Edit tour
Windows
Analysis Report
czHx16QwGQ.exe
Overview
General Information
| Sample name: | czHx16QwGQ.exerenamed because original name is a hash value |
| Original sample name: | 84b2e764db4bcdad20e5b5455c35a59e9382d29c77ee3ce50940de23691a85a8.exe |
| Analysis ID: | 1588292 |
| MD5: | 1a0fe25178e09cf0facc1f7bd6f221a8 |
| SHA1: | 51e3ccc0373f62778f0d3ccc79f5f16136f77129 |
| SHA256: | 84b2e764db4bcdad20e5b5455c35a59e9382d29c77ee3ce50940de23691a85a8 |
| Tags: | exeGuLoaderuser-adrian__luca |
| Infos: |  |
 | |
Detection
GuLoader, MassLogger RAT
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected MassLogger RAT
Yara detected Telegram RAT
AI detected suspicious sample
Disable Task Manager(disabletaskmgr)
Disables CMD prompt
Disables the Windows task manager (taskmgr)
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Classification
- System is w10x64
czHx16QwGQ.exe (PID: 1976 cmdline:
"C:\Users\ user\Deskt op\czHx16Q wGQ.exe" MD5: 1A0FE25178E09CF0FACC1F7BD6F221A8) "C:\Users\ user\Deskt op\czHx16Q wGQ.exe" MD5: 1A0FE25178E09CF0FACC1F7BD6F221A8)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
{"C2 url": "https://api.telegram.org/bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendMessage"}{"EXfil Mode": "Telegram", "Telegram Token": "7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc", "Telegram Chatid": "7382809095"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | ||
| Click to see the 2 entries | ||||
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T23:39:01.786657+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49821 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:03.820929+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49837 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:05.562695+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49848 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:07.214329+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49858 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:08.866445+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49870 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:10.471564+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49882 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:12.121448+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49894 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:13.759190+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49909 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:15.579856+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49920 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:17.124804+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49933 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:18.724664+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49945 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:20.369646+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49959 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:21.953870+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49971 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:23.463010+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49983 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:25.033820+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49995 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:26.604848+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 50007 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:28.114488+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 50010 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:29.654705+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 50012 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:31.151584+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 50014 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:32.720784+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 50016 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:37.230195+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 50018 | 149.154.167.220 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T23:38:53.628248+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.8 | 49770 | 193.122.6.168 | 80 | TCP |
| 2025-01-10T23:39:00.831434+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.8 | 49770 | 193.122.6.168 | 80 | TCP |
| 2025-01-10T23:39:02.909553+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.8 | 49831 | 193.122.6.168 | 80 | TCP |
| 2025-01-10T23:39:04.534573+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.8 | 49843 | 193.122.6.168 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T23:38:48.199385+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.8 | 49735 | 216.58.206.46 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T23:39:01.479700+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49821 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:03.511066+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49837 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:05.091683+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49848 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:06.875951+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49858 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:08.463009+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49870 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:10.124870+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49882 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:11.748841+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49894 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:13.393119+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49909 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:15.071860+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49920 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:16.886597+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49933 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:18.401899+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49945 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:20.015911+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49959 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:21.647836+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49971 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:23.224937+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49983 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:24.739870+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 49995 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:26.301176+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 50007 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:27.882638+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 50010 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:29.424430+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 50012 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:30.938589+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 50014 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:32.440265+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 50016 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:36.938687+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.8 | 50018 | 149.154.167.220 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Integrated Neural Analysis Model: | ||
Location Tracking | |
|---|
| Source: | DNS query: | ||
| Source: | Code function: | 5_2_3836D1EC | |
| Source: | Code function: | 5_2_3836D9D9 | |
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_0040672B | |
| Source: | Code function: | 0_2_00405AFA | |
| Source: | Code function: | 0_2_00402868 | |
| Source: | Code function: | 5_2_00402868 | |
| Source: | Code function: | 5_2_0040672B | |
| Source: | Code function: | 5_2_00405AFA | |
| Source: | Code function: | 5_2_383603AF | |
| Source: | Code function: | 5_2_38360C28 | |
| Source: | Code function: | 5_2_3836C638 | |
| Source: | Code function: | 5_2_3836B07F | |
| Source: | Code function: | 5_2_3836F05A | |
| Source: | Code function: | 5_2_3836B930 | |
| Source: | Code function: | 5_2_3836C1F2 | |
| Source: | Code function: | 5_2_3836DA89 | |
| Source: | Code function: | 5_2_3836E347 | |
| Source: | Code function: | 5_2_3836EBF7 | |
| Source: | Code function: | 5_2_38360C1B | |
| Source: | Code function: | 5_2_3836B4D8 | |
| Source: | Code function: | 5_2_3836BDA2 | |
| Source: | Code function: | 5_2_3836DEE1 | |
| Source: | Code function: | 5_2_38360F6F | |
| Source: | Code function: | 5_2_3836E79F | |
| Source: | Code function: | 5_2_38F4BDF0 | |
| Source: | Code function: | 5_2_38F48650 | |
| Source: | Code function: | 5_2_38F48650 | |
| Source: | Code function: | 5_2_38F47070 | |
| Source: | Code function: | 5_2_38F41858 | |
| Source: | Code function: | 5_2_38F44820 | |
| Source: | Code function: | 5_2_38F429B8 | |
| Source: | Code function: | 5_2_38F42108 | |
| Source: | Code function: | 5_2_38F45AB8 | |
| Source: | Code function: | 5_2_38F43268 | |
| Source: | Code function: | 5_2_38F45208 | |
| Source: | Code function: | 5_2_38F443C8 | |
| Source: | Code function: | 5_2_38F46368 | |
| Source: | Code function: | 5_2_38F47B4F | |
| Source: | Code function: | 5_2_38F43B18 | |
| Source: | Code function: | 5_2_38F474C8 | |
| Source: | Code function: | 5_2_38F41CB0 | |
| Source: | Code function: | 5_2_38F46C18 | |
| Source: | Code function: | 5_2_38F41400 | |
| Source: | Code function: | 5_2_38F44DB0 | |
| Source: | Code function: | 5_2_38F42560 | |
| Source: | Code function: | 5_2_38F436C0 | |
| Source: | Code function: | 5_2_38F45660 | |
| Source: | Code function: | 5_2_38F42E10 | |
| Source: | Code function: | 5_2_38F467C0 | |
| Source: | Code function: | 5_2_38F40FA8 | |
| Source: | Code function: | 5_2_38F43F70 | |
| Source: | Code function: | 5_2_38F45F10 | |
| Source: | Code function: | 5_2_3947E790 | |
| Source: | Code function: | 5_2_3947F2DE | |
| Source: | Code function: | 5_2_3947F5A0 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_0040558F | |
| Source: | Process Stats: | ||
| Source: | Code function: | 0_2_004034A5 | |
| Source: | Code function: | 5_2_004034A5 | |
| Source: | Code function: | 0_2_00404DCC | |
| Source: | Code function: | 0_2_00406AF2 | |
| Source: | Code function: | 0_2_73961B5F | |
| Source: | Code function: | 5_2_00404DCC | |
| Source: | Code function: | 5_2_00406AF2 | |
| Source: | Code function: | 5_2_00164338 | |
| Source: | Code function: | 5_2_00168DF8 | |
| Source: | Code function: | 5_2_00165978 | |
| Source: | Code function: | 5_2_3836603D | |
| Source: | Code function: | 5_2_383603AF | |
| Source: | Code function: | 5_2_3836CCA0 | |
| Source: | Code function: | 5_2_3836C638 | |
| Source: | Code function: | 5_2_3836B07F | |
| Source: | Code function: | 5_2_3836F05A | |
| Source: | Code function: | 5_2_38367848 | |
| Source: | Code function: | 5_2_3836B930 | |
| Source: | Code function: | 5_2_3836C1F2 | |
| Source: | Code function: | 5_2_3836DA89 | |
| Source: | Code function: | 5_2_3836E347 | |
| Source: | Code function: | 5_2_3836EBF7 | |
| Source: | Code function: | 5_2_3836CCA2 | |
| Source: | Code function: | 5_2_3836B4D8 | |
| Source: | Code function: | 5_2_3836BDA2 | |
| Source: | Code function: | 5_2_38367628 | |
| Source: | Code function: | 5_2_3836DEE1 | |
| Source: | Code function: | 5_2_3836E79F | |
| Source: | Code function: | 5_2_38F4A9B0 | |
| Source: | Code function: | 5_2_38F4BA97 | |
| Source: | Code function: | 5_2_38F4A360 | |
| Source: | Code function: | 5_2_38F4BDF0 | |
| Source: | Code function: | 5_2_38F49D10 | |
| Source: | Code function: | 5_2_38F496C8 | |
| Source: | Code function: | 5_2_38F48650 | |
| Source: | Code function: | 5_2_38F420F8 | |
| Source: | Code function: | 5_2_38F47070 | |
| Source: | Code function: | 5_2_38F47061 | |
| Source: | Code function: | 5_2_38F41858 | |
| Source: | Code function: | 5_2_38F40040 | |
| Source: | Code function: | 5_2_38F44820 | |
| Source: | Code function: | 5_2_38F451F8 | |
| Source: | Code function: | 5_2_38F429B8 | |
| Source: | Code function: | 5_2_38F4A9A0 | |
| Source: | Code function: | 5_2_38F42108 | |
| Source: | Code function: | 5_2_38F45AB8 | |
| Source: | Code function: | 5_2_38F45AA8 | |
| Source: | Code function: | 5_2_38F43268 | |
| Source: | Code function: | 5_2_38F43258 | |
| Source: | Code function: | 5_2_38F45208 | |
| Source: | Code function: | 5_2_38F413F0 | |
| Source: | Code function: | 5_2_38F443C8 | |
| Source: | Code function: | 5_2_38F46368 | |
| Source: | Code function: | 5_2_38F4A352 | |
| Source: | Code function: | 5_2_38F46358 | |
| Source: | Code function: | 5_2_38F47B4F | |
| Source: | Code function: | 5_2_38F43B18 | |
| Source: | Code function: | 5_2_38F43B08 | |
| Source: | Code function: | 5_2_38F474C8 | |
| Source: | Code function: | 5_2_38F41CB0 | |
| Source: | Code function: | 5_2_38F474B8 | |
| Source: | Code function: | 5_2_38F41CA0 | |
| Source: | Code function: | 5_2_38F46C18 | |
| Source: | Code function: | 5_2_38F41400 | |
| Source: | Code function: | 5_2_38F46C09 | |
| Source: | Code function: | 5_2_38F44DB0 | |
| Source: | Code function: | 5_2_38F44DB2 | |
| Source: | Code function: | 5_2_38F42560 | |
| Source: | Code function: | 5_2_38F4255F | |
| Source: | Code function: | 5_2_38F49D00 | |
| Source: | Code function: | 5_2_38F436C0 | |
| Source: | Code function: | 5_2_38F436C2 | |
| Source: | Code function: | 5_2_38F496B8 | |
| Source: | Code function: | 5_2_38F45660 | |
| Source: | Code function: | 5_2_38F4565F | |
| Source: | Code function: | 5_2_38F48640 | |
| Source: | Code function: | 5_2_38F42E10 | |
| Source: | Code function: | 5_2_38F42E00 | |
| Source: | Code function: | 5_2_38F4AFF7 | |
| Source: | Code function: | 5_2_38F4AFF8 | |
| Source: | Code function: | 5_2_38F467C0 | |
| Source: | Code function: | 5_2_38F467B0 | |
| Source: | Code function: | 5_2_38F40FA8 | |
| Source: | Code function: | 5_2_38F40F98 | |
| Source: | Code function: | 5_2_38F43F70 | |
| Source: | Code function: | 5_2_38F43F72 | |
| Source: | Code function: | 5_2_38F45F10 | |
| Source: | Code function: | 5_2_39476FA0 | |
| Source: | Code function: | 5_2_3947E790 | |
| Source: | Code function: | 5_2_3947D608 | |
| Source: | Code function: | 5_2_39478328 | |
| Source: | Code function: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_004034A5 | |
| Source: | Code function: | 5_2_004034A5 | |
| Source: | Code function: | 0_2_00404850 | |
| Source: | Code function: | 0_2_00402104 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | Code function: | 0_2_73961B5F | |
| Source: | Code function: | 5_2_0016A492 | |
| Source: | Code function: | 5_2_0016A4FD | |
| Source: | Code function: | 5_2_38366A05 | |
| Source: | Code function: | 5_2_3836AF80 | |
| Source: | Code function: | 5_2_383677EB | |
| Source: | File created: | Jump to dropped file | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | API coverage: | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 0_2_0040672B | |
| Source: | Code function: | 0_2_00405AFA | |
| Source: | Code function: | 0_2_00402868 | |
| Source: | Code function: | 5_2_00402868 | |
| Source: | Code function: | 5_2_0040672B | |
| Source: | Code function: | 5_2_00405AFA | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-4579 | ||
| Source: | API call chain: | graph_0-4735 | ||
| Source: | Code function: | 0_2_00406943 | |
