Edit tour
Windows
Analysis Report
ZaRP7yvL1J.exe
Overview
General Information
| Sample name: | ZaRP7yvL1J.exerenamed because original name is a hash value |
| Original sample name: | ef36fbce388a09cd4c3374d0d9dda194745f76edd41dad82e8763ed35abc0299.exe |
| Analysis ID: | 1588945 |
| MD5: | df41e72f1c096d443cefd72755df031f |
| SHA1: | 9d0b7929e7c650812071e38953d45521f8830f5e |
| SHA256: | ef36fbce388a09cd4c3374d0d9dda194745f76edd41dad82e8763ed35abc0299 |
| Tags: | exeGuLoaderuser-adrian__luca |
| Infos: |  |
 | |
Detection
MassLogger RAT
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected MassLogger RAT
Yara detected Telegram RAT
AI detected suspicious sample
Disable Task Manager(disabletaskmgr)
Disables CMD prompt
Disables the Windows task manager (taskmgr)
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Classification
- System is w10x64
ZaRP7yvL1J.exe (PID: 6908 cmdline:
"C:\Users\ user\Deskt op\ZaRP7yv L1J.exe" MD5: DF41E72F1C096D443CEFD72755DF031F) "C:\Users\ user\Deskt op\ZaRP7yv L1J.exe" MD5: DF41E72F1C096D443CEFD72755DF031F)
- cleanup
{"C2 url": "https://api.telegram.org/bot7766574905:AAGkK12NqfgMWNTsNJqrFtr2J3oH0W_DuqA/sendMessage"}{"EXfil Mode": "Telegram", "Telegram Token": "7766574905:AAGkK12NqfgMWNTsNJqrFtr2J3oH0W_DuqA", "Telegram Chatid": "2065242915"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
| JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| Click to see the 1 entries | ||||
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-11T07:32:03.547442+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49968 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:05.375843+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49983 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:07.002723+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49996 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:08.524808+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50007 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:11.383091+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50016 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:12.919988+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50018 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:16.351728+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50020 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:17.916819+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50022 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:21.217034+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50024 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:24.193404+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50026 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:27.018151+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50028 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:29.166698+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50030 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:33.677129+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50032 | 149.154.167.220 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-11T07:31:52.684100+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49892 | 193.122.6.168 | 80 | TCP |
| 2025-01-11T07:32:02.309183+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49892 | 193.122.6.168 | 80 | TCP |
| 2025-01-11T07:32:04.387334+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49978 | 193.122.6.168 | 80 | TCP |
| 2025-01-11T07:32:06.084703+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49991 | 193.122.6.168 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-11T07:31:46.466321+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49855 | 142.250.186.142 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-11T07:32:03.115558+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.4 | 49968 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:04.967289+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.4 | 49983 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:06.709751+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.4 | 49996 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:08.250052+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.4 | 50007 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:11.034010+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.4 | 50016 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:12.632554+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.4 | 50018 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:15.961929+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.4 | 50020 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:17.696802+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.4 | 50022 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:20.994975+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.4 | 50024 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:23.891363+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.4 | 50026 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:26.669545+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.4 | 50028 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:28.844046+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.4 | 50030 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:33.255971+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.4 | 50032 | 149.154.167.220 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | Integrated Neural Analysis Model: | ||
Location Tracking | |
|---|
| Source: | DNS query: | ||
| Source: | Code function: | 4_2_3805D1EC | |
| Source: | Code function: | 4_2_3805D9D9 | |
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_0040672B | |
| Source: | Code function: | 0_2_00405AFA | |
| Source: | Code function: | 0_2_00402868 | |
| Source: | Code function: | 4_2_00402868 | |
| Source: | Code function: | 4_2_0040672B | |
| Source: | Code function: | 4_2_00405AFA | |
| Source: | Code function: | 4_2_380503C4 | |
| Source: | Code function: | 4_2_38050C28 | |
| Source: | Code function: | 4_2_3805C638 | |
| Source: | Code function: | 4_2_3805F042 | |
| Source: | Code function: | 4_2_3805B08A | |
| Source: | Code function: | 4_2_3805B930 | |
| Source: | Code function: | 4_2_3805C1F2 | |
| Source: | Code function: | 4_2_3805DA89 | |
| Source: | Code function: | 4_2_3805E33D | |
| Source: | Code function: | 4_2_3805EBF2 | |
| Source: | Code function: | 4_2_38050C1A | |
| Source: | Code function: | 4_2_3805B4EC | |
| Source: | Code function: | 4_2_3805BD88 | |
| Source: | Code function: | 4_2_3805DEE5 | |
| Source: | Code function: | 4_2_38050F6F | |
| Source: | Code function: | 4_2_3805E794 | |
| Source: | Code function: | 4_2_387ABDF0 | |
| Source: | Code function: | 4_2_387A8650 | |
| Source: | Code function: | 4_2_387A8650 | |
| Source: | Code function: | 4_2_387A7070 | |
| Source: | Code function: | 4_2_387A1858 | |
| Source: | Code function: | 4_2_387A4820 | |
| Source: | Code function: | 4_2_387A2108 | |
| Source: | Code function: | 4_2_387A29B8 | |
| Source: | Code function: | 4_2_387A3268 | |
| Source: | Code function: | 4_2_387A5208 | |
| Source: | Code function: | 4_2_387A5AB8 | |
| Source: | Code function: | 4_2_387A6368 | |
| Source: | Code function: | 4_2_387A7B4F | |
| Source: | Code function: | 4_2_387A3B18 | |
| Source: | Code function: | 4_2_387A43C8 | |
| Source: | Code function: | 4_2_387A6C18 | |
| Source: | Code function: | 4_2_387A1400 | |
| Source: | Code function: | 4_2_387A74C8 | |
