | 443 | 49872 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:37.568279982 CET | 49872 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:37.568974972 CET | 49872 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:37.572149992 CET | 49868 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:37.573182106 CET | 49877 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:37.577334881 CET | 80 | 49868 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:37.577399015 CET | 49868 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:37.577944994 CET | 80 | 49877 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:37.578015089 CET | 49877 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:37.578123093 CET | 49877 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:37.582890987 CET | 80 | 49877 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:38.259926081 CET | 80 | 49877 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:38.261353970 CET | 49882 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:38.261404037 CET | 443 | 49882 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:38.261487007 CET | 49882 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:38.261780024 CET | 49882 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:38.261795998 CET | 443 | 49882 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:38.308726072 CET | 49877 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:38.727926016 CET | 443 | 49882 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:38.729399920 CET | 49882 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:38.729429007 CET | 443 | 49882 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:38.885452986 CET | 443 | 49882 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:38.885615110 CET | 443 | 49882 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:38.885703087 CET | 49882 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:38.886117935 CET | 49882 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:38.889339924 CET | 49877 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:38.889960051 CET | 49888 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:38.894393921 CET | 80 | 49877 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:38.894809008 CET | 80 | 49888 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:38.894886971 CET | 49877 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:38.894922018 CET | 49888 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:38.895000935 CET | 49888 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:38.899789095 CET | 80 | 49888 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:39.574192047 CET | 80 | 49888 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:39.575193882 CET | 49893 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:39.575236082 CET | 443 | 49893 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:39.575294971 CET | 49893 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:39.575542927 CET | 49893 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:39.575557947 CET | 443 | 49893 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:39.619004011 CET | 49888 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:39.863255978 CET | 61842 | 53 | 192.168.2.6 | 162.159.36.2 |
Jan 10, 2025 23:19:39.868108034 CET | 53 | 61842 | 162.159.36.2 | 192.168.2.6 |
Jan 10, 2025 23:19:39.868226051 CET | 61842 | 53 | 192.168.2.6 | 162.159.36.2 |
Jan 10, 2025 23:19:39.873106956 CET | 53 | 61842 | 162.159.36.2 | 192.168.2.6 |
Jan 10, 2025 23:19:40.041199923 CET | 443 | 49893 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:40.042757988 CET | 49893 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:40.042803049 CET | 443 | 49893 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:40.191893101 CET | 443 | 49893 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:40.191984892 CET | 443 | 49893 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:40.192042112 CET | 49893 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:40.192442894 CET | 49893 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:40.195264101 CET | 49888 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:40.196197987 CET | 61846 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:40.200207949 CET | 80 | 49888 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:40.200277090 CET | 49888 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:40.200958014 CET | 80 | 61846 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:40.201037884 CET | 61846 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:40.201100111 CET | 61846 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:40.205826998 CET | 80 | 61846 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:40.331340075 CET | 61842 | 53 | 192.168.2.6 | 162.159.36.2 |
Jan 10, 2025 23:19:40.336688995 CET | 53 | 61842 | 162.159.36.2 | 192.168.2.6 |
Jan 10, 2025 23:19:40.337215900 CET | 61842 | 53 | 192.168.2.6 | 162.159.36.2 |