| Source: | Code function: | 0_2_73961B5F | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_004034A5 | |
| Source: | Key value queried: | Jump to behavior | ||
Lowering of HIPS / PFW / Operating System Security Settings | |
|---|
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry key created or modified: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Access Token Manipulation | 1 Masquerading | 1 OS Credential Dumping | 21 Security Software Discovery | Remote Services | 1 Email Collection | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 11 Process Injection | 31 Disable or Modify Tools | LSASS Memory | 31 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 31 Virtualization/Sandbox Evasion | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | 1 Data from Local System | 1 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Access Token Manipulation | NTDS | 1 System Network Configuration Discovery | Distributed Component Object Model | 1 Clipboard Data | 3 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Process Injection | LSA Secrets | 2 File and Directory Discovery | SSH | Keylogging | 14 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Deobfuscate/Decode Files or Information | Cached Domain Credentials | 215 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 3 Obfuscated Files or Information | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 75% | Virustotal | Browse | ||
| 63% | ReversingLabs | Win32.Trojan.Guloader | ||
| 100% | Avira | HEUR/AGEN.1337946 |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| drive.google.com | 216.58.206.46 | true | false | high | |
| drive.usercontent.google.com | 142.250.181.225 | true | false | high | |
| reallyfreegeoip.org | 104.21.112.1 | true | false | high | |
| api.telegram.org | 149.154.167.220 | true | false | high | |
| checkip.dyndns.com | 193.122.6.168 | true | false | high | |
| checkip.dyndns.org | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
| 104.21.112.1 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false | |
| 142.250.181.225 | drive.usercontent.google.com | United States | 15169 | GOOGLEUS | false | |
| 193.122.6.168 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false | |
| 216.58.206.46 | drive.google.com | United States | 15169 | GOOGLEUS | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1588292 |
| Start date and time: | 2025-01-10 23:36:27 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 7m 42s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 8 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | czHx16QwGQ.exerenamed because original name is a hash value |
| Original Sample Name: | 84b2e764db4bcdad20e5b5455c35a59e9382d29c77ee3ce50940de23691a85a8.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/8@5/5 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 172.202.163.200, 20.109.210.53, 13.107.246.45
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 17:38:59 | API Interceptor | |
| 23:37:17 | Task Scheduler |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 149.154.167.220 | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| 104.21.112.1 | Get hash | malicious | FormBook | Browse |
| |
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
| Get hash | malicious | CMSBrute | Browse |
| ||
| 193.122.6.168 | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| checkip.dyndns.com | Get hash | malicious | Snake Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| reallyfreegeoip.org | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| api.telegram.org | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| ORACLE-BMC-31898US | Get hash | malicious | MassLogger RAT | Browse |
| |
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| TELEGRAMRU | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | Snake Keylogger | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | Snake Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nsqC9EA.tmp\System.dll | Get hash | malicious | GuLoader, MassLogger RAT | Browse | ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| Process: | C:\Users\user\Desktop\czHx16QwGQ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 484658 |
| Entropy (8bit): | 7.809711763657168 |
| Encrypted: | false |
| SSDEEP: | 12288:W1S3xo63wl4biprI2S4WwWEcwxg9dvVAxZOCLF0DB:Wo3xX3y4bz2lWwWo6rSTZyd |
| MD5: | 5C727AE28F0DECF497FBB092BAE01B4E |
| SHA1: | AADE364AE8C2C91C6F59F85711B53078FB0763B7 |
| SHA-256: | 77CCACF58330509839E17A6CFD6B17FE3DE31577D8E2C37DC413839BA2FEEC80 |
| SHA-512: | 5246C0FBA41DF66AF89D986A3CEABC99B61DB9E9C217B28B2EC18AF31E3ED17C865387223CEB3A38A804243CF3307E07E557549026F49F52829BEBC4D4546C40 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\czHx16QwGQ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 112291 |
| Entropy (8bit): | 1.249420131631438 |
| Encrypted: | false |
| SSDEEP: | 768:5R+BCpkJWjYWL2MxTVLvUjpGqik9JiAfWA2DBQwD1PzUH+HYZmIo7x31sT:WCZY21w0I2NZYD |
| MD5: | 4D1D72CFC5940B09DFBD7B65916F532E |
| SHA1: | 30A45798B534842002B103A36A3B907063F8A96C |
| SHA-256: | 479F1904096978F1011DF05D52021FAEEE028D4CF331024C965CED8AF1C8D496 |
| SHA-512: | 048844A09E291903450188715BCDDF14F0F1F10BEAFBD005882EBF5D5E31A71D8F93EEBE788BD54B4AED2266C454F4DCA18AF4567977B7E773BBE29A38DEA45B |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\czHx16QwGQ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 362089 |
| Entropy (8bit): | 1.23992084267325 |
| Encrypted: | false |
| SSDEEP: | 768:xOeaameETrlE0+1mGOWb3h5WAV0hW+JSLSwzj2HlSdL0f6mhKZRaqOzWz6szt3cA:x+ds5dYOVxIW3hhdeRt6MeZ1W4vB |
| MD5: | A4340182CDDD2EC1F1480360218343F9 |
| SHA1: | 50EF929FEA713AA6FCC05E8B75F497B7946B285B |
| SHA-256: | B91E5B1FF5756F0B93DCF11CBC8B467CDA0C5792DE24D27EC86E7C74388B44B3 |
| SHA-512: | 021F198AFF7CCED92912C74FC97D1919A9E059F22E99AB1236FBAA36C16B520C07B78F47FC01FCFAC1B53A87CDAE3E440D0589FA2844612617FAB2EDB64A3573 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\czHx16QwGQ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 274384 |
| Entropy (8bit): | 7.777955751363666 |
| Encrypted: | false |
| SSDEEP: | 6144:t2KrjgMsvnR11IlECV7ixu2m0ZMIjZgIAbd0nUaA6wFaw:5sMsvnX1ICw2rZMyMb3a9wFb |
| MD5: | 5D79775148C09B7A085EDC598B46C3F1 |
| SHA1: | C07D2987A7351B84D333D8AE959D01F753B6BF65 |
| SHA-256: | 7D62148C2FF50EB7EB0F16DDC5D68A8A26CBB88FBF4C77ADC7B973F5F7F359A0 |
| SHA-512: | 6352578460E4D21D0792B8F55C0A7531AB8E71000EB9921BB891D7B17407D2152B9FF5D4A4BBFF4326D5643EE63CDC699FF22C963F69230D7A0A195CF75D46E7 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\czHx16QwGQ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 68445 |
| Entropy (8bit): | 4.608525493692617 |
| Encrypted: | false |
| SSDEEP: | 1536:dhiMuKUm30j8f0XnHuQhpZQ+GaZEnS4yW:XULj8sXHpjJJW |
| MD5: | E49A8F6BEE0252312ED665FD40B5666E |
| SHA1: | F6693AB5F6453C1FABA444E433539D03E09C2FF8 |
| SHA-256: | 7EC95F001996C574DA52DD9316D0CA55F4570815CCA6FDB52DBD95D895A4066B |
| SHA-512: | 1D75A9921A10D9FCABB92CEE82A820E0AE885FD379C9E2439491AC4D309C138204815188416E3E262D3F6BD7A7A8370609BD9996FAE7E6027FE63A6B62BC6FC3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\czHx16QwGQ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 139354 |
| Entropy (8bit): | 1.2473328695625903 |
| Encrypted: | false |
| SSDEEP: | 768:9OsMSh8lSnJGyUzWZsO2ipzPFmDZC9kpzroto48tf2+5lVp:9delFlqNawgJp |
| MD5: | B0FB6B583D6902DE58E1202D12BA4832 |
| SHA1: | 7F585B5C3A4581CE76E373C78A6513F157B20480 |
| SHA-256: | E6EA5F6D0C7F5FA407269C7F4FF6D97149B7611071BF5BF6C454B810501AE661 |
| SHA-512: | E0894FFBD76C3476DC083DAFD24F88964BF6E09E4CA955766B43FE73A764A00247C930E9996652A22B57B27826CD94F88B8178514060CA398DE568675F9E4571 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\czHx16QwGQ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 5.719859767584478 |
| Encrypted: | false |
| SSDEEP: | 192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6 |
| MD5: | 0D7AD4F45DC6F5AA87F606D0331C6901 |
| SHA1: | 48DF0911F0484CBE2A8CDD5362140B63C41EE457 |
| SHA-256: | 3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA |
| SHA-512: | C07DE7308CB54205E8BD703001A7FE4FD7796C9AC1B4BB330C77C872BF712B093645F40B80CE7127531FE6746A5B66E18EA073AB6A644934ABED9BB64126FEA9 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\czHx16QwGQ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1467374 |
| Entropy (8bit): | 5.470993464057012 |
| Encrypted: | false |
| SSDEEP: | 24576:usMI+CTWyyKOFko3xX3y4bz2lWwWo6rSTZyBwe:EIPanKOSoBXbz2luo6rS1yBD |
| MD5: | 45517799D523F02B1C97A24B9C02AC51 |
| SHA1: | 6C1ABD841208D3C666FB9A6712036687417ACA2A |
| SHA-256: | CFE314D84F1C8A06E64A33FC2D1D21DEF5EA615346898D1B9B8CDF5C90C74725 |
| SHA-512: | 8FCDABA6F7ACBDF64843ED8DC5361164F00588CD72F199165E25C708331E75C9E34EAAF0C6F3EDF5983874B8D7C8C7F9CEEC7CA74716A3028FAF9C333A418727 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.959228516971741 |
| TrID: |
|
| File name: | czHx16QwGQ.exe |
| File size: | 1'014'160 bytes |
| MD5: | 1a0fe25178e09cf0facc1f7bd6f221a8 |
| SHA1: | 51e3ccc0373f62778f0d3ccc79f5f16136f77129 |
| SHA256: | 84b2e764db4bcdad20e5b5455c35a59e9382d29c77ee3ce50940de23691a85a8 |
| SHA512: | 619f51488cd6a83690587883bcfa64e0009fdbe8ef60c31133b310fc2b49743617557421415e71f0fc44c13ef65aac36b3e8dc5af24ab12c32bb27bb33a2a8d7 |
| SSDEEP: | 24576:9jwKCN6c+42RBHzWeyBc4naJ2ZssPoZT0tDVQX:V1Cwc+4YHyB9ap3ZT1 |
| TLSH: | 0125234D3357DE2BC2E0CB71BF479B5A7DAD9E000D80A96301A43F8A7533991827E7A5 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...$..\.................f...*..... |
 | |
| Icon Hash: | 46224e4c19391d03 |
| Entrypoint: | 0x4034a5 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x5C157F24 [Sat Dec 15 22:24:36 2018 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 1f23f452093b5c1ff091a2f9fb4fa3e9 |
| Instruction |
|---|
| sub esp, 000002D4h |
| push ebx |
| push esi |
| push edi |
| push 00000020h |
| pop edi |
| xor ebx, ebx |
| push 00008001h |
| mov dword ptr [esp+14h], ebx |
| mov dword ptr [esp+10h], 0040A230h |
| mov dword ptr [esp+1Ch], ebx |
| call dword ptr [004080ACh] |
| call dword ptr [004080A8h] |
| and eax, BFFFFFFFh |
| cmp ax, 00000006h |
| mov dword ptr [0042A24Ch], eax |
| je 00007F15F08251A3h |
| push ebx |
| call 00007F15F082846Dh |
| cmp eax, ebx |
| je 00007F15F0825199h |
| push 00000C00h |
| call eax |
| mov esi, 004082B0h |
| push esi |
| call 00007F15F08283E7h |
| push esi |
| call dword ptr [00408150h] |
| lea esi, dword ptr [esi+eax+01h] |
| cmp byte ptr [esi], 00000000h |
| jne 00007F15F082517Ch |
| push 0000000Ah |
| call 00007F15F0828440h |
| push 00000008h |
| call 00007F15F0828439h |
| push 00000006h |
| mov dword ptr [0042A244h], eax |
| call 00007F15F082842Dh |
| cmp eax, ebx |
| je 00007F15F08251A1h |
| push 0000001Eh |
| call eax |
| test eax, eax |
| je 00007F15F0825199h |
| or byte ptr [0042A24Fh], 00000040h |
| push ebp |
| call dword ptr [00408044h] |
| push ebx |
| call dword ptr [004082A0h] |
| mov dword ptr [0042A318h], eax |
| push ebx |
| lea eax, dword ptr [esp+34h] |
| push 000002B4h |
| push eax |
| push ebx |
| push 004216E8h |
| call dword ptr [00408188h] |
| push 0040A384h |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8504 | 0xa0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x55000 | 0x21068 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x6409 | 0x6600 | bfe2b726d49cbd922b87bad5eea65e61 | False | 0.6540287990196079 | data | 6.416186322230332 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8000 | 0x1396 | 0x1400 | d45dcba8ca646543f7e339e20089687e | False | 0.45234375 | data | 5.154907432640367 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xa000 | 0x20358 | 0x600 | 8575fc5e872ca789611c386779287649 | False | 0.5026041666666666 | data | 4.004402321344153 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x2b000 | 0x2a000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x55000 | 0x21068 | 0x21200 | 03ed2ed76ba15352dac9e48819696134 | False | 0.8714696344339623 | data | 7.556190648348207 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_BITMAP | 0x554c0 | 0x368 | Device independent bitmap graphic, 96 x 16 x 4, image size 768 | English | United States | 0.23623853211009174 |
| RT_ICON | 0x55828 | 0xc2a3 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9966684729162903 |
| RT_ICON | 0x61ad0 | 0x86e0 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.990210843373494 |
| RT_ICON | 0x6a1b0 | 0x5085 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9867559307233299 |
| RT_ICON | 0x6f238 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.4358921161825726 |
| RT_ICON | 0x717e0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.4896810506566604 |
| RT_ICON | 0x72888 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | English | United States | 0.5367803837953091 |
| RT_ICON | 0x73730 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States | 0.6913357400722022 |
| RT_ICON | 0x73fd8 | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1152 | English | United States | 0.38597560975609757 |
| RT_ICON | 0x74640 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | English | United States | 0.4934971098265896 |
| RT_ICON | 0x74ba8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.651595744680851 |
| RT_ICON | 0x75010 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512 | English | United States | 0.46908602150537637 |
| RT_ICON | 0x752f8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | English | United States | 0.5472972972972973 |
| RT_DIALOG | 0x75420 | 0x120 | data | English | United States | 0.53125 |
| RT_DIALOG | 0x75540 | 0x118 | data | English | United States | 0.5678571428571428 |
| RT_DIALOG | 0x75658 | 0x120 | data | English | United States | 0.5104166666666666 |
| RT_DIALOG | 0x75778 | 0xf8 | data | English | United States | 0.6330645161290323 |
| RT_DIALOG | 0x75870 | 0xa0 | data | English | United States | 0.6125 |
| RT_DIALOG | 0x75910 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0x75970 | 0xae | data | English | United States | 0.6091954022988506 |
| RT_VERSION | 0x75a20 | 0x308 | data | English | United States | 0.47036082474226804 |
| RT_MANIFEST | 0x75d28 | 0x33e | XML 1.0 document, ASCII text, with very long lines (830), with no line terminators | English | United States | 0.5542168674698795 |
| DLL | Import |
|---|---|
| KERNEL32.dll | ExitProcess, SetFileAttributesW, Sleep, GetTickCount, CreateFileW, GetFileSize, GetModuleFileNameW, GetCurrentProcess, SetCurrentDirectoryW, GetFileAttributesW, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, CopyFileW, GetShortPathNameW, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalUnlock, GetDiskFreeSpaceW, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW |
| USER32.dll | GetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage |
| GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
| SHELL32.dll | SHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW |
| ADVAPI32.dll | AdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
| COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
| ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T23:38:48.199385+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.8 | 49735 | 216.58.206.46 | 443 | TCP |
| 2025-01-10T23:38:53.628248+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.8 | 49770 | 193.122.6.168 | 80 | TCP |
| 2025-01-10T23:39:00.831434+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.8 | 49770 | 193.122.6.168 | 80 | TCP |