| Source: | Code function: | 4_2_387A1CB0 | |
| Source: | Code function: | 4_2_387A2560 | |
| Source: | Code function: | 4_2_387A4DB0 | |
| Source: | Code function: | 4_2_387A5660 | |
| Source: | Code function: | 4_2_387A2E10 | |
| Source: | Code function: | 4_2_387A36C0 | |
| Source: | Code function: | 4_2_387A3F70 | |
| Source: | Code function: | 4_2_387A5F10 | |
| Source: | Code function: | 4_2_387A67C0 | |
| Source: | Code function: | 4_2_387A0FA8 | |
| Source: | Code function: | 4_2_390EE7C8 | |
| Source: | Code function: | 4_2_390EF316 | |
| Source: | Code function: | 4_2_390EF5D8 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_0040558F | |
| Source: | Code function: | 0_2_004034A5 | |
| Source: | Code function: | 4_2_004034A5 | |
| Source: | Code function: | 0_2_00404DCC | |
| Source: | Code function: | 0_2_00406AF2 | |
| Source: | Code function: | 0_2_6F951B5F | |
| Source: | Code function: | 4_2_00404DCC | |
| Source: | Code function: | 4_2_00406AF2 | |
| Source: | Code function: | 4_2_000D4328 | |
| Source: | Code function: | 4_2_000D9048 | |
| Source: | Code function: | 4_2_000D5F90 | |
| Source: | Code function: | 4_2_000D2DD1 | |
| Source: | Code function: | 4_2_3805587A | |
| Source: | Code function: | 4_2_3805331A | |
| Source: | Code function: | 4_2_380503C4 | |
| Source: | Code function: | 4_2_3805CCA0 | |
| Source: | Code function: | 4_2_38057628 | |
| Source: | Code function: | 4_2_3805C638 | |
| Source: | Code function: | 4_2_3805F042 | |
| Source: | Code function: | 4_2_38057848 | |
| Source: | Code function: | 4_2_3805B08A | |
| Source: | Code function: | 4_2_3805B930 | |
| Source: | Code function: | 4_2_380569CB | |
| Source: | Code function: | 4_2_3805C1F2 | |
| Source: | Code function: | 4_2_3805DA89 | |
| Source: | Code function: | 4_2_3805E33D | |
| Source: | Code function: | 4_2_3805EBF2 | |
| Source: | Code function: | 4_2_3805CC82 | |
| Source: | Code function: | 4_2_3805B4EC | |
| Source: | Code function: | 4_2_3805BD88 | |
| Source: | Code function: | 4_2_38056E91 | |
| Source: | Code function: | 4_2_38056EA0 | |
| Source: | Code function: | 4_2_3805DEE5 | |
| Source: | Code function: | 4_2_3805E794 | |
| Source: | Code function: | 4_2_387AA9B0 | |
| Source: | Code function: | 4_2_387ABA97 | |
| Source: | Code function: | 4_2_387AA360 | |
| Source: | Code function: | 4_2_387A9D10 | |
| Source: | Code function: | 4_2_387ABDF0 | |
| Source: | Code function: | 4_2_387A8650 | |
| Source: | Code function: | 4_2_387A96C8 | |
| Source: | Code function: | 4_2_387A7070 | |
| Source: | Code function: | 4_2_387A1858 | |
| Source: | Code function: | 4_2_387A0040 | |
| Source: | Code function: | 4_2_387A4820 | |
| Source: | Code function: | 4_2_387A20FA | |
| Source: | Code function: | 4_2_387AF130 | |
| Source: | Code function: | 4_2_387AF120 | |
| Source: | Code function: | 4_2_387A2108 | |
| Source: | Code function: | 4_2_387A29B8 | |
| Source: | Code function: | 4_2_387A29A8 | |
| Source: | Code function: | 4_2_387AA9A0 | |
| Source: | Code function: | 4_2_387A3268 | |
| Source: | Code function: | 4_2_387A3258 | |
| Source: | Code function: | 4_2_387A5208 | |
| Source: | Code function: | 4_2_387A5207 | |
| Source: | Code function: | 4_2_387A5AB8 | |
| Source: | Code function: | 4_2_387A6368 | |
| Source: | Code function: | 4_2_387A6361 | |
| Source: | Code function: | 4_2_387AA352 | |
| Source: | Code function: | 4_2_387A7B4F | |
| Source: | Code function: | 4_2_387A3B1A | |
| Source: | Code function: | 4_2_387A3B18 | |
| Source: | Code function: | 4_2_387A13F0 | |
| Source: | Code function: | 4_2_387A43C8 | |
| Source: | Code function: | 4_2_387A6C18 | |
| Source: | Code function: | 4_2_387A6C09 | |
| Source: | Code function: | 4_2_387A1400 | |
| Source: | Code function: | 4_2_387A74C8 | |
| Source: | Code function: | 4_2_387A1CB0 | |
| Source: | Code function: | 4_2_387A1CA0 | |
| Source: | Code function: | 4_2_387A2560 | |
| Source: | Code function: | 4_2_387A2551 | |
| Source: | Code function: | 4_2_387A9D00 | |
| Source: | Code function: | 4_2_387A4DB2 | |
| Source: | Code function: | 4_2_387A4DB0 | |
| Source: | Code function: | 4_2_387A5660 | |
| Source: | Code function: | 4_2_387A565F | |
| Source: | Code function: | 4_2_387A8640 | |
| Source: | Code function: | 4_2_387A2E10 | |
| Source: | Code function: | 4_2_387A36C0 | |
| Source: | Code function: | 4_2_387A96B8 | |
| Source: | Code function: | 4_2_387A36B0 | |
| Source: | Code function: | 4_2_387A3F70 | |
| Source: | Code function: | 4_2_387A3F60 | |
| Source: | Code function: | 4_2_387A5F10 | |
| Source: | Code function: | 4_2_387AAFF8 | |
| Source: | Code function: | 4_2_387AAFF7 | |
| Source: | Code function: | 4_2_387A67C0 | |
| Source: | Code function: | 4_2_387A67B0 | |
| Source: | Code function: | 4_2_387A0FA8 | |
| Source: | Code function: | 4_2_390E6FA0 | |
| Source: | Code function: | 4_2_390E0457 | |
| Source: | Code function: | 4_2_390EE7C8 | |
| Source: | Code function: | 4_2_390ED6C1 | |
| Source: | Code function: | 4_2_390E8328 | |
| Source: | Code function: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_004034A5 | |
| Source: | Code function: | 4_2_004034A5 | |
| Source: | Code function: | 0_2_00404850 | |
| Source: | Code function: | 0_2_00402104 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | ReversingLabs: | ||
| Source: | Virustotal: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_6F951B5F | |
| Source: | File created: | Jump to dropped file | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | API coverage: | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 0_2_0040672B | |
| Source: | Code function: | 0_2_00405AFA | |
| Source: | Code function: | 0_2_00402868 | |
| Source: | Code function: | 4_2_00402868 | |
| Source: | Code function: | 4_2_0040672B | |
| Source: | Code function: | 4_2_00405AFA | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-4588 | ||
| Source: | API call chain: | graph_0-4746 | ||
| Source: | Code function: | 0_2_6F951B5F | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_004034A5 | |
| Source: | Key value queried: | Jump to behavior | ||
Lowering of HIPS / PFW / Operating System Security Settings | |
|---|
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry key created or modified: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Access Token Manipulation | 1 Masquerading | 1 OS Credential Dumping | 21 Security Software Discovery | Remote Services | 1 Email Collection | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 11 Process Injection | 31 Disable or Modify Tools | LSASS Memory | 31 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 31 Virtualization/Sandbox Evasion | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | 1 Data from Local System | 1 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Access Token Manipulation | NTDS | 1 System Network Configuration Discovery | Distributed Component Object Model | 1 Clipboard Data | 3 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Process Injection | LSA Secrets | 2 File and Directory Discovery | SSH | Keylogging | 14 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Deobfuscate/Decode Files or Information | Cached Domain Credentials | 215 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Obfuscated Files or Information | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 58% | ReversingLabs | Win32.Trojan.GuLoader | ||
| 75% | Virustotal | Browse | ||