Jan 10, 2025 23:19:40.899538040 CET | 80 | 61846 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:40.900893927 CET | 61851 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:40.900942087 CET | 443 | 61851 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:40.901034117 CET | 61851 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:40.901269913 CET | 61851 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:40.901282072 CET | 443 | 61851 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:40.949203968 CET | 61846 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:41.367234945 CET | 443 | 61851 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:41.368753910 CET | 61851 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:41.368787050 CET | 443 | 61851 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:41.502340078 CET | 443 | 61851 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:41.502388954 CET | 443 | 61851 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:41.502545118 CET | 61851 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:41.502810955 CET | 61851 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:41.505080938 CET | 61846 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:41.506069899 CET | 61858 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:41.510046005 CET | 80 | 61846 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:41.510104895 CET | 61846 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:41.510946989 CET | 80 | 61858 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:41.511023045 CET | 61858 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:41.511126041 CET | 61858 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:41.515860081 CET | 80 | 61858 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:42.203093052 CET | 80 | 61858 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:42.204391003 CET | 61863 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:42.204487085 CET | 443 | 61863 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:42.204595089 CET | 61863 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:42.204835892 CET | 61863 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:42.204871893 CET | 443 | 61863 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:42.246139050 CET | 61858 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:42.658394098 CET | 443 | 61863 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:42.667645931 CET | 61863 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:42.667685032 CET | 443 | 61863 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:42.795073032 CET | 443 | 61863 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:42.795141935 CET | 443 | 61863 | 104.21.32.1 | 192.168.2.6 |
Jan 10, 2025 23:19:42.795222998 CET | 61863 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:42.795726061 CET | 61863 | 443 | 192.168.2.6 | 104.21.32.1 |
Jan 10, 2025 23:19:42.809214115 CET | 61858 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:42.814153910 CET | 80 | 61858 | 132.226.247.73 | 192.168.2.6 |
Jan 10, 2025 23:19:42.814230919 CET | 61858 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:42.820058107 CET | 61868 | 443 | 192.168.2.6 | 149.154.167.220 |
Jan 10, 2025 23:19:42.820095062 CET | 443 | 61868 | 149.154.167.220 | 192.168.2.6 |
Jan 10, 2025 23:19:42.820209026 CET | 61868 | 443 | 192.168.2.6 | 149.154.167.220 |
Jan 10, 2025 23:19:42.820743084 CET | 61868 | 443 | 192.168.2.6 | 149.154.167.220 |
Jan 10, 2025 23:19:42.820759058 CET | 443 | 61868 | 149.154.167.220 | 192.168.2.6 |
Jan 10, 2025 23:19:43.454948902 CET | 443 | 61868 | 149.154.167.220 | 192.168.2.6 |
Jan 10, 2025 23:19:43.455050945 CET | 61868 | 443 | 192.168.2.6 | 149.154.167.220 |
Jan 10, 2025 23:19:43.456449032 CET | 61868 | 443 | 192.168.2.6 | 149.154.167.220 |
Jan 10, 2025 23:19:43.456461906 CET | 443 | 61868 | 149.154.167.220 | 192.168.2.6 |
Jan 10, 2025 23:19:43.456834078 CET | 443 | 61868 | 149.154.167.220 | 192.168.2.6 |
Jan 10, 2025 23:19:43.458605051 CET | 61868 | 443 | 192.168.2.6 | 149.154.167.220 |
Jan 10, 2025 23:19:43.499330044 CET | 443 | 61868 | 149.154.167.220 | 192.168.2.6 |
Jan 10, 2025 23:19:43.603176117 CET | 49734 | 80 | 192.168.2.6 | 132.226.247.73 |
Jan 10, 2025 23:19:43.713975906 CET | 443 | 61868 | 149.154.167.220 | 192.168.2.6 |
Jan 10, 2025 23:19:43.714071035 CET | 443 | 61868 | 149.154.167.220 | 192.168.2.6 |
Jan 10, 2025 23:19:43.714153051 CET | 61868 | 443 | 192.168.2.6 | 149.154.167.220 |
Jan 10, 2025 23:19:43.716383934 CET | 61868 | 443 | 192.168.2.6 | 149.154.167.220 |
Jan 10, 2025 23:19:58.141113997 CET | 49845 | 80 | 192.168.2.6 | 132.226.247.73 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 10, 2025 23:19:16.061748981 CET | 52817 | 53 | 192.168.2.6 | 1.1.1.1 |
Jan 10, 2025 23:19:16.069133997 CET | 53 | 52817 | 1.1.1.1 | 192.168.2.6 |
Jan 10, 2025 23:19:17.022197962 CET | 54128 | 53 | 192.168.2.6 | 1.1.1.1 |
Jan 10, 2025 23:19:17.039062977 CET | 53 | 54128 | 1.1.1.1 | 192.168.2.6 |
Jan 10, 2025 23:19:28.213293076 CET | 51812 | 53 | 192.168.2.6 | 1.1.1.1 |
Jan 10, 2025 23:19:28.220693111 CET | 53 | 51812 | 1.1.1.1 | 192.168.2.6 |
Jan 10, 2025 23:19:39.862517118 CET | 53 | 55999 | 162.159.36.2 | 192.168.2.6 |
Jan 10, 2025 23:19:40.346451044 CET | 57727 | 53 | 192.168.2.6 | 1.1.1.1 |
Jan 10, 2025 23:19:40.353282928 CET | 53 | 57727 | 1.1.1.1 | 192.168.2.6 |
Jan 10, 2025 23:19:42.812287092 CET | 56419 | 53 | 192.168.2.6 | 1.1.1.1 |
Jan 10, 2025 23:19:42.819336891 CET | 53 | 56419 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jan 10, 2025 23:19:16.061748981 CET | 192.168.2.6 | 1.1.1.1 | 0x87de | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 10, 2025 23:19:17.022197962 CET | 192.168.2.6 | 1.1.1.1 | 0xe5d9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 10, 2025 23:19:28.213293076 CET | 192.168.2.6 | 1.1.1.1 | 0x9a7f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 10, 2025 23:19:40.346451044 CET | 192.168.2.6 | 1.1.1.1 | 0x2e03 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | false | |
Jan 10, 2025 23:19:42.812287092 CET | 192.168.2.6 | 1.1.1.1 | 0x5d31 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jan 10, 2025 23:19:16.069133997 CET | 1.1.1.1 | 192.168.2.6 | 0x87de | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Jan 10, 2025 23:19:16.069133997 CET | 1.1.1.1 | 192.168.2.6 | 0x87de | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