| 2025-01-10T23:39:01.479700+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49821 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:01.786657+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49821 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:02.909553+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.8 | 49831 | 193.122.6.168 | 80 | TCP |
| 2025-01-10T23:39:03.511066+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49837 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:03.820929+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49837 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:04.534573+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.8 | 49843 | 193.122.6.168 | 80 | TCP |
| 2025-01-10T23:39:05.091683+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49848 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:05.562695+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49848 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:06.875951+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49858 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:07.214329+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49858 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:08.463009+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49870 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:08.866445+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49870 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:10.124870+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49882 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:10.471564+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49882 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:11.748841+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49894 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:12.121448+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49894 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:13.393119+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49909 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:13.759190+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49909 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:15.071860+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49920 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:15.579856+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49920 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:16.886597+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49933 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:17.124804+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49933 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:18.401899+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49945 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:18.724664+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49945 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:20.015911+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49959 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:20.369646+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49959 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:21.647836+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49971 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:21.953870+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49971 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:23.224937+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49983 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:23.463010+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49983 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:24.739870+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 49995 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:25.033820+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 49995 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:26.301176+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 50007 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:26.604848+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 50007 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:27.882638+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 50010 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:28.114488+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 50010 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:29.424430+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 50012 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:29.654705+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 50012 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:30.938589+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 50014 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:31.151584+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 50014 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:32.440265+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 50016 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:32.720784+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 50016 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:36.938687+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.8 | 50018 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T23:39:37.230195+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.8 | 50018 | 149.154.167.220 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 10, 2025 23:38:47.154973984 CET | 49735 | 443 | 192.168.2.8 | 216.58.206.46 |
| Jan 10, 2025 23:38:47.154999018 CET | 443 | 49735 | 216.58.206.46 | 192.168.2.8 |
| Jan 10, 2025 23:38:47.155075073 CET | 49735 | 443 | 192.168.2.8 | 216.58.206.46 |
| Jan 10, 2025 23:38:47.174654961 CET | 49735 | 443 | 192.168.2.8 | 216.58.206.46 |
| Jan 10, 2025 23:38:47.174670935 CET | 443 | 49735 | 216.58.206.46 | 192.168.2.8 |
| Jan 10, 2025 23:38:47.819293976 CET | 443 | 49735 | 216.58.206.46 | 192.168.2.8 |
| Jan 10, 2025 23:38:47.819410086 CET | 49735 | 443 | 192.168.2.8 | 216.58.206.46 |
| Jan 10, 2025 23:38:47.820804119 CET | 443 | 49735 | 216.58.206.46 | 192.168.2.8 |
| Jan 10, 2025 23:38:47.820867062 CET | 49735 | 443 | 192.168.2.8 | 216.58.206.46 |
| Jan 10, 2025 23:38:47.890839100 CET | 49735 | 443 | 192.168.2.8 | 216.58.206.46 |
| Jan 10, 2025 23:38:47.890857935 CET | 443 | 49735 | 216.58.206.46 | 192.168.2.8 |
| Jan 10, 2025 23:38:47.891196966 CET | 443 | 49735 | 216.58.206.46 | 192.168.2.8 |
| Jan 10, 2025 23:38:47.891258955 CET | 49735 | 443 | 192.168.2.8 | 216.58.206.46 |
| Jan 10, 2025 23:38:47.897267103 CET | 49735 | 443 | 192.168.2.8 | 216.58.206.46 |
| Jan 10, 2025 23:38:47.939331055 CET | 443 | 49735 | 216.58.206.46 | 192.168.2.8 |
| Jan 10, 2025 23:38:48.199362040 CET | 443 | 49735 | 216.58.206.46 | 192.168.2.8 |
| Jan 10, 2025 23:38:48.199419975 CET | 49735 | 443 | 192.168.2.8 | 216.58.206.46 |
| Jan 10, 2025 23:38:48.199431896 CET | 443 | 49735 | 216.58.206.46 | 192.168.2.8 |
| Jan 10, 2025 23:38:48.199470997 CET | 49735 | 443 | 192.168.2.8 | 216.58.206.46 |
| Jan 10, 2025 23:38:48.199621916 CET | 49735 | 443 | 192.168.2.8 | 216.58.206.46 |
| Jan 10, 2025 23:38:48.199662924 CET | 443 | 49735 | 216.58.206.46 | 192.168.2.8 |
| Jan 10, 2025 23:38:48.199800014 CET | 443 | 49735 | 216.58.206.46 | 192.168.2.8 |
| Jan 10, 2025 23:38:48.199830055 CET | 49735 | 443 | 192.168.2.8 | 216.58.206.46 |
| Jan 10, 2025 23:38:48.199856043 CET | 49735 | 443 | 192.168.2.8 | 216.58.206.46 |
| Jan 10, 2025 23:38:48.226010084 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:48.226048946 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:48.226425886 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:48.226948977 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:48.226963043 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:48.861766100 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:48.861885071 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:48.866559982 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:48.866569996 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:48.866801977 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:48.868501902 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:48.868948936 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:48.911333084 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.137548923 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.137630939 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.143337965 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.143398046 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.155996084 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.156065941 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.156090975 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.156131983 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.162116051 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.162180901 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.224158049 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.224216938 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.224220037 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.224250078 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.224263906 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.224304914 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.226774931 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.228003979 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.228028059 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.228074074 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.233057976 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.233134031 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.233159065 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.233474970 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.239357948 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.239545107 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.239569902 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.239696026 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.245964050 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.246104002 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.246131897 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.246171951 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.252031088 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.252176046 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.252194881 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.252485991 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.258354902 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.258400917 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.258419991 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.258457899 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.264523029 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.264575005 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.264602900 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.265100956 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.270292997 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.270539999 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.270551920 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.270592928 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.276109934 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.276160002 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.276169062 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.276205063 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.281992912 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.282047987 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.282053947 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.282217979 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.287719011 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.287770987 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.291215897 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.291271925 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.293493032 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.293550968 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.310852051 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.310910940 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.310937881 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.310986042 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.310992002 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.311038017 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.311047077 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.311094046 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.311100006 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.311151981 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.312999964 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.313057899 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.313492060 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.313611984 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.318964958 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.319015980 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.319056034 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.319108009 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.319148064 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.319195032 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.324811935 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.324873924 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.324901104 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.324944019 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.329786062 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.329848051 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.329885960 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.330092907 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.334791899 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.334948063 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.334959030 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.334999084 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.339747906 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.339814901 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.339848042 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.340317965 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.344297886 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.344352961 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.344384909 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.344485998 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.349076033 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.349163055 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.349169016 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.349251986 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.349251986 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.353799105 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.353856087 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.353882074 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.353925943 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.358412981 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.358628035 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.358634949 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.358673096 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.362905025 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.363106012 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.363112926 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.363148928 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.367611885 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.367671013 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.367695093 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.367742062 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.372093916 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.372153997 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.372160912 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.372204065 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.376086950 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.376151085 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.376168966 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.376216888 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.376221895 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.376272917 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.376277924 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.376302004 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.376306057 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.376317024 CET | 443 | 49741 | 142.250.181.225 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.376327038 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.376336098 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.376352072 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.376413107 CET | 49741 | 443 | 192.168.2.8 | 142.250.181.225 |