| 100% | Avira | HEUR/AGEN.1337946 |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| drive.google.com | 142.250.186.142 | true | false | high | |
| drive.usercontent.google.com | 142.250.185.129 | true | false | high | |
| reallyfreegeoip.org | 104.21.16.1 | true | false | high | |
| api.telegram.org | 149.154.167.220 | true | false | high | |
| checkip.dyndns.com | 193.122.6.168 | true | false | high | |
| checkip.dyndns.org | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
| 142.250.185.129 | drive.usercontent.google.com | United States | 15169 | GOOGLEUS | false | |
| 104.21.16.1 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false | |
| 193.122.6.168 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false | |
| 142.250.186.142 | drive.google.com | United States | 15169 | GOOGLEUS | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1588945 |
| Start date and time: | 2025-01-11 07:29:33 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 7m 28s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 6 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | ZaRP7yvL1J.exerenamed because original name is a hash value |
| Original Sample Name: | ef36fbce388a09cd4c3374d0d9dda194745f76edd41dad82e8763ed35abc0299.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/8@5/5 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 173.222.162.32, 52.149.20.212, 13.107.246.45
- Excluded domains from analysis (whitelisted): www.bing.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 01:32:01 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 149.154.167.220 | Get hash | malicious | GuLoader, MassLogger RAT | Browse | ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | DarkTortilla, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | DarkTortilla, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse | |||
| 104.21.16.1 | Get hash | malicious | FormBook | Browse |
| |
| Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
| 193.122.6.168 | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| checkip.dyndns.com | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | DarkTortilla, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | DarkTortilla, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| reallyfreegeoip.org | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | DarkTortilla, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | DarkTortilla, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| api.telegram.org | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | DarkTortilla, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | DarkTortilla, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| ORACLE-BMC-31898US | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | DarkTortilla, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | DarkTortilla, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| TELEGRAMRU | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | DarkTortilla, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | DarkTortilla, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Azorult | Browse |
| ||
| Get hash | malicious | DarkTortilla, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | DarkTortilla, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | DarkTortilla, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | DarkTortilla, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | DarkTortilla, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | FormBook, GuLoader | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nszB803.tmp\System.dll | Get hash | malicious | GuLoader, MassLogger RAT | Browse | ||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| Process: | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 484658 |
| Entropy (8bit): | 7.809711763657168 |
| Encrypted: | false |
| SSDEEP: | 12288:W1S3xo63wl4biprI2S4WwWEcwxg9dvVAxZOCLF0DB:Wo3xX3y4bz2lWwWo6rSTZyd |
| MD5: | 5C727AE28F0DECF497FBB092BAE01B4E |
| SHA1: | AADE364AE8C2C91C6F59F85711B53078FB0763B7 |
| SHA-256: | 77CCACF58330509839E17A6CFD6B17FE3DE31577D8E2C37DC413839BA2FEEC80 |
| SHA-512: | 5246C0FBA41DF66AF89D986A3CEABC99B61DB9E9C217B28B2EC18AF31E3ED17C865387223CEB3A38A804243CF3307E07E557549026F49F52829BEBC4D4546C40 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 50747 |
| Entropy (8bit): | 4.563773526289197 |
| Encrypted: | false |
| SSDEEP: | 768:irv9q4WUSh5AEpHgaab1QmvBRRTffuo/nB4+k3/Kt3:uyHgD1QmpRRTffl/Hk30 |
| MD5: | 182C133ED7C41234CAFDD2EAC61CA1C1 |
| SHA1: | D32CE0DCE9CC26DA1A198848CA190FC77FBD3DA9 |
| SHA-256: | A2DB61939D473CD0E7FD705C866EFBECFE49DAA021E12D6EA942B5F32C914C65 |
| SHA-512: | 85368663B0103C52CBB0270FB2B00FC5A62D155DCE89FA7267C1CD94B9EC11D2668750C8D5AD2217D5809A9074A23BC138D7DE6D68F1CA7A1EC16393478CA830 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 112291 |
| Entropy (8bit): | 1.249420131631438 |
| Encrypted: | false |
| SSDEEP: | 768:5R+BCpkJWjYWL2MxTVLvUjpGqik9JiAfWA2DBQwD1PzUH+HYZmIo7x31sT:WCZY21w0I2NZYD |
| MD5: | 4D1D72CFC5940B09DFBD7B65916F532E |
| SHA1: | 30A45798B534842002B103A36A3B907063F8A96C |
| SHA-256: | 479F1904096978F1011DF05D52021FAEEE028D4CF331024C965CED8AF1C8D496 |
| SHA-512: | 048844A09E291903450188715BCDDF14F0F1F10BEAFBD005882EBF5D5E31A71D8F93EEBE788BD54B4AED2266C454F4DCA18AF4567977B7E773BBE29A38DEA45B |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289593 |
| Entropy (8bit): | 7.724219677663667 |
| Encrypted: | false |
| SSDEEP: | 6144:9zeUK0+qIS7mzu4U3uV2NeUiQVxUcr4EVBMb9W:O0+z7g+Ei0rGE |
| MD5: | 10DA88A1E11725B4AF20D6091391DBFD |
| SHA1: | 0CF9B2FDCA7060E6D0F3E26228FA4B8C53FF5A6D |
| SHA-256: | 8858D0A0749F7A9EBF75CBD2C277B3BEA0EFBD247CF2A32A41394081D68A0A7A |
| SHA-512: | 47C4219261CCF42FA21E9277BEBFFEF9CD609229C5656593F4CA136A770F920C33AFF82F2E3E8CF91A17518D37440767AFB61EFA8977B7D5BB3FFA518057A6FD |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 362089 |
| Entropy (8bit): | 1.23992084267325 |
| Encrypted: | false |
| SSDEEP: | 768:xOeaameETrlE0+1mGOWb3h5WAV0hW+JSLSwzj2HlSdL0f6mhKZRaqOzWz6szt3cA:x+ds5dYOVxIW3hhdeRt6MeZ1W4vB |
| MD5: | A4340182CDDD2EC1F1480360218343F9 |
| SHA1: | 50EF929FEA713AA6FCC05E8B75F497B7946B285B |
| SHA-256: | B91E5B1FF5756F0B93DCF11CBC8B467CDA0C5792DE24D27EC86E7C74388B44B3 |
| SHA-512: | 021F198AFF7CCED92912C74FC97D1919A9E059F22E99AB1236FBAA36C16B520C07B78F47FC01FCFAC1B53A87CDAE3E440D0589FA2844612617FAB2EDB64A3573 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 139354 |
| Entropy (8bit): | 1.2473328695625903 |
| Encrypted: | false |
| SSDEEP: | 768:9OsMSh8lSnJGyUzWZsO2ipzPFmDZC9kpzroto48tf2+5lVp:9delFlqNawgJp |
| MD5: | B0FB6B583D6902DE58E1202D12BA4832 |
| SHA1: | 7F585B5C3A4581CE76E373C78A6513F157B20480 |
| SHA-256: | E6EA5F6D0C7F5FA407269C7F4FF6D97149B7611071BF5BF6C454B810501AE661 |
| SHA-512: | E0894FFBD76C3476DC083DAFD24F88964BF6E09E4CA955766B43FE73A764A00247C930E9996652A22B57B27826CD94F88B8178514060CA398DE568675F9E4571 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1464891 |
| Entropy (8bit): | 5.499128992455634 |
| Encrypted: | false |
| SSDEEP: | 24576:280+/gS0Yo3xX3y4bz2lWwWo6rSTZyOSu:D0NTYoBXbz2luo6rS1ya |
| MD5: | 9FBE6D24132AA6FFDEE958543AF7D3C1 |
| SHA1: | ABD33699006E7BD87CFE5DE170B4F8E52DADBF24 |
| SHA-256: | 0C991D3F963B0C63B31C36A0A863CE9265B529647A64C22067E1703339804CD0 |
| SHA-512: | CD40E789D76F36A8518A2F4F4B04D010E945B4F51F95255FD872DC5CD6B9B0E9F9B1B97F002083C4D247237972DB348426A2BF3CDC91C39E7F83B8FAC3ADE043 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 5.719859767584478 |
| Encrypted: | false |
| SSDEEP: | 192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6 |