Jan 10, 2025 23:19:16.069133997 CET | 1.1.1.1 | 192.168.2.6 | 0x87de | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
Jan 10, 2025 23:19:16.069133997 CET | 1.1.1.1 | 192.168.2.6 | 0x87de | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
Jan 10, 2025 23:19:16.069133997 CET | 1.1.1.1 | 192.168.2.6 | 0x87de | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
Jan 10, 2025 23:19:16.069133997 CET | 1.1.1.1 | 192.168.2.6 | 0x87de | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
Jan 10, 2025 23:19:17.039062977 CET | 1.1.1.1 | 192.168.2.6 | 0xe5d9 | No error (0) | 104.21.32.1 | A (IP address) | IN (0x0001) | false | ||
Jan 10, 2025 23:19:17.039062977 CET | 1.1.1.1 | 192.168.2.6 | 0xe5d9 | No error (0) | 104.21.80.1 | A (IP address) | IN (0x0001) | false | ||
Jan 10, 2025 23:19:17.039062977 CET | 1.1.1.1 | 192.168.2.6 | 0xe5d9 | No error (0) | 104.21.64.1 | A (IP address) | IN (0x0001) | false | ||
Jan 10, 2025 23:19:17.039062977 CET | 1.1.1.1 | 192.168.2.6 | 0xe5d9 | No error (0) | 104.21.112.1 | A (IP address) | IN (0x0001) | false | ||
Jan 10, 2025 23:19:17.039062977 CET | 1.1.1.1 | 192.168.2.6 | 0xe5d9 | No error (0) | 104.21.48.1 | A (IP address) | IN (0x0001) | false | ||
Jan 10, 2025 23:19:17.039062977 CET | 1.1.1.1 | 192.168.2.6 | 0xe5d9 | No error (0) | 104.21.96.1 | A (IP address) | IN (0x0001) | false | ||
Jan 10, 2025 23:19:17.039062977 CET | 1.1.1.1 | 192.168.2.6 | 0xe5d9 | No error (0) | 104.21.16.1 | A (IP address) | IN (0x0001) | false | ||
Jan 10, 2025 23:19:28.220693111 CET | 1.1.1.1 | 192.168.2.6 | 0x9a7f | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false | ||
Jan 10, 2025 23:19:40.353282928 CET | 1.1.1.1 | 192.168.2.6 | 0x2e03 | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | false | |
Jan 10, 2025 23:19:42.819336891 CET | 1.1.1.1 | 192.168.2.6 | 0x5d31 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49716 | 132.226.247.73 | 80 | 1672 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jan 10, 2025 23:19:16.084886074 CET | 151 | OUT | |
Jan 10, 2025 23:19:16.757812023 CET | 273 | IN | |
Jan 10, 2025 23:19:16.762742996 CET | 127 | OUT | |
Jan 10, 2025 23:19:16.972708941 CET | 273 | IN | |
Jan 10, 2025 23:19:17.741214991 CET | 127 | OUT | |
Jan 10, 2025 23:19:17.949717045 CET | 273 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.6 | 49734 | 132.226.247.73 | 80 | 1672 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jan 10, 2025 23:19:18.698031902 CET | 127 | OUT | |
Jan 10, 2025 23:19:19.403620005 CET | 273 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.6 | 49746 | 132.226.247.73 | 80 | 1672 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jan 10, 2025 23:19:20.076575041 CET | 151 | OUT | |
Jan 10, 2025 23:19:20.768685102 CET | 273 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.6 | 49756 | 132.226.247.73 | 80 | 1672 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jan 10, 2025 23:19:21.408927917 CET | 151 | OUT | |
Jan 10, 2025 23:19:22.123766899 CET | 273 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.6 | 49765 | 132.226.247.73 | 80 | 1672 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jan 10, 2025 23:19:22.787517071 CET | 151 | OUT | |
Jan 10, 2025 23:19:23.523907900 CET | 273 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.6 | 49777 | 132.226.247.73 | 80 | 1672 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jan 10, 2025 23:19:24.185946941 CET | 151 | OUT | |
Jan 10, 2025 23:19:24.873136997 CET | 273 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
6 | 192.168.2.6 | 49790 | 132.226.247.73 | 80 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jan 10, 2025 23:19:25.544445992 CET | 151 | OUT | |
Jan 10, 2025 23:19:26.244102955 CET | 273 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.6 | 49800 | 132.226.247.73 | 80 | 1672 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jan 10, 2025 23:19:26.890674114 CET | 151 | OUT | |
Jan 10, 2025 23:19:27.570959091 CET | 273 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.6 | 49826 | 132.226.247.73 | 80 | 7076 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jan 10, 2025 23:19:31.133126020 CET | 151 | OUT | |
Jan 10, 2025 23:19:31.804013014 CET | 273 | IN | |
Jan 10, 2025 23:19:31.807331085 CET | 127 | OUT | |
Jan 10, 2025 23:19:32.016213894 CET | 273 | IN | |
Jan 10, 2025 23:19:32.716073990 CET | 127 | OUT | |
Jan 10, 2025 23:19:32.949526072 CET | 273 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.6 | 49845 | 132.226.247.73 | 80 | 7076 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jan 10, 2025 23:19:33.608896017 CET | 127 | OUT | |
Jan 10, 2025 23:19:34.301940918 CET | 273 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.6 | 49856 | 132.226.247.73 | 80 | 7076 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jan 10, 2025 23:19:34.921372890 CET | 151 | OUT | |
Jan 10, 2025 23:19:35.617870092 CET | 273 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.6 | 49868 | 132.226.247.73 | 80 | 7076 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jan 10, 2025 23:19:36.266180992 CET | 151 | OUT | |
Jan 10, 2025 23:19:36.947066069 CET | 273 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
12 | 192.168.2.6 | 49877 | 132.226.247.73 | 80 | 7076 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jan 10, 2025 23:19:37.578123093 CET | 151 | OUT | |
Jan 10, 2025 23:19:38.259926081 CET | 273 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
13 | 192.168.2.6 | 49888 | 132.226.247.73 | 80 | 7076 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jan 10, 2025 23:19:38.895000935 CET | 151 | OUT | |
Jan 10, 2025 23:19:39.574192047 CET | 273 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