| Jan 10, 2025 23:38:52.761563063 CET | 49770 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:38:52.766331911 CET | 80 | 49770 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.766403913 CET | 49770 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:38:52.766634941 CET | 49770 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:38:52.771364927 CET | 80 | 49770 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:38:53.393935919 CET | 80 | 49770 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:38:53.398046970 CET | 49770 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:38:53.402901888 CET | 80 | 49770 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:38:53.583914995 CET | 80 | 49770 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:38:53.628247976 CET | 49770 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:38:54.231751919 CET | 49779 | 443 | 192.168.2.8 | 104.21.112.1 |
| Jan 10, 2025 23:38:54.231802940 CET | 443 | 49779 | 104.21.112.1 | 192.168.2.8 |
| Jan 10, 2025 23:38:54.232247114 CET | 49779 | 443 | 192.168.2.8 | 104.21.112.1 |
| Jan 10, 2025 23:38:54.235348940 CET | 49779 | 443 | 192.168.2.8 | 104.21.112.1 |
| Jan 10, 2025 23:38:54.235363960 CET | 443 | 49779 | 104.21.112.1 | 192.168.2.8 |
| Jan 10, 2025 23:38:54.705437899 CET | 443 | 49779 | 104.21.112.1 | 192.168.2.8 |
| Jan 10, 2025 23:38:54.705632925 CET | 49779 | 443 | 192.168.2.8 | 104.21.112.1 |
| Jan 10, 2025 23:38:54.709654093 CET | 49779 | 443 | 192.168.2.8 | 104.21.112.1 |
| Jan 10, 2025 23:38:54.709686041 CET | 443 | 49779 | 104.21.112.1 | 192.168.2.8 |
| Jan 10, 2025 23:38:54.710050106 CET | 443 | 49779 | 104.21.112.1 | 192.168.2.8 |
| Jan 10, 2025 23:38:54.714484930 CET | 49779 | 443 | 192.168.2.8 | 104.21.112.1 |
| Jan 10, 2025 23:38:54.755330086 CET | 443 | 49779 | 104.21.112.1 | 192.168.2.8 |
| Jan 10, 2025 23:38:54.852106094 CET | 443 | 49779 | 104.21.112.1 | 192.168.2.8 |
| Jan 10, 2025 23:38:54.852170944 CET | 443 | 49779 | 104.21.112.1 | 192.168.2.8 |
| Jan 10, 2025 23:38:54.852389097 CET | 49779 | 443 | 192.168.2.8 | 104.21.112.1 |
| Jan 10, 2025 23:38:54.865653038 CET | 49779 | 443 | 192.168.2.8 | 104.21.112.1 |
| Jan 10, 2025 23:39:00.399024963 CET | 49770 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:00.403817892 CET | 80 | 49770 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:00.787436008 CET | 80 | 49770 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:00.800596952 CET | 49821 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:00.800647974 CET | 443 | 49821 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:00.800734997 CET | 49821 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:00.801251888 CET | 49821 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:00.801270962 CET | 443 | 49821 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:00.831434011 CET | 49770 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:01.433096886 CET | 443 | 49821 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:01.433255911 CET | 49821 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:01.435688972 CET | 49821 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:01.435709953 CET | 443 | 49821 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:01.436057091 CET | 443 | 49821 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:01.437820911 CET | 49821 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:01.479327917 CET | 443 | 49821 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:01.479449034 CET | 49821 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:01.479510069 CET | 443 | 49821 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:01.786715031 CET | 443 | 49821 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:01.786798954 CET | 443 | 49821 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:01.786876917 CET | 49821 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:01.819340944 CET | 49821 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:02.209644079 CET | 49770 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:02.211687088 CET | 49831 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:02.214627028 CET | 80 | 49770 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:02.214670897 CET | 49770 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:02.216494083 CET | 80 | 49831 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:02.216564894 CET | 49831 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:02.221731901 CET | 49831 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:02.226560116 CET | 80 | 49831 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:02.866861105 CET | 80 | 49831 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:02.868272066 CET | 49837 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:02.868329048 CET | 443 | 49837 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:02.868494034 CET | 49837 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:02.869107008 CET | 49837 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:02.869127035 CET | 443 | 49837 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:02.909553051 CET | 49831 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:03.509021997 CET | 443 | 49837 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:03.510822058 CET | 49837 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:03.510855913 CET | 443 | 49837 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:03.510926962 CET | 49837 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:03.510941029 CET | 443 | 49837 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:03.820924997 CET | 443 | 49837 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:03.820997000 CET | 443 | 49837 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:03.822124958 CET | 49837 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:03.822423935 CET | 49837 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:03.825607061 CET | 49831 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:03.827348948 CET | 49843 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:03.830558062 CET | 80 | 49831 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:03.832160950 CET | 80 | 49843 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:03.832237005 CET | 49831 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:03.832262993 CET | 49843 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:03.833195925 CET | 49843 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:03.837950945 CET | 80 | 49843 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:04.478317022 CET | 80 | 49843 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:04.480051041 CET | 49848 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:04.480097055 CET | 443 | 49848 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:04.480377913 CET | 49848 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:04.480657101 CET | 49848 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:04.480673075 CET | 443 | 49848 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:04.534573078 CET | 49843 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:05.089831114 CET | 443 | 49848 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:05.091310978 CET | 49848 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:05.091336012 CET | 443 | 49848 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:05.091639042 CET | 49848 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:05.091646910 CET | 443 | 49848 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:05.562736988 CET | 443 | 49848 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:05.562823057 CET | 443 | 49848 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:05.562871933 CET | 49848 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:05.563293934 CET | 49848 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:05.568205118 CET | 49853 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:05.573051929 CET | 80 | 49853 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:05.573138952 CET | 49853 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:05.573251963 CET | 49853 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:05.578075886 CET | 80 | 49853 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:06.201462030 CET | 80 | 49853 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:06.202713966 CET | 49858 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:06.202755928 CET | 443 | 49858 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:06.202824116 CET | 49858 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:06.203341007 CET | 49858 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:06.203355074 CET | 443 | 49858 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:06.253283024 CET | 49853 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:06.873847961 CET | 443 | 49858 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:06.875758886 CET | 49858 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:06.875780106 CET | 443 | 49858 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:06.875916958 CET | 49858 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:06.875921965 CET | 443 | 49858 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:07.214374065 CET | 443 | 49858 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:07.214463949 CET | 443 | 49858 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:07.214508057 CET | 49858 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:07.214924097 CET | 49858 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:07.218913078 CET | 49853 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:07.219809055 CET | 49864 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:07.224153042 CET | 80 | 49853 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:07.224231958 CET | 49853 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:07.224720001 CET | 80 | 49864 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:07.224792957 CET | 49864 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:07.224889040 CET | 49864 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:07.229741096 CET | 80 | 49864 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:07.852210999 CET | 80 | 49864 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:07.853728056 CET | 49870 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:07.853764057 CET | 443 | 49870 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:07.853863001 CET | 49870 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:07.854176044 CET | 49870 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:07.854203939 CET | 443 | 49870 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:07.893986940 CET | 49864 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:08.461323977 CET | 443 | 49870 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:08.462840080 CET | 49870 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:08.462855101 CET | 443 | 49870 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:08.462902069 CET | 49870 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:08.462910891 CET | 443 | 49870 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:08.866503954 CET | 443 | 49870 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:08.866606951 CET | 443 | 49870 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:08.866673946 CET | 49870 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:08.867372990 CET | 49870 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:08.872819901 CET | 49864 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:08.874720097 CET | 49876 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:08.877805948 CET | 80 | 49864 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:08.877918005 CET | 49864 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:08.879512072 CET | 80 | 49876 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:08.879597902 CET | 49876 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:08.879765987 CET | 49876 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:08.884540081 CET | 80 | 49876 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:09.514672995 CET | 80 | 49876 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:09.515824080 CET | 49882 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:09.515872955 CET | 443 | 49882 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:09.515995026 CET | 49882 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:09.516388893 CET | 49882 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:09.516407013 CET | 443 | 49882 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:09.565794945 CET | 49876 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:10.122906923 CET | 443 | 49882 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:10.124536991 CET | 49882 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:10.124557018 CET | 443 | 49882 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:10.124814034 CET | 49882 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:10.124820948 CET | 443 | 49882 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:10.471607924 CET | 443 | 49882 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:10.471693039 CET | 443 | 49882 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:10.471750975 CET | 49882 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:10.472577095 CET | 49882 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:10.481726885 CET | 49876 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:10.482968092 CET | 49890 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:10.486875057 