| MD5: | 0D7AD4F45DC6F5AA87F606D0331C6901 |
| SHA1: | 48DF0911F0484CBE2A8CDD5362140B63C41EE457 |
| SHA-256: | 3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA |
| SHA-512: | C07DE7308CB54205E8BD703001A7FE4FD7796C9AC1B4BB330C77C872BF712B093645F40B80CE7127531FE6746A5B66E18EA073AB6A644934ABED9BB64126FEA9 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
| File type: | |
| Entropy (8bit): | 7.9593152955756885 |
| TrID: |
|
| File name: | ZaRP7yvL1J.exe |
| File size: | 1'011'570 bytes |
| MD5: | df41e72f1c096d443cefd72755df031f |
| SHA1: | 9d0b7929e7c650812071e38953d45521f8830f5e |
| SHA256: | ef36fbce388a09cd4c3374d0d9dda194745f76edd41dad82e8763ed35abc0299 |
| SHA512: | 28bc913dce2882480d28c6c5604cf4c6d04a251d2c3988c97e23b316b74d5ed34657614f1b579682a11cd8030b526940979d93ca35f343406ab6328dd1865692 |
| SSDEEP: | 12288:9jwjW11WewcTeCUNkK0//+NJf01Zczqa28BbkOciEt3Byi4hbI+yM9XG+26tyTWI:9jwKCNCUNw/2NEZSqt8BO3iI2XG+R4WI |
| TLSH: | C3252308B2F1DA72C02998F55D1AC809AEFAFE239872E0D333921B1DBD39756591DB05 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...$..\.................f...*..... |
 | |
| Icon Hash: | 46224e4c19391d03 |
| Entrypoint: | 0x4034a5 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x5C157F24 [Sat Dec 15 22:24:36 2018 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 1f23f452093b5c1ff091a2f9fb4fa3e9 |
| Instruction |
|---|
| sub esp, 000002D4h |
| push ebx |
| push esi |
| push edi |
| push 00000020h |
| pop edi |
| xor ebx, ebx |
| push 00008001h |
| mov dword ptr [esp+14h], ebx |
| mov dword ptr [esp+10h], 0040A230h |
| mov dword ptr [esp+1Ch], ebx |
| call dword ptr [004080ACh] |
| call dword ptr [004080A8h] |
| and eax, BFFFFFFFh |
| cmp ax, 00000006h |
| mov dword ptr [0042A24Ch], eax |
| je 00007F1A08C4D173h |
| push ebx |
| call 00007F1A08C5043Dh |
| cmp eax, ebx |
| je 00007F1A08C4D169h |
| push 00000C00h |
| call eax |
| mov esi, 004082B0h |
| push esi |
| call 00007F1A08C503B7h |
| push esi |
| call dword ptr [00408150h] |
| lea esi, dword ptr [esi+eax+01h] |
| cmp byte ptr [esi], 00000000h |
| jne 00007F1A08C4D14Ch |
| push 0000000Ah |
| call 00007F1A08C50410h |
| push 00000008h |
| call 00007F1A08C50409h |
| push 00000006h |
| mov dword ptr [0042A244h], eax |
| call 00007F1A08C503FDh |
| cmp eax, ebx |
| je 00007F1A08C4D171h |
| push 0000001Eh |
| call eax |
| test eax, eax |
| je 00007F1A08C4D169h |
| or byte ptr [0042A24Fh], 00000040h |
| push ebp |
| call dword ptr [00408044h] |
| push ebx |
| call dword ptr [004082A0h] |
| mov dword ptr [0042A318h], eax |
| push ebx |
| lea eax, dword ptr [esp+34h] |
| push 000002B4h |
| push eax |
| push ebx |
| push 004216E8h |
| call dword ptr [00408188h] |
| push 0040A384h |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8504 | 0xa0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x55000 | 0x21068 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x6409 | 0x6600 | bfe2b726d49cbd922b87bad5eea65e61 | False | 0.6540287990196079 | data | 6.416186322230332 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8000 | 0x1396 | 0x1400 | d45dcba8ca646543f7e339e20089687e | False | 0.45234375 | data | 5.154907432640367 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xa000 | 0x20358 | 0x600 | 8575fc5e872ca789611c386779287649 | False | 0.5026041666666666 | data | 4.004402321344153 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x2b000 | 0x2a000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x55000 | 0x21068 | 0x21200 | 03ed2ed76ba15352dac9e48819696134 | False | 0.8714696344339623 | data | 7.556190648348207 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_BITMAP | 0x554c0 | 0x368 | Device independent bitmap graphic, 96 x 16 x 4, image size 768 | English | United States | 0.23623853211009174 |
| RT_ICON | 0x55828 | 0xc2a3 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9966684729162903 |
| RT_ICON | 0x61ad0 | 0x86e0 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.990210843373494 |
| RT_ICON | 0x6a1b0 | 0x5085 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9867559307233299 |
| RT_ICON | 0x6f238 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.4358921161825726 |
| RT_ICON | 0x717e0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.4896810506566604 |
| RT_ICON | 0x72888 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | English | United States | 0.5367803837953091 |
| RT_ICON | 0x73730 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States | 0.6913357400722022 |
| RT_ICON | 0x73fd8 | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1152 | English | United States | 0.38597560975609757 |
| RT_ICON | 0x74640 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | English | United States | 0.4934971098265896 |
| RT_ICON | 0x74ba8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.651595744680851 |
| RT_ICON | 0x75010 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512 | English | United States | 0.46908602150537637 |
| RT_ICON | 0x752f8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | English | United States | 0.5472972972972973 |
| RT_DIALOG | 0x75420 | 0x120 | data | English | United States | 0.53125 |
| RT_DIALOG | 0x75540 | 0x118 | data | English | United States | 0.5678571428571428 |
| RT_DIALOG | 0x75658 | 0x120 | data | English | United States | 0.5104166666666666 |
| RT_DIALOG | 0x75778 | 0xf8 | data | English | United States | 0.6330645161290323 |
| RT_DIALOG | 0x75870 | 0xa0 | data | English | United States | 0.6125 |
| RT_DIALOG | 0x75910 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0x75970 | 0xae | data | English | United States | 0.6091954022988506 |
| RT_VERSION | 0x75a20 | 0x308 | data | English | United States | 0.47036082474226804 |
| RT_MANIFEST | 0x75d28 | 0x33e | XML 1.0 document, ASCII text, with very long lines (830), with no line terminators | English | United States | 0.5542168674698795 |
| DLL | Import |
|---|---|
| KERNEL32.dll | ExitProcess, SetFileAttributesW, Sleep, GetTickCount, CreateFileW, GetFileSize, GetModuleFileNameW, GetCurrentProcess, SetCurrentDirectoryW, GetFileAttributesW, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, CopyFileW, GetShortPathNameW, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalUnlock, GetDiskFreeSpaceW, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW |
| USER32.dll | GetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage |
| GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
| SHELL32.dll | SHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW |
| ADVAPI32.dll | AdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
| COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
| ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-11T07:31:46.466321+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.4 | 49855 | 142.250.186.142 | 443 | TCP |
| 2025-01-11T07:31:52.684100+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.4 | 49892 | 193.122.6.168 | 80 | TCP |
| 2025-01-11T07:32:02.309183+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.4 | 49892 | 193.122.6.168 | 80 | TCP |
| 2025-01-11T07:32:03.115558+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.4 | 49968 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:03.547442+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49968 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:04.387334+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.4 | 49978 | 193.122.6.168 | 80 | TCP |