14 | 192.168.2.6 | 61846 | 132.226.247.73 | 80 | 7076 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jan 10, 2025 23:19:40.201100111 CET | 151 | OUT | |
Jan 10, 2025 23:19:40.899538040 CET | 273 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
15 | 192.168.2.6 | 61858 | 132.226.247.73 | 80 | 7076 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jan 10, 2025 23:19:41.511126041 CET | 151 | OUT | |
Jan 10, 2025 23:19:42.203093052 CET | 273 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49722 | 104.21.32.1 | 443 | 1672 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-10 22:19:17 UTC | 85 | OUT | |
2025-01-10 22:19:17 UTC | 854 | IN | |
2025-01-10 22:19:17 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.6 | 49728 | 104.21.32.1 | 443 | 1672 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-10 22:19:18 UTC | 61 | OUT | |
2025-01-10 22:19:18 UTC | 853 | IN | |
2025-01-10 22:19:18 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.6 | 49740 | 104.21.32.1 | 443 | 1672 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-10 22:19:19 UTC | 61 | OUT | |
2025-01-10 22:19:20 UTC | 861 | IN | |
2025-01-10 22:19:20 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.6 | 49752 | 104.21.32.1 | 443 | 1672 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-10 22:19:21 UTC | 85 | OUT | |
2025-01-10 22:19:21 UTC | 849 | IN | |
2025-01-10 22:19:21 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.6 | 49760 | 104.21.32.1 | 443 | 1672 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-10 22:19:22 UTC | 85 | OUT | |
2025-01-10 22:19:22 UTC | 859 | IN | |
2025-01-10 22:19:22 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.6 | 49771 | 104.21.32.1 | 443 | 1672 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-10 22:19:24 UTC | 85 | OUT | |
2025-01-10 22:19:24 UTC | 861 | IN | |
2025-01-10 22:19:24 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.6 | 49783 | 104.21.32.1 | 443 | 1672 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-10 22:19:25 UTC | 85 | OUT | |
2025-01-10 22:19:25 UTC | 855 | IN | |
2025-01-10 22:19:25 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.6 | 49794 | 104.21.32.1 | 443 | 1672 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-10 22:19:26 UTC | 61 | OUT | |
2025-01-10 22:19:26 UTC | 855 | IN | |
2025-01-10 22:19:26 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.6 | 49807 | 104.21.32.1 | 443 | 1672 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-10 22:19:28 UTC | 61 | OUT | |
2025-01-10 22:19:28 UTC | 853 | IN | |
2025-01-10 22:19:28 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.6 | 49811 | 149.154.167.220 | 443 | 1672 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-10 22:19:28 UTC | 349 | OUT | |
2025-01-10 22:19:29 UTC | 344 | IN | |
2025-01-10 22:19:29 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.6 | 49833 | 104.21.32.1 | 443 | 7076 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-10 22:19:32 UTC | 85 | OUT | |
2025-01-10 22:19:32 UTC | 850 | IN | |
2025-01-10 22:19:32 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.6 | 49841 | 104.21.32.1 | 443 | 7076 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-10 22:19:33 UTC | 61 | OUT | |
2025-01-10 22:19:33 UTC | 856 | IN | |
2025-01-10 22:19:33 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
12 | 192.168.2.6 | 49851 | 104.21.32.1 | 443 | 7076 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-10 22:19:34 UTC | 61 | OUT | |
2025-01-10 22:19:34 UTC | 855 | IN | |
2025-01-10 22:19:34 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
13 | 192.168.2.6 | 49862 | 104.21.32.1 | 443 | 7076 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-10 22:19:36 UTC | 85 | OUT | |
2025-01-10 22:19:36 UTC | 865 | IN | |
2025-01-10 22:19:36 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
14 | 192.168.2.6 | 49872 | 104.21.32.1 | 443 | 7076 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-10 22:19:37 UTC | 85 | OUT | |
2025-01-10 22:19:37 UTC | 867 | IN | |
2025-01-10 22:19:37 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
15 | 192.168.2.6 | 49882 | 104.21.32.1 | 443 | 7076 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-10 22:19:38 UTC | 85 | OUT | |
2025-01-10 22:19:38 UTC | 852 | IN | |
2025-01-10 22:19:38 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
16 | 192.168.2.6 | 49893 | 104.21.32.1 | 443 | 7076 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-10 22:19:40 UTC | 61 | OUT | |
2025-01-10 22:19:40 UTC | 857 | IN | |
2025-01-10 22:19:40 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
17 | 192.168.2.6 | 61851 | 104.21.32.1 | 443 | 7076 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-10 22:19:41 UTC | 85 | OUT | |
2025-01-10 22:19:41 UTC | 857 | IN | |
2025-01-10 22:19:41 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
18 | 192.168.2.6 | 61863 | 104.21.32.1 | 443 | 7076 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-10 22:19:42 UTC | 85 | OUT | |
2025-01-10 22:19:42 UTC | 850 | IN | |
2025-01-10 22:19:42 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
19 | 192.168.2.6 | 61868 | 149.154.167.220 | 443 | 7076 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-10 22:19:43 UTC | 349 | OUT | |
2025-01-10 22:19:43 UTC | 344 | IN | |
2025-01-10 22:19:43 UTC | 55 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 17:19:06 |
Start date: | 10/01/2025 |
Path: | C:\Users\user\Desktop\6cicUo3f8g.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8e0000 |
File size: | 1'033'728 bytes |
MD5 hash: | D721EAB396039744DF30C1C4AC89386E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 17:19:10 |
Start date: | 10/01/2025 |
Path: | C:\Users\user\AppData\Local\Thebesian\toggeries.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xae0000 |