CET | 80 | 49876 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:10.486949921 CET | 49876 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:10.487828970 CET | 80 | 49890 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:10.487912893 CET | 49890 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:10.488059044 CET | 49890 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:10.492815971 CET | 80 | 49890 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:11.114548922 CET | 80 | 49890 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:11.115878105 CET | 49894 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:11.115923882 CET | 443 | 49894 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:11.116010904 CET | 49894 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:11.116341114 CET | 49894 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:11.116354942 CET | 443 | 49894 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:11.159533024 CET | 49890 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:11.746968031 CET | 443 | 49894 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:11.748699903 CET | 49894 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:11.748723030 CET | 443 | 49894 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:11.748779058 CET | 49894 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:11.748784065 CET | 443 | 49894 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:12.121522903 CET | 443 | 49894 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:12.121608019 CET | 443 | 49894 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:12.121680021 CET | 49894 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:12.122112989 CET | 49894 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:12.125332117 CET | 49890 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:12.126610994 CET | 49904 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:12.131510019 CET | 80 | 49890 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:12.131632090 CET | 49890 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:12.132345915 CET | 80 | 49904 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:12.132448912 CET | 49904 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:12.132570982 CET | 49904 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:12.137698889 CET | 80 | 49904 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:12.762007952 CET | 80 | 49904 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:12.764650106 CET | 49909 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:12.764667034 CET | 443 | 49909 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:12.764719963 CET | 49909 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:12.765026093 CET | 49909 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:12.765036106 CET | 443 | 49909 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:12.815922976 CET | 49904 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:13.390548944 CET | 443 | 49909 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:13.392889023 CET | 49909 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:13.392904997 CET | 443 | 49909 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:13.392947912 CET | 49909 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:13.392959118 CET | 443 | 49909 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:13.759197950 CET | 443 | 49909 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:13.759263992 CET | 443 | 49909 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:13.759322882 CET | 49909 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:13.759716034 CET | 49909 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:13.762651920 CET | 49904 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:13.763799906 CET | 49915 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:13.767992973 CET | 80 | 49904 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:13.768049002 CET | 49904 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:13.768554926 CET | 80 | 49915 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:13.768651009 CET | 49915 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:13.768699884 CET | 49915 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:13.773436069 CET | 80 | 49915 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:14.395376921 CET | 80 | 49915 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:14.396496058 CET | 49920 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:14.396524906 CET | 443 | 49920 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:14.396608114 CET | 49920 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:14.396847010 CET | 49920 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:14.396857977 CET | 443 | 49920 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:14.441015959 CET | 49915 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:15.070070982 CET | 443 | 49920 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:15.071732044 CET | 49920 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:15.071741104 CET | 443 | 49920 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:15.071818113 CET | 49920 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:15.071821928 CET | 443 | 49920 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:15.580033064 CET | 443 | 49920 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:15.580159903 CET | 443 | 49920 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:15.580262899 CET | 49920 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:15.580928087 CET | 49920 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:15.584559917 CET | 49915 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:15.585275888 CET | 49929 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:15.590150118 CET | 80 | 49915 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:15.590297937 CET | 49915 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:15.590814114 CET | 80 | 49929 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:15.590893984 CET | 49929 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:15.591123104 CET | 49929 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:15.596456051 CET | 80 | 49929 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:16.257596970 CET | 80 | 49929 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:16.258817911 CET | 49933 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:16.258846998 CET | 443 | 49933 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:16.258913040 CET | 49933 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:16.259126902 CET | 49933 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:16.259139061 CET | 443 | 49933 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:16.300199032 CET | 49929 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:16.884807110 CET | 443 | 49933 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:16.886457920 CET | 49933 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:16.886476040 CET | 443 | 49933 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:16.886526108 CET | 49933 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:16.886533976 CET | 443 | 49933 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:17.124847889 CET | 443 | 49933 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:17.124922991 CET | 443 | 49933 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:17.125067949 CET | 49933 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:17.125602007 CET | 49933 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:17.128837109 CET | 49929 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:17.129776955 CET | 49941 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:17.134555101 CET | 80 | 49941 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:17.134653091 CET | 80 | 49929 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:17.134656906 CET | 49941 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:17.134717941 CET | 49929 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:17.134722948 CET | 49941 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:17.139487982 CET | 80 | 49941 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:17.773397923 CET | 80 | 49941 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:17.774748087 CET | 49945 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:17.774794102 CET | 443 | 49945 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:17.774885893 CET | 49945 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:17.775134087 CET | 49945 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:17.775146961 CET | 443 | 49945 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:17.815783024 CET | 49941 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:18.399390936 CET | 443 | 49945 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:18.401691914 CET | 49945 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:18.401710033 CET | 443 | 49945 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:18.401855946 CET | 49945 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:18.401861906 CET | 443 | 49945 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:18.724726915 CET | 443 | 49945 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:18.724808931 CET | 443 | 49945 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:18.724920034 CET | 49945 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:18.725429058 CET | 49945 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:18.728404999 CET | 49941 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:18.729489088 CET | 49953 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:18.733381033 CET | 80 | 49941 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:18.733510017 CET | 49941 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:18.734358072 CET | 80 | 49953 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:18.734426975 CET | 49953 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:18.734554052 CET | 49953 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:18.739348888 CET | 80 | 49953 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:19.379676104 CET | 80 | 49953 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:19.380809069 CET | 49959 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:19.380884886 CET | 443 | 49959 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:19.381010056 CET | 49959 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:19.381242037 CET | 49959 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:19.381272078 CET | 443 | 49959 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:19.425235987 CET | 49953 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:20.013871908 CET | 443 | 49959 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:20.015675068 CET | 49959 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:20.015741110 CET | 443 | 49959 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:20.015816927 CET | 49959 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:20.015846968 CET | 443 | 49959 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:20.369688034 CET | 443 | 49959 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:20.369775057 CET | 443 | 49959 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:20.370080948 CET | 49959 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:20.370498896 CET | 49959 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:20.374191046 CET | 49953 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:20.375498056 CET | 49965 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:20.383119106 CET | 80 | 49953 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:20.383188009 CET | 49953 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:20.383650064 CET | 80 | 49965 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:20.383733988 CET | 49965 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:20.383949995 CET | 49965 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:20.390492916 CET | 80 | 49965 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:21.011235952 CET | 80 | 49965 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:21.012509108 CET | 49971 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:21.012532949 CET | 443 | 49971 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:21.012619019 CET | 49971 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:21.012881041 CET | 49971 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:21.012896061 CET | 443 | 49971 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:21.066000938 CET | 49965 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:21.646163940 CET | 443 | 49971 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:21.647716045 CET | 49971 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:21.647733927 CET | 443 | 49971 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:21.647783995 CET | 49971 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:21.647789001 CET | 443 | 49971 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:21.953931093 CET | 443 | 49971 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:21.954046965 CET | 443 | 49971 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:21.954122066 CET | 49971 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:21.954530001 CET | 49971 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:21.957842112 CET | 49965 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:21.958941936 CET | 49977 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:21.962881088 CET | 80 | 49965 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:21.962948084 CET | 49965 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:21.963721037 CET | 80 | 49977 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:21.963792086 CET | 49977 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:21.963926077 CET | 49977 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:21.968719959 CET | 80 | 49977 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:22.602320910 CET | 80 | 49977 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:22.603586912 CET | 49983 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:22.603622913 CET | 443 | 49983 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:22.603692055 CET | 49983 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:22.603996992 CET | 49983 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:22.604007006 CET | 443 | 49983 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:22.644016981 CET | 49977 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:23.223050117 CET | 443 | 49983 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:23.224757910 CET | 49983 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:23.224767923 CET | 443 | 49983 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:23.224821091 CET | 49983 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:23.224828959 CET | 443 | 49983 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:23.463062048 CET | 443 | 49983 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:23.463145971 CET | 443 | 49983 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:23.463326931 CET | 49983 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:23.463574886 CET | 49983 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:23.466367006 