| 2025-01-11T07:32:04.967289+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.4 | 49983 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:05.375843+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49983 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:06.084703+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.4 | 49991 | 193.122.6.168 | 80 | TCP |
| 2025-01-11T07:32:06.709751+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.4 | 49996 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:07.002723+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 49996 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:08.250052+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.4 | 50007 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:08.524808+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 50007 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:11.034010+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.4 | 50016 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:11.383091+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 50016 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:12.632554+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.4 | 50018 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:12.919988+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 50018 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:15.961929+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.4 | 50020 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:16.351728+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 50020 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:17.696802+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.4 | 50022 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:17.916819+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 50022 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:20.994975+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.4 | 50024 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:21.217034+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 50024 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:23.891363+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.4 | 50026 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:24.193404+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 50026 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:26.669545+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.4 | 50028 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:27.018151+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 50028 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:28.844046+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.4 | 50030 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:29.166698+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 50030 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:33.255971+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.4 | 50032 | 149.154.167.220 | 443 | TCP |
| 2025-01-11T07:32:33.677129+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.4 | 50032 | 149.154.167.220 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 11, 2025 07:31:45.370661020 CET | 49855 | 443 | 192.168.2.4 | 142.250.186.142 |
| Jan 11, 2025 07:31:45.370703936 CET | 443 | 49855 | 142.250.186.142 | 192.168.2.4 |
| Jan 11, 2025 07:31:45.370794058 CET | 49855 | 443 | 192.168.2.4 | 142.250.186.142 |
| Jan 11, 2025 07:31:45.388998032 CET | 49855 | 443 | 192.168.2.4 | 142.250.186.142 |
| Jan 11, 2025 07:31:45.389023066 CET | 443 | 49855 | 142.250.186.142 | 192.168.2.4 |
| Jan 11, 2025 07:31:46.060664892 CET | 443 | 49855 | 142.250.186.142 | 192.168.2.4 |
| Jan 11, 2025 07:31:46.060785055 CET | 49855 | 443 | 192.168.2.4 | 142.250.186.142 |
| Jan 11, 2025 07:31:46.061832905 CET | 443 | 49855 | 142.250.186.142 | 192.168.2.4 |
| Jan 11, 2025 07:31:46.061888933 CET | 49855 | 443 | 192.168.2.4 | 142.250.186.142 |
| Jan 11, 2025 07:31:46.166954041 CET | 49855 | 443 | 192.168.2.4 | 142.250.186.142 |
| Jan 11, 2025 07:31:46.166970015 CET | 443 | 49855 | 142.250.186.142 | 192.168.2.4 |
| Jan 11, 2025 07:31:46.167442083 CET | 443 | 49855 | 142.250.186.142 | 192.168.2.4 |
| Jan 11, 2025 07:31:46.167496920 CET | 49855 | 443 | 192.168.2.4 | 142.250.186.142 |
| Jan 11, 2025 07:31:46.172029972 CET | 49855 | 443 | 192.168.2.4 | 142.250.186.142 |
| Jan 11, 2025 07:31:46.219321966 CET | 443 | 49855 | 142.250.186.142 | 192.168.2.4 |
| Jan 11, 2025 07:31:46.466254950 CET | 443 | 49855 | 142.250.186.142 | 192.168.2.4 |
| Jan 11, 2025 07:31:46.466517925 CET | 49855 | 443 | 192.168.2.4 | 142.250.186.142 |
| Jan 11, 2025 07:31:46.466536999 CET | 443 | 49855 | 142.250.186.142 | 192.168.2.4 |
| Jan 11, 2025 07:31:46.466583967 CET | 49855 | 443 | 192.168.2.4 | 142.250.186.142 |
| Jan 11, 2025 07:31:46.466799974 CET | 49855 | 443 | 192.168.2.4 | 142.250.186.142 |
| Jan 11, 2025 07:31:46.466845989 CET | 443 | 49855 | 142.250.186.142 | 192.168.2.4 |
| Jan 11, 2025 07:31:46.466895103 CET | 49855 | 443 | 192.168.2.4 | 142.250.186.142 |
| Jan 11, 2025 07:31:46.492896080 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:46.492949009 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:46.493027925 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:46.493392944 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:46.493413925 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:47.128484011 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:47.128552914 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:47.133858919 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:47.133869886 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:47.134213924 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:47.134268045 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:47.134737015 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:47.179325104 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.201756954 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.201919079 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.207607031 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.207699060 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.220195055 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.220273972 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.220283985 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.220333099 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.226500034 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.226555109 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.288171053 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.288225889 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.288281918 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.288295031 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.288342953 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.291076899 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.292200089 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.292205095 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.292238951 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.297229052 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.297274113 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.297384024 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.297418118 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.303586006 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.303976059 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.303982019 