File size: | 1'033'728 bytes |
MD5 hash: | D721EAB396039744DF30C1C4AC89386E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 17:19:14 |
Start date: | 10/01/2025 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xaa0000 |
File size: | 45'984 bytes |
MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | false |
Target ID: | 6 |
Start time: | 17:19:25 |
Start date: | 10/01/2025 |
Path: | C:\Windows\System32\wscript.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61b840000 |
File size: | 170'496 bytes |
MD5 hash: | A47CBE969EA935BDD3AB568BB126BC80 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 17:19:25 |
Start date: | 10/01/2025 |
Path: | C:\Users\user\AppData\Local\Thebesian\toggeries.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xae0000 |
File size: | 1'033'728 bytes |
MD5 hash: | D721EAB396039744DF30C1C4AC89386E |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 8 |
Start time: | 17:19:29 |
Start date: | 10/01/2025 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x240000 |
File size: | 45'984 bytes |
MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | false |
Execution Graph
Execution Coverage: | 3.4% |
Dynamic/Decrypted Code Coverage: | 0.5% |
Signature Coverage: | 6.8% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 27 |
Graph
Function 008E3B3A Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 153windowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E49A0 Relevance: 10.7, APIs: 7, Instructions: 223COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008EFCE0 Relevance: 5.5, APIs: 3, Instructions: 1040COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0094445A Relevance: 4.5, APIs: 3, Instructions: 25fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008EE6A0 Relevance: 2.4, Strings: 1, Instructions: 1102COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008F09D0 Relevance: 57.3, APIs: 27, Strings: 5, Instructions: 1300windowsleeptimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00949155 Relevance: 19.8, APIs: 13, Instructions: 322fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E3015 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 71windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E3041 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 54windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E708B Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E3A46 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 71windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E3633 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151windowtimeregistryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01671FD8 Relevance: 10.7, APIs: 7, Instructions: 151fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00909AE6 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E407C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88windowCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01673A98 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 160fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E35B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0094955B Relevance: 6.2, APIs: 4, Instructions: 155COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0090470A Relevance: 6.1, APIs: 4, Instructions: 136COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 016726B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41processCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0095CADD Relevance: 4.9, APIs: 3, Instructions: 392COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008EF76F Relevance: 4.7, APIs: 3, Instructions: 168comCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E434A Relevance: 4.6, APIs: 3, Instructions: 77windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0090571C Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00948D0D Relevance: 4.5, APIs: 3, Instructions: 22COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E7A51 Relevance: 3.1, APIs: 2, Instructions: 97COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E47D0 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01672728 Relevance: 1.7, APIs: 1, Instructions: 167COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00900C08 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0091FCAC Relevance: 1.6, APIs: 1, Instructions: 88COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E7B53 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E4DDD Relevance: 1.6, APIs: 1, Instructions: 64libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0091FD85 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00904863 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E4E4A Relevance: 1.5, APIs: 1, Instructions: 28COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00900791 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00948E9F Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01671F98 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01671F68 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0090525B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01673984 Relevance: 1.3, APIs: 1, Instructions: 21sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01673988 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0096CABC Relevance: 74.1, APIs: 40, Strings: 2, Instructions: 632windowkeyboardCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00967DDB Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 571windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E48D7 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 131keyboardthreadwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0094C75C Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 280timefileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0094EF95 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 119fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00960857 Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0094F0F2 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 112fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0094A1EF Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 102fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008F66E1 Relevance: 18.4, Strings: 14, Instructions: 889COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00954164 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009437EF Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 167fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0094F3F3 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 120filesleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008F5760 Relevance: 11.0, APIs: 7, Instructions: 532COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00943B12 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009451BD Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59shutdownCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00956283 Relevance: 9.1, APIs: 6, Instructions: 84networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008F5520 Relevance: 8.0, APIs: 5, Instructions: 516COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E1287 Relevance: 7.9, APIs: 5, Instructions: 379COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0094BCBC Relevance: 7.6, APIs: 5, Instructions: 143fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00965376 Relevance: 7.6, APIs: 5, Instructions: 69windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009380A9 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E4B37 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008F3030 Relevance: 6.6, APIs: 4, Instructions: 587COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0093E616 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 561stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0094B3FB Relevance: 4.6, APIs: 3, Instructions: 73COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009387E1 Relevance: 4.6, APIs: 3, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0093874B Relevance: 4.5, APIs: 3, Instructions: 43memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0094C6D1 Relevance: 3.1, APIs: 2, Instructions: 52fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0094A06A Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009381CB Relevance: 3.0, APIs: 2, Instructions: 22COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0090F1D9 Relevance: 2.1, APIs: 1, Instructions: 645COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0091242E Relevance: 1.8, APIs: 1, Instructions: 294COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00948889 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00944C27 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009387B1 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0090A124 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008F8808 Relevance: .6, Instructions: 590COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009021C5 Relevance: .3, Instructions: 345COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009025FA Relevance: .3, Instructions: 341COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00901D90 Relevance: .3, Instructions: 331COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00901978 Relevance: .3, Instructions: 323COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00957806 Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 491filecommemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0096356B Relevance: 51.1, APIs: 6, Strings: 23, Instructions: 365windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0096A5DA Relevance: 49.8, APIs: 33, Instructions: 260COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009574AB Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00969A1C Relevance: 42.5, APIs: 23, Strings: 1, Instructions: 455windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009689D5 Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 401windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0096488F Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E27D9 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 286windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00963DE2 Relevance: 28.3, APIs: 3, Strings: 13, Instructions: 283windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0093A439 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 273windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00954FFD Relevance: 25.6, APIs: 17, Instructions: 110COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0096A1B9 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 205windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0096C5FE Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 181windowfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00964392 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 251windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0096B7FE Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 197windowlibraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0094DC1A Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 185timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0093F8AA Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 138windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0096C1AC Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0095731A Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009377DC Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 128registryshareCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0093F7A1 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 75windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009446B7 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 73networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00944F75 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0094D58D Relevance: 18.3, APIs: 12, Instructions: 283comCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0093C267 Relevance: 18.2, APIs: 12, Instructions: 174COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E201B Relevance: 18.2, APIs: 12, Instructions: 170timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E21A5 Relevance: 18.1, APIs: 12, Instructions: 132COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00967152 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 103windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009674BB Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00906E03 Relevance: 16.8, APIs: 11, Instructions: 258COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009583BB Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00955732 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00938F8F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0093907A Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00939163 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 72windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009588AB Relevance: 15.3, APIs: 10, Instructions: 324fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00947990 Relevance: 15.3, APIs: 10, Instructions: 292COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008EFA5D Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 264comCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E2E26 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 186windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00951A15 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 134networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00958C46 Relevance: 13.9, APIs: 9, Instructions: 438COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00968645 Relevance: 13.7, APIs: 9, Instructions: 168COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0093966E Relevance: 13.6, APIs: 9, Instructions: 66sleepkeyboardwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00966D80 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00942F94 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 82windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009442F8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E2A5B Relevance: 12.1, APIs: 8, Instructions: 129COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009470C6 Relevance: 12.1, APIs: 8, Instructions: 101fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009661D3 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0093BBAF Relevance: 12.1, APIs: 8, Instructions: 92COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E1424 Relevance: 10.7, APIs: 7, Instructions: 219COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009455FD Relevance: 10.6, APIs: 7, Instructions: 138timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00943671 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111filestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00967291 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009662CD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0093DAEB Relevance: 10.6, APIs: 7, Instructions: 95memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0093DBC4 Relevance: 10.6, APIs: 7, Instructions: 90memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009675CD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0090406B Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E1DB3 Relevance: 9.3, APIs: 6, Instructions: 254COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009464B8 Relevance: 9.2, APIs: 6, Instructions: 205COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00965799 Relevance: 9.2, APIs: 6, Instructions: 160windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0093EEEC Relevance: 9.2, APIs: 6, Instructions: 159COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0094220A Relevance: 9.1, APIs: 6, Instructions: 138windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E1765 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0096B69E Relevance: 9.1, APIs: 6, Instructions: 109windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0095709E Relevance: 9.1, APIs: 6, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00938879 Relevance: 9.1, APIs: 6, Instructions: 69memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009385B1 Relevance: 9.1, APIs: 6, Instructions: 65processCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0093B790 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00947230 Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00938992 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00942A96 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0093D56C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121comlibraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00942753 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00938E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0095182D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009663E7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00946D9C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00946E6A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0095EB55 Relevance: 7.7, APIs: 5, Instructions: 247COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0094E571 Relevance: 7.6, APIs: 5, Instructions: 135COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0096A056 Relevance: 7.6, APIs: 5, Instructions: 130COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009363AA Relevance: 7.6, APIs: 5, Instructions: 97windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0093B1EC Relevance: 7.6, APIs: 5, Instructions: 88windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0096B14B Relevance: 7.6, APIs: 5, Instructions: 85COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00939307 Relevance: 7.6, APIs: 5, Instructions: 84windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00955A4D Relevance: 7.6, APIs: 5, Instructions: 70COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E12F3 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0093BC9E Relevance: 7.6, APIs: 5, Instructions: 61COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00944A93 Relevance: 7.6, APIs: 5, Instructions: 56synchronizationthreadwindowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00938202 Relevance: 7.5, APIs: 5, Instructions: 49memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0093710A Relevance: 7.5, APIs: 5, Instructions: 48stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00945244 Relevance: 7.5, APIs: 5, Instructions: 48sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0093810A Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E13B0 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009397F5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009673D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00967B93 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00966CB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0096770E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E4C03 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E4C36 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00960DE7 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009590E0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0093717D Relevance: 6.3, APIs: 4, Instructions: 333COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0095E02A Relevance: 6.3, APIs: 4, Instructions: 307memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00958093 Relevance: 6.3, APIs: 4, Instructions: 267COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00937530 Relevance: 6.2, APIs: 4, Instructions: 231COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0093687D Relevance: 6.2, APIs: 4, Instructions: 202memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009697F4 Relevance: 6.1, APIs: 4, Instructions: 140COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00939A80 Relevance: 6.1, APIs: 4, Instructions: 129windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0095641A Relevance: 6.1, APIs: 4, Instructions: 116COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0094B7F4 Relevance: 6.1, APIs: 4, Instructions: 111fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00968851 Relevance: 6.1, APIs: 4, Instructions: 109COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0096AB37 Relevance: 6.1, APIs: 4, Instructions: 106windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00964EEE Relevance: 6.1, APIs: 4, Instructions: 95COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00943C55 Relevance: 6.1, APIs: 4, Instructions: 85processCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0096C498 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00938656 Relevance: 6.1, APIs: 4, Instructions: 79memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0090098C Relevance: 6.1, APIs: 4, Instructions: 79COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00951767 Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00943A2A Relevance: 6.1, APIs: 4, Instructions: 78COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0093DCBE Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00956369 Relevance: 6.1, APIs: 4, Instructions: 61networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00938B41 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E1290 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00941142 Relevance: 6.1, APIs: 4, Instructions: 51sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0096B2C5 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0096B635 Relevance: 6.0, APIs: 4, Instructions: 40processCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00946BDA Relevance: 6.0, APIs: 4, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008E2218 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00938712 Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00905DAC Relevance: 6.0, APIs: 4, Instructions: 14threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0094AFAC Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201shareCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008F2957 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0095258E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00967A71 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009428A2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009666D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00966920 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009429AF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009521D6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00957D8B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00938E05 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00938CFD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00938D82 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00937C74 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00965998 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00965964 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|