CET | 49977 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:23.467473984 CET | 49989 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:23.471250057 CET | 80 | 49977 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:23.471318007 CET | 49977 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:23.472271919 CET | 80 | 49989 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:23.472393036 CET | 49989 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:23.472474098 CET | 49989 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:23.477219105 CET | 80 | 49989 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:24.118220091 CET | 80 | 49989 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:24.119539022 CET | 49995 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:24.119570017 CET | 443 | 49995 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:24.119657040 CET | 49995 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:24.120111942 CET | 49995 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:24.120125055 CET | 443 | 49995 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:24.159557104 CET | 49989 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:24.737951994 CET | 443 | 49995 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:24.739671946 CET | 49995 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:24.739706039 CET | 443 | 49995 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:24.739784956 CET | 49995 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:24.739801884 CET | 443 | 49995 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:25.033833981 CET | 443 | 49995 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:25.034018040 CET | 443 | 49995 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:25.034086943 CET | 49995 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:25.034672022 CET | 49995 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:25.037655115 CET | 49989 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:25.038872957 CET | 50002 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:25.044158936 CET | 80 | 49989 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:25.044259071 CET | 49989 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:25.045248032 CET | 80 | 50002 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:25.045334101 CET | 50002 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:25.045470953 CET | 50002 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:25.051902056 CET | 80 | 50002 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:25.674902916 CET | 80 | 50002 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:25.676403999 CET | 50007 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:25.676469088 CET | 443 | 50007 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:25.676541090 CET | 50007 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:25.676870108 CET | 50007 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:25.676887989 CET | 443 | 50007 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:25.722093105 CET | 50002 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:26.298418045 CET | 443 | 50007 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:26.300736904 CET | 50007 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:26.300765038 CET | 443 | 50007 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:26.301112890 CET | 50007 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:26.301122904 CET | 443 | 50007 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:26.604912996 CET | 443 | 50007 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:26.604980946 CET | 443 | 50007 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:26.605073929 CET | 50007 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:26.605513096 CET | 50007 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:26.624135017 CET | 50002 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:26.626034975 CET | 50009 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:26.629184008 CET | 80 | 50002 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:26.629249096 CET | 50002 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:26.630808115 CET | 80 | 50009 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:26.630876064 CET | 50009 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:26.631323099 CET | 50009 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:26.636600018 CET | 80 | 50009 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:27.263161898 CET | 80 | 50009 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:27.264300108 CET | 50010 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:27.264350891 CET | 443 | 50010 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:27.264417887 CET | 50010 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:27.264678955 CET | 50010 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:27.264691114 CET | 443 | 50010 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:27.315808058 CET | 50009 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:27.880944014 CET | 443 | 50010 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:27.882460117 CET | 50010 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:27.882488966 CET | 443 | 50010 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:27.882549047 CET | 50010 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:27.882556915 CET | 443 | 50010 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:28.114535093 CET | 443 | 50010 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:28.114698887 CET | 443 | 50010 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:28.114779949 CET | 50010 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:28.115214109 CET | 50010 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:28.118534088 CET | 50009 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:28.119913101 CET | 50011 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:28.123637915 CET | 80 | 50009 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:28.123713970 CET | 50009 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:28.124730110 CET | 80 | 50011 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:28.124814987 CET | 50011 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:28.124905109 CET | 50011 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:28.129688978 CET | 80 | 50011 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:28.780191898 CET | 80 | 50011 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:28.781618118 CET | 50012 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:28.781675100 CET | 443 | 50012 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:28.781752110 CET | 50012 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:28.782080889 CET | 50012 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:28.782095909 CET | 443 | 50012 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:28.831492901 CET | 50011 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:29.422173023 CET | 443 | 50012 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:29.424074888 CET | 50012 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:29.424108028 CET | 443 | 50012 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:29.424190998 CET | 50012 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:29.424201012 CET | 443 | 50012 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:29.654788971 CET | 443 | 50012 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:29.654934883 CET | 443 | 50012 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:29.655138969 CET | 50012 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:29.655508041 CET | 50012 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:29.658830881 CET | 50011 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:29.659914017 CET | 50013 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:29.663799047 CET | 80 | 50011 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:29.664040089 CET | 50011 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:29.664691925 CET | 80 | 50013 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:29.664761066 CET | 50013 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:29.664916039 CET | 50013 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:29.669687033 CET | 80 | 50013 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:30.321669102 CET | 80 | 50013 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:30.323009968 CET | 50014 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:30.323055029 CET | 443 | 50014 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:30.323115110 CET | 50014 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:30.323383093 CET | 50014 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:30.323395967 CET | 443 | 50014 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:30.362719059 CET | 50013 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:30.936605930 CET | 443 | 50014 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:30.938225985 CET | 50014 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:30.938258886 CET | 443 | 50014 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:30.938416004 CET | 50014 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:30.938427925 CET | 443 | 50014 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:31.151743889 CET | 443 | 50014 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:31.151949883 CET | 443 | 50014 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:31.152105093 CET | 50014 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:31.152677059 CET | 50014 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:31.156433105 CET | 50013 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:31.157150030 CET | 50015 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:31.161456108 CET | 80 | 50013 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:31.161953926 CET | 80 | 50015 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:31.162029028 CET | 50013 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:31.162077904 CET | 50015 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:31.162221909 CET | 50015 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:31.166940928 CET | 80 | 50015 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:31.818458080 CET | 80 | 50015 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:31.819818974 CET | 50016 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:31.819861889 CET | 443 | 50016 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:31.819925070 CET | 50016 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:31.820242882 CET | 50016 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:31.820255041 CET | 443 | 50016 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:31.862874031 CET | 50015 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:32.438263893 CET | 443 | 50016 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:32.440032005 CET | 50016 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:32.440059900 CET | 443 | 50016 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:32.440141916 CET | 50016 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:32.440150023 CET | 443 | 50016 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:32.720846891 CET | 443 | 50016 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:32.720948935 CET | 443 | 50016 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:32.721050978 CET | 50016 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:32.721518040 CET | 50016 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:32.725189924 CET | 50015 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:32.726380110 CET | 50017 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:32.730149031 CET | 80 | 50015 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:32.730237007 CET | 50015 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:32.731218100 CET | 80 | 50017 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:32.731300116 CET | 50017 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:32.731367111 CET | 50017 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:32.736160040 CET | 80 | 50017 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:33.374069929 CET | 80 | 50017 | 193.122.6.168 | 192.168.2.8 |
| Jan 10, 2025 23:39:33.425297976 CET | 50017 | 80 | 192.168.2.8 | 193.122.6.168 |
| Jan 10, 2025 23:39:36.317086935 CET | 50018 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:36.317131996 CET | 443 | 50018 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:36.317203999 CET | 50018 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:36.317536116 CET | 50018 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:36.317553043 CET | 443 | 50018 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:36.936392069 CET | 443 | 50018 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:36.938393116 CET | 50018 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:36.938409090 CET | 443 | 50018 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:36.938463926 CET | 50018 | 443 | 192.168.2.8 | 149.154.167.220 |
| Jan 10, 2025 23:39:36.938473940 CET | 443 | 50018 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:37.230364084 CET | 443 | 50018 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:37.230551004 CET | 443 | 50018 | 149.154.167.220 | 192.168.2.8 |
| Jan 10, 2025 23:39:37.230619907 CET | 50018 | 443 | 192.168.2.8 | 149.154.167.220 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 10, 2025 23:38:47.142497063 CET | 62334 | 53 | 192.168.2.8 | 1.1.1.1 |
| Jan 10, 2025 23:38:47.149368048 CET | 53 | 62334 | 1.1.1.1 | 192.168.2.8 |
| Jan 10, 2025 23:38:48.217786074 CET | 60595 | 53 | 192.168.2.8 | 1.1.1.1 |
| Jan 10, 2025 23:38:48.224836111 CET | 53 | 60595 | 1.1.1.1 | 192.168.2.8 |
| Jan 10, 2025 23:38:52.749701977 CET | 56621 | 53 | 192.168.2.8 | 1.1.1.1 |
| Jan 10, 2025 23:38:52.756575108 CET | 53 | 56621 | 1.1.1.1 | 192.168.2.8 |
| Jan 10, 2025 23:38:54.223836899 CET | 56751 | 53 | 192.168.2.8 | 1.1.1.1 |
| Jan 10, 2025 23:38:54.231065035 CET | 53 | 56751 | 1.1.1.1 | 192.168.2.8 |
| Jan 10, 2025 23:39:00.793085098 CET | 59205 | 53 | 192.168.2.8 | 1.1.1.1 |