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.304083109 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.309865952 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.309940100 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.309946060 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.309981108 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.316174030 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.316366911 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.316371918 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.316435099 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.322542906 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.322762012 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.322767019 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.322824955 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.328985929 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.329029083 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.329061985 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.329097986 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.334733963 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.334788084 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.334795952 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.334835052 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.340667009 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.340717077 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.340723038 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.340763092 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.346241951 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.346297979 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.346307993 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.346345901 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.352099895 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.352153063 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.356801033 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.356858969 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.357871056 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.357916117 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.374881029 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.374949932 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.374959946 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.374996901 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.375061035 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.375101089 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.375104904 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.375144958 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.375149012 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.375190973 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.377342939 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.377397060 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.377778053 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.377821922 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.383191109 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.383240938 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.383269072 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.383277893 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.383308887 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.383327007 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.388756990 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.388839006 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.388844967 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.388884068 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.394090891 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.394260883 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.394268990 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.394314051 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.399110079 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.399169922 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.399175882 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.399210930 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.404035091 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.404169083 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.404174089 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.404222965 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.408673048 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.408736944 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.408740997 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.408776045 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.413467884 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.413526058 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.413531065 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.413564920 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.418086052 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.418143988 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.418152094 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.418190002 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.422693968 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.422750950 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.422760010 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.422792912 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.427448034 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.427510023 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.427522898 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.427553892 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.432007074 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.432080030 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.432094097 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.432147026 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.432153940 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.436403036 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.436512947 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.436523914 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.436569929 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.440479994 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.440545082 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.440555096 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.440633059 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.440659046 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.440707922 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.440762997 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.440768957 CET | 443 | 49866 | 142.250.185.129 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.440818071 CET | 49866 | 443 | 192.168.2.4 | 142.250.185.129 |