| Jan 10, 2025 23:39:00.799700975 CET | 53 | 59205 | 1.1.1.1 | 192.168.2.8 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Jan 10, 2025 23:38:47.142497063 CET | 192.168.2.8 | 1.1.1.1 | 0x81c2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 23:38:48.217786074 CET | 192.168.2.8 | 1.1.1.1 | 0x3fd4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 23:38:52.749701977 CET | 192.168.2.8 | 1.1.1.1 | 0x6ff8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 23:38:54.223836899 CET | 192.168.2.8 | 1.1.1.1 | 0x1b57 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 23:39:00.793085098 CET | 192.168.2.8 | 1.1.1.1 | 0xb943 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Jan 10, 2025 23:38:47.149368048 CET | 1.1.1.1 | 192.168.2.8 | 0x81c2 | No error (0) | 216.58.206.46 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 23:38:48.224836111 CET | 1.1.1.1 | 192.168.2.8 | 0x3fd4 | No error (0) | 142.250.181.225 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 23:38:52.756575108 CET | 1.1.1.1 | 192.168.2.8 | 0x6ff8 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Jan 10, 2025 23:38:52.756575108 CET | 1.1.1.1 | 192.168.2.8 | 0x6ff8 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 23:38:52.756575108 CET | 1.1.1.1 | 192.168.2.8 | 0x6ff8 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 23:38:52.756575108 CET | 1.1.1.1 | 192.168.2.8 | 0x6ff8 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 23:38:52.756575108 CET | 1.1.1.1 | 192.168.2.8 | 0x6ff8 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 23:38:52.756575108 CET | 1.1.1.1 | 192.168.2.8 | 0x6ff8 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 23:38:54.231065035 CET | 1.1.1.1 | 192.168.2.8 | 0x1b57 | No error (0) | 104.21.112.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 23:38:54.231065035 CET | 1.1.1.1 | 192.168.2.8 | 0x1b57 | No error (0) | 104.21.80.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 23:38:54.231065035 CET | 1.1.1.1 | 192.168.2.8 | 0x1b57 | No error (0) | 104.21.96.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 23:38:54.231065035 CET | 1.1.1.1 | 192.168.2.8 | 0x1b57 | No error (0) | 104.21.64.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 23:38:54.231065035 CET | 1.1.1.1 | 192.168.2.8 | 0x1b57 | No error (0) | 104.21.16.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 23:38:54.231065035 CET | 1.1.1.1 | 192.168.2.8 | 0x1b57 | No error (0) | 104.21.32.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 23:38:54.231065035 CET | 1.1.1.1 | 192.168.2.8 | 0x1b57 | No error (0) | 104.21.48.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 23:39:00.799700975 CET | 1.1.1.1 | 192.168.2.8 | 0xb943 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.8 | 49770 | 193.122.6.168 | 80 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 23:38:52.766634941 CET | 151 | OUT | |
| Jan 10, 2025 23:38:53.393935919 CET | 273 | IN | |
| Jan 10, 2025 23:38:53.398046970 CET | 127 | OUT | |
| Jan 10, 2025 23:38:53.583914995 CET | 273 | IN | |
| Jan 10, 2025 23:39:00.399024963 CET | 127 | OUT | |
| Jan 10, 2025 23:39:00.787436008 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.8 | 49831 | 193.122.6.168 | 80 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 23:39:02.221731901 CET | 127 | OUT | |
| Jan 10, 2025 23:39:02.866861105 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.8 | 49843 | 193.122.6.168 | 80 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 23:39:03.833195925 CET | 127 | OUT | |
| Jan 10, 2025 23:39:04.478317022 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.8 | 49853 | 193.122.6.168 | 80 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 23:39:05.573251963 CET | 151 | OUT | |
| Jan 10, 2025 23:39:06.201462030 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.8 | 49864 | 193.122.6.168 | 80 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 23:39:07.224889040 CET | 151 | OUT | |
| Jan 10, 2025 23:39:07.852210999 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.8 | 49876 | 193.122.6.168 | 80 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 23:39:08.879765987 CET | 151 | OUT | |
| Jan 10, 2025 23:39:09.514672995 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.8 | 49890 | 193.122.6.168 | 80 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 23:39:10.488059044 CET | 151 | OUT | |
| Jan 10, 2025 23:39:11.114548922 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.8 | 49904 | 193.122.6.168 | 80 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 23:39:12.132570982 CET | 151 | OUT | |
| Jan 10, 2025 23:39:12.762007952 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.8 | 49915 | 193.122.6.168 | 80 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 23:39:13.768699884 CET | 151 | OUT | |
| Jan 10, 2025 23:39:14.395376921 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.8 | 49929 | 193.122.6.168 | 80 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 23:39:15.591123104 CET | 151 | OUT | |
| Jan 10, 2025 23:39:16.257596970 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.8 | 49941 | 193.122.6.168 | 80 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 23:39:17.134722948 CET | 151 | OUT | |
| Jan 10, 2025 23:39:17.773397923 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.8 | 49953 | 193.122.6.168 | 80 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 23:39:18.734554052 CET | 151 | OUT | |
| Jan 10, 2025 23:39:19.379676104 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.8 | 49965 | 193.122.6.168 | 80 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 23:39:20.383949995 CET | 151 | OUT | |
| Jan 10, 2025 23:39:21.011235952 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.8 | 49977 | 193.122.6.168 | 80 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 23:39:21.963926077 CET | 151 | OUT | |
| Jan 10, 2025 23:39:22.602320910 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.8 | 49989 | 193.122.6.168 | 80 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 23:39:23.472474098 CET | 151 | OUT | |
| Jan 10, 2025 23:39:24.118220091 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.8 | 50002 | 193.122.6.168 | 80 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 23:39:25.045470953 CET | 151 | OUT | |
| Jan 10, 2025 23:39:25.674902916 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.8 | 50009 | 193.122.6.168 | 80 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 23:39:26.631323099 CET | 151 | OUT | |
| Jan 10, 2025 23:39:27.263161898 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 17 | 192.168.2.8 | 50011 | 193.122.6.168 | 80 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 23:39:28.124905109 CET | 151 | OUT | |
| Jan 10, 2025 23:39:28.780191898 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 18 | 192.168.2.8 | 50013 | 193.122.6.168 | 80 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 23:39:29.664916039 CET | 151 | OUT | |
| Jan 10, 2025 23:39:30.321669102 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 19 | 192.168.2.8 | 50015 | 193.122.6.168 | 80 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 23:39:31.162221909 CET | 151 | OUT | |
| Jan 10, 2025 23:39:31.818458080 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 20 | 192.168.2.8 | 50017 | 193.122.6.168 | 80 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 23:39:32.731367111 CET | 151 | OUT | |
| Jan 10, 2025 23:39:33.374069929 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.8 | 49735 | 216.58.206.46 | 443 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 22:38:47 UTC | 216 | OUT | |
| 2025-01-10 22:38:48 UTC | 1920 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.8 | 49741 | 142.250.181.225 | 443 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 22:38:48 UTC | 258 | OUT | |
| 2025-01-10 22:38:52 UTC | 4939 | IN | |
| 2025-01-10 22:38:52 UTC | 4939 | IN | |
| 2025-01-10 22:38:52 UTC | 4821 | IN | |
| 2025-01-10 22:38:52 UTC | 1322 | IN | |
| 2025-01-10 22:38:52 UTC | 1390 | IN | |
| 2025-01-10 22:38:52 UTC | 1390 | IN | |
| 2025-01-10 22:38:52 UTC | 1390 | IN | |
| 2025-01-10 22:38:52 UTC | 1390 | IN | |
| 2025-01-10 22:38:52 UTC | 1390 | IN | |
| 2025-01-10 22:38:52 UTC | 1390 | IN | |
| 2025-01-10 22:38:52 UTC | 1390 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.8 | 49779 | 104.21.112.1 | 443 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 22:38:54 UTC | 85 | OUT | |
| 2025-01-10 22:38:54 UTC | 861 | IN | |
| 2025-01-10 22:38:54 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.8 | 49821 | 149.154.167.220 | 443 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 22:39:01 UTC | 296 | OUT | |
| 2025-01-10 22:39:01 UTC | 1090 | OUT | |
| 2025-01-10 22:39:01 UTC | 388 | IN | |
| 2025-01-10 22:39:01 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.8 | 49837 | 149.154.167.220 | 443 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 22:39:03 UTC | 296 | OUT | |
| 2025-01-10 22:39:03 UTC | 1090 | OUT | |
| 2025-01-10 22:39:03 UTC | 388 | IN | |
| 2025-01-10 22:39:03 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.8 | 49848 | 149.154.167.220 | 443 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 22:39:05 UTC | 272 | OUT | |
| 2025-01-10 22:39:05 UTC | 1090 | OUT | |
| 2025-01-10 22:39:05 UTC | 388 | IN | |
| 2025-01-10 22:39:05 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.8 | 49858 | 149.154.167.220 | 443 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 22:39:06 UTC | 272 | OUT | |
| 2025-01-10 22:39:06 UTC | 1090 | OUT | |
| 2025-01-10 22:39:07 UTC | 388 | IN | |
| 2025-01-10 22:39:07 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.8 | 49870 | 149.154.167.220 | 443 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 22:39:08 UTC | 272 | OUT | |
| 2025-01-10 22:39:08 UTC | 1090 | OUT | |
| 2025-01-10 22:39:08 UTC | 388 | IN | |
| 2025-01-10 22:39:08 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.8 | 49882 | 149.154.167.220 | 443 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 22:39:10 UTC | 272 | OUT | |
| 2025-01-10 22:39:10 UTC | 1090 | OUT | |
| 2025-01-10 22:39:10 UTC | 388 | IN | |
| 2025-01-10 22:39:10 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.8 | 49894 | 149.154.167.220 | 443 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 22:39:11 UTC | 272 | OUT | |
| 2025-01-10 22:39:11 UTC | 1090 | OUT | |
| 2025-01-10 22:39:12 UTC | 388 | IN | |
| 2025-01-10 22:39:12 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.8 | 49909 | 149.154.167.220 | 443 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 22:39:13 UTC | 272 | OUT | |
| 2025-01-10 22:39:13 UTC | 1090 | OUT | |
| 2025-01-10 22:39:13 UTC | 388 | IN | |
| 2025-01-10 22:39:13 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.8 | 49920 | 149.154.167.220 | 443 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 22:39:15 UTC | 272 | OUT | |
| 2025-01-10 22:39:15 UTC | 1090 | OUT | |
| 2025-01-10 22:39:15 UTC | 388 | IN | |
| 2025-01-10 22:39:15 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.8 | 49933 | 149.154.167.220 | 443 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 22:39:16 UTC | 272 | OUT | |
| 2025-01-10 22:39:16 UTC | 1090 | OUT | |
| 2025-01-10 22:39:17 UTC | 388 | IN | |
| 2025-01-10 22:39:17 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.8 | 49945 | 149.154.167.220 | 443 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 22:39:18 UTC | 296 | OUT | |
| 2025-01-10 22:39:18 UTC | 1090 | OUT | |
| 2025-01-10 22:39:18 UTC | 388 | IN | |
| 2025-01-10 22:39:18 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.8 | 49959 | 149.154.167.220 | 443 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 22:39:20 UTC | 272 | OUT | |
| 2025-01-10 22:39:20 UTC | 1090 | OUT | |
| 2025-01-10 22:39:20 UTC | 388 | IN | |
| 2025-01-10 22:39:20 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.8 | 49971 | 149.154.167.220 | 443 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 22:39:21 UTC | 272 | OUT | |
| 2025-01-10 22:39:21 UTC | 1090 | OUT | |
| 2025-01-10 22:39:21 UTC | 388 | IN | |
| 2025-01-10 22:39:21 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.8 | 49983 | 149.154.167.220 | 443 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 22:39:23 UTC | 272 | OUT | |
| 2025-01-10 22:39:23 UTC | 1090 | OUT | |
| 2025-01-10 22:39:23 UTC | 388 | IN | |
| 2025-01-10 22:39:23 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 17 | 192.168.2.8 | 49995 | 149.154.167.220 | 443 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 22:39:24 UTC | 272 | OUT | |
| 2025-01-10 22:39:24 UTC | 1090 | OUT | |
| 2025-01-10 22:39:25 UTC | 388 | IN | |
| 2025-01-10 22:39:25 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 18 | 192.168.2.8 | 50007 | 149.154.167.220 | 443 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 22:39:26 UTC | 272 | OUT | |
| 2025-01-10 22:39:26 UTC | 1090 | OUT | |
| 2025-01-10 22:39:26 UTC | 388 | IN | |
| 2025-01-10 22:39:26 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 19 | 192.168.2.8 | 50010 | 149.154.167.220 | 443 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 22:39:27 UTC | 296 | OUT | |
| 2025-01-10 22:39:27 UTC | 1090 | OUT | |
| 2025-01-10 22:39:28 UTC | 388 | IN | |
| 2025-01-10 22:39:28 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 20 | 192.168.2.8 | 50012 | 149.154.167.220 | 443 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 22:39:29 UTC | 296 | OUT | |
| 2025-01-10 22:39:29 UTC | 1090 | OUT | |
| 2025-01-10 22:39:29 UTC | 388 | IN | |
| 2025-01-10 22:39:29 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 21 | 192.168.2.8 | 50014 | 149.154.167.220 | 443 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 22:39:30 UTC | 296 | OUT | |
| 2025-01-10 22:39:30 UTC | 1090 | OUT | |
| 2025-01-10 22:39:31 UTC | 388 | IN | |
| 2025-01-10 22:39:31 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 22 | 192.168.2.8 | 50016 | 149.154.167.220 | 443 | 5296 | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 22:39:32 UTC | 296 | OUT | |
| 2025-01-10 22:39:32 UTC | 1090 | OUT | |
| 2025-01-10 22:39:32 UTC | 388 | IN | |
| 2025-01-10 22:39:32 UTC | 543 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 23 | 192.168.2.8 | 50018 | 149.154.167.220 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 22:39:36 UTC | 296 | OUT | |
| 2025-01-10 22:39:36 UTC | 1090 | OUT | |
| 2025-01-10 22:39:37 UTC | 388 | IN | |
| 2025-01-10 22:39:37 UTC | 543 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 17:37:26 |
| Start date: | 10/01/2025 |
| Path: | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 1'014'160 bytes |
| MD5 hash: | 1A0FE25178E09CF0FACC1F7BD6F221A8 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 5 |
| Start time: | 17:38:37 |
| Start date: | 10/01/2025 |
| Path: | C:\Users\user\Desktop\czHx16QwGQ.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 1'014'160 bytes |
| MD5 hash: | 1A0FE25178E09CF0FACC1F7BD6F221A8 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 19.7% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 20.3% |
| Total number of Nodes: | 1574 |
| Total number of Limit Nodes: | 38 |
Graph