| Jan 11, 2025 07:31:50.716283083 CET | 49892 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:31:50.721092939 CET | 80 | 49892 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.721220970 CET | 49892 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:31:50.721364021 CET | 49892 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:31:50.726095915 CET | 80 | 49892 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:31:52.440203905 CET | 80 | 49892 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:31:52.449141026 CET | 49892 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:31:52.454170942 CET | 80 | 49892 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:31:52.636622906 CET | 80 | 49892 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:31:52.684099913 CET | 49892 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:31:53.398179054 CET | 49913 | 443 | 192.168.2.4 | 104.21.16.1 |
| Jan 11, 2025 07:31:53.398252964 CET | 443 | 49913 | 104.21.16.1 | 192.168.2.4 |
| Jan 11, 2025 07:31:53.398343086 CET | 49913 | 443 | 192.168.2.4 | 104.21.16.1 |
| Jan 11, 2025 07:31:53.437364101 CET | 49913 | 443 | 192.168.2.4 | 104.21.16.1 |
| Jan 11, 2025 07:31:53.437443972 CET | 443 | 49913 | 104.21.16.1 | 192.168.2.4 |
| Jan 11, 2025 07:31:53.925529003 CET | 443 | 49913 | 104.21.16.1 | 192.168.2.4 |
| Jan 11, 2025 07:31:53.925640106 CET | 49913 | 443 | 192.168.2.4 | 104.21.16.1 |
| Jan 11, 2025 07:31:53.929060936 CET | 49913 | 443 | 192.168.2.4 | 104.21.16.1 |
| Jan 11, 2025 07:31:53.929102898 CET | 443 | 49913 | 104.21.16.1 | 192.168.2.4 |
| Jan 11, 2025 07:31:53.929613113 CET | 443 | 49913 | 104.21.16.1 | 192.168.2.4 |
| Jan 11, 2025 07:31:53.975589991 CET | 49913 | 443 | 192.168.2.4 | 104.21.16.1 |
| Jan 11, 2025 07:31:53.988464117 CET | 49913 | 443 | 192.168.2.4 | 104.21.16.1 |
| Jan 11, 2025 07:31:54.031336069 CET | 443 | 49913 | 104.21.16.1 | 192.168.2.4 |
| Jan 11, 2025 07:31:54.099371910 CET | 443 | 49913 | 104.21.16.1 | 192.168.2.4 |
| Jan 11, 2025 07:31:54.099440098 CET | 443 | 49913 | 104.21.16.1 | 192.168.2.4 |
| Jan 11, 2025 07:31:54.099536896 CET | 49913 | 443 | 192.168.2.4 | 104.21.16.1 |
| Jan 11, 2025 07:31:54.189364910 CET | 49913 | 443 | 192.168.2.4 | 104.21.16.1 |
| Jan 11, 2025 07:32:02.021337986 CET | 49892 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:02.026165962 CET | 80 | 49892 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:02.256493092 CET | 80 | 49892 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:02.309182882 CET | 49892 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:02.452034950 CET | 49968 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:02.452085018 CET | 443 | 49968 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:02.452219009 CET | 49968 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:02.452766895 CET | 49968 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:02.452778101 CET | 443 | 49968 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:03.067569971 CET | 443 | 49968 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:03.067650080 CET | 49968 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:03.069670916 CET | 49968 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:03.069681883 CET | 443 | 49968 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:03.070067883 CET | 443 | 49968 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:03.071482897 CET | 49968 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:03.115345001 CET | 443 | 49968 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:03.115454912 CET | 49968 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:03.115467072 CET | 443 | 49968 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:03.547465086 CET | 443 | 49968 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:03.547662973 CET | 443 | 49968 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:03.547955036 CET | 49968 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:03.548290014 CET | 49968 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:03.709368944 CET | 49892 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:03.710808992 CET | 49978 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:03.714385033 CET | 80 | 49892 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:03.714443922 CET | 49892 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:03.715646982 CET | 80 | 49978 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:03.715749979 CET | 49978 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:03.716248989 CET | 49978 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:03.720988035 CET | 80 | 49978 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:04.342973948 CET | 80 | 49978 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:04.345633984 CET | 49983 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:04.345689058 CET | 443 | 49983 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:04.345762014 CET | 49983 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:04.346467972 CET | 49983 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:04.346492052 CET | 443 | 49983 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:04.387334108 CET | 49978 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:04.965477943 CET | 443 | 49983 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:04.966996908 CET | 49983 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:04.967057943 CET | 443 | 49983 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:04.967134953 CET | 49983 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:04.967156887 CET | 443 | 49983 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:05.375880003 CET | 443 | 49983 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:05.375960112 CET | 443 | 49983 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:05.376122952 CET | 49983 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:05.388364077 CET | 49983 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:05.440812111 CET | 49978 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:05.442456007 CET | 49991 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:05.445938110 CET | 80 | 49978 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:05.445997000 CET | 49978 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:05.447272062 CET | 80 | 49991 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:05.447446108 CET | 49991 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:05.447618008 CET | 49991 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:05.452357054 CET | 80 | 49991 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:06.082190990 CET | 80 | 49991 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:06.084702969 CET | 49991 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:06.088251114 CET | 49996 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:06.088279009 CET | 443 | 49996 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:06.088666916 CET | 49996 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:06.088666916 CET | 49996 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:06.088695049 CET | 443 | 49996 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:06.089651108 CET | 80 | 49991 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:06.089714050 CET | 49991 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:06.707727909 CET | 443 | 49996 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:06.709460974 CET | 49996 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:06.709480047 CET | 443 | 49996 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:06.709718943 CET | 49996 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:06.709723949 CET | 443 | 49996 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:07.002765894 CET | 443 | 49996 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:07.002862930 CET | 