Function 004034A5 Relevance: 80.9, APIs: 32, Strings: 14, Instructions: 410stringfilecomCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404DCC Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405AFA Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406AF2 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406943 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403E86 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403AD8 Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402F30 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 203memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040640A Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 209stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406752 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004023E4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040591F Relevance: 6.0, APIs: 4, Instructions: 39COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004053C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004062B6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406F27 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407128 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406E3E Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406D91 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406EAF Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406DFB Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402032 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004031D6 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004015C1 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401E49 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405EDE Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040599C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 73962AAC Relevance: 1.6, APIs: 1, Instructions: 143COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040167B Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004027EF Relevance: 1.5, APIs: 1, Instructions: 28COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F61 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F90 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 73962993 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040345D Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404394 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 7396121B Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040558F Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404850 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 73961B5F Relevance: 20.1, APIs: 13, Instructions: 576stringlibrarymemoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402104 Relevance: 1.6, APIs: 1, Instructions: 129comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402868 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040451E Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406034 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004043C6 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404D1A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402DF3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 73962569 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404C0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402598 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 739618D9 Relevance: 7.7, APIs: 5, Instructions: 194COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 73962394 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401DB9 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 7396161D Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405CBD Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405DC5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004059D1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 739610E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405E43 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 12.2% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 2.2% |
| Total number of Nodes: | 272 |
| Total number of Limit Nodes: | 15 |
Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38360C1B Relevance: 1.5, Strings: 1, Instructions: 236COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38360C28 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F4A360 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F49D10 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F4A9B0 Relevance: 1.5, Strings: 1, Instructions: 218COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F496C8 Relevance: 1.5, Strings: 1, Instructions: 218COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F4A9A0 Relevance: 1.4, Strings: 1, Instructions: 164COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F496B8 Relevance: 1.4, Strings: 1, Instructions: 162COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00168DF8 Relevance: 1.1, Instructions: 1083COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00165978 Relevance: .9, Instructions: 919COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3947E790 Relevance: .8, Instructions: 764COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F4BDF0 Relevance: .8, Instructions: 758COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F48650 Relevance: .7, Instructions: 709COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3836C638 Relevance: .3, Instructions: 299COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 383603AF Relevance: .3, Instructions: 283COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38360F6F Relevance: .2, Instructions: 202COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F4BA97 Relevance: .2, Instructions: 189COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00164338 Relevance: .2, Instructions: 188COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F48640 Relevance: .2, Instructions: 166COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3947F2DE Relevance: .2, Instructions: 154COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F4A352 Relevance: .1, Instructions: 108COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F49D00 Relevance: .1, Instructions: 107COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39470978 Relevance: 6.1, APIs: 4, Instructions: 130threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39470980 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F47920 Relevance: 3.9, Strings: 3, Instructions: 147COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F4FAB0 Relevance: 2.7, Strings: 2, Instructions: 189COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F4DD30 Relevance: 2.7, Strings: 2, Instructions: 168COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F4FAA1 Relevance: 2.6, Strings: 2, Instructions: 86COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F47911 Relevance: 2.6, Strings: 2, Instructions: 76COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39471DC0 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39470BC0 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39470BC8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39472018 Relevance: 1.5, APIs: 1, Instructions: 48timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3947D3E8 Relevance: 1.5, APIs: 1, Instructions: 47comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3947E6BF Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3947C560 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3947C60C Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39472020 Relevance: 1.5, APIs: 1, Instructions: 44timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3947E6C9 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3947E6DA Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F4CF39 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F4CF68 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00168729 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F495E8 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001619C4 Relevance: 1.0, Instructions: 985COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001668E5 Relevance: .3, Instructions: 335COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F4C173 Relevance: .3, Instructions: 319COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001654A8 Relevance: .2, Instructions: 210COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00165068 Relevance: .2, Instructions: 206COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00160B29 Relevance: .2, Instructions: 203COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00166C98 Relevance: .2, Instructions: 201COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00160B30 Relevance: .2, Instructions: 200COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00168E0C Relevance: .1, Instructions: 147COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F4CC28 Relevance: .1, Instructions: 145COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00163168 Relevance: .1, Instructions: 134COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001692C3 Relevance: .1, Instructions: 125COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00168BF0 Relevance: .1, Instructions: 105COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00167EC0 Relevance: .1, Instructions: 102COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00164620 Relevance: .1, Instructions: 101COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00166F40 Relevance: .1, Instructions: 87COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001618C8 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00169FB4 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001652C8 Relevance: .1, Instructions: 74COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD030 Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00160EC8 Relevance: .1, Instructions: 70COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0016B2C2 Relevance: .1, Instructions: 61COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001617B8 Relevance: .1, Instructions: 61COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F4B9C8 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F4B9C6 Relevance: .1, Instructions: 55COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F4943C Relevance: .1, Instructions: 52COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00164E5F Relevance: .1, Instructions: 51COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F4E7F4 Relevance: .0, Instructions: 50COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0016B2F0 Relevance: .0, Instructions: 49COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F4F098 Relevance: .0, Instructions: 48COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F4CE50 Relevance: .0, Instructions: 47COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00164664 Relevance: .0, Instructions: 44COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00168D19 Relevance: .0, Instructions: 44COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F4CE60 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F4EC22 Relevance: .0, Instructions: 38COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F49608 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0016B168 Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00161877 Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00169F1B Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0016FE20 Relevance: .0, Instructions: 23COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F4BDA0 Relevance: .0, Instructions: 22COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00161888 Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00168B97 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001656FF Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00169F6D Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F495D8 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0016FF30 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F4D0A1 Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F4BD48 Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F4D72F Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F494B4 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00165710 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004034A5 Relevance: 75.7, APIs: 32, Strings: 11, Instructions: 410stringfilecomCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404DCC Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405AFA Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 148filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406AF2 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F47B4F Relevance: 1.8, Strings: 1, Instructions: 600COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3836B930 Relevance: .3, Instructions: 273COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3836B07F Relevance: .3, Instructions: 271COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3836DA89 Relevance: .3, Instructions: 271COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3836B4D8 Relevance: .3, Instructions: 271COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3836DEE1 Relevance: .3, Instructions: 270COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F47070 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F41858 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F44820 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F429B8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F42108 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F45AB8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F43268 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F45208 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F443C8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F46368 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F43B18 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F474C8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F41CB0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F46C18 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F41400 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F44DB0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F42560 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F436C0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F45660 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F42E10 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F467C0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F40FA8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F43F70 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38F45F10 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3836C1F2 Relevance: .3, Instructions: 267COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3836E347 Relevance: .3, Instructions: 266COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3836EBF7 Relevance: .3, Instructions: 266COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3836E79F Relevance: .3, Instructions: 266COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3836F05A Relevance: .3, Instructions: 264COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3836BDA2 Relevance: .3, Instructions: 264COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3947F5A0 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040558F Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403E86 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403AD8 Relevance: 38.7, APIs: 13, Strings: 9, Instructions: 215stringregistryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040451E Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 204windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404850 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406034 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402F30 Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 203memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040640A Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 209stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004043C6 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404D1A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406752 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402DF3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404C0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401DB9 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040591F Relevance: 6.0, APIs: 4, Instructions: 39COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405DC5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004053C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004059D1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406F27 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407128 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406E3E Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406943 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406D91 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406EAF Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406DFB Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405E43 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|