443 | 49996 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:07.003339052 CET | 49996 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:07.004268885 CET | 49996 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:07.008994102 CET | 50003 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:07.013878107 CET | 80 | 50003 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:07.016376972 CET | 50003 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:07.016571045 CET | 50003 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:07.021375895 CET | 80 | 50003 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:07.642252922 CET | 80 | 50003 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:07.643531084 CET | 50007 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:07.643548012 CET | 443 | 50007 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:07.643887997 CET | 50007 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:07.643887997 CET | 50007 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:07.643908024 CET | 443 | 50007 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:07.684185982 CET | 50003 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:08.247895956 CET | 443 | 50007 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:08.249901056 CET | 50007 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:08.249911070 CET | 443 | 50007 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:08.249963999 CET | 50007 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:08.249970913 CET | 443 | 50007 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:08.524871111 CET | 443 | 50007 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:08.524947882 CET | 443 | 50007 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:08.525183916 CET | 50007 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:08.525464058 CET | 50007 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:08.529057026 CET | 50003 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:08.530261040 CET | 50012 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:08.534027100 CET | 80 | 50003 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:08.534097910 CET | 50003 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:08.535027981 CET | 80 | 50012 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:08.535106897 CET | 50012 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:08.535211086 CET | 50012 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:08.540033102 CET | 80 | 50012 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:10.405659914 CET | 80 | 50012 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:10.407286882 CET | 50016 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:10.407356024 CET | 443 | 50016 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:10.407435894 CET | 50016 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:10.407783985 CET | 50016 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:10.407804012 CET | 443 | 50016 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:10.449985027 CET | 50012 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:11.031841993 CET | 443 | 50016 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:11.033807039 CET | 50016 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:11.033828974 CET | 443 | 50016 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:11.033974886 CET | 50016 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:11.033981085 CET | 443 | 50016 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:11.383148909 CET | 443 | 50016 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:11.383234978 CET | 443 | 50016 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:11.383466005 CET | 50016 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:11.384020090 CET | 50016 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:11.387867928 CET | 50012 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:11.389174938 CET | 50017 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:11.392888069 CET | 80 | 50012 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:11.392978907 CET | 50012 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:11.394047022 CET | 80 | 50017 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:11.394130945 CET | 50017 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:11.394243956 CET | 50017 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:11.399104118 CET | 80 | 50017 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:12.024065971 CET | 80 | 50017 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:12.025650024 CET | 50018 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:12.025701046 CET | 443 | 50018 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:12.025790930 CET | 50018 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:12.026223898 CET | 50018 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:12.026237965 CET | 443 | 50018 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:12.075054884 CET | 50017 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:12.630654097 CET | 443 | 50018 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:12.632333040 CET | 50018 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:12.632361889 CET | 443 | 50018 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:12.632427931 CET | 50018 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:12.632436037 CET | 443 | 50018 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:12.919984102 CET | 443 | 50018 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:12.920066118 CET | 443 | 50018 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:12.920232058 CET | 50018 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:12.920696974 CET | 50018 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:12.923980951 CET | 50017 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:12.925143957 CET | 50019 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:12.929760933 CET | 80 | 50017 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:12.929845095 CET | 50017 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:12.930627108 CET | 80 | 50019 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:12.930710077 CET | 50019 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:12.930804014 CET | 50019 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:12.936537027 CET | 80 | 50019 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:15.351646900 CET | 80 | 50019 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:15.353002071 CET | 50020 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:15.353044987 CET | 443 | 50020 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:15.353118896 CET | 50020 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:15.353467941 CET | 50020 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:15.353478909 CET | 443 | 50020 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:15.402988911 CET | 50019 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:15.959719896 CET | 443 | 50020 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:15.961769104 CET | 50020 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:15.961790085 CET | 443 | 50020 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:15.961843014 CET | 50020 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:15.961849928 CET | 443 | 50020 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:16.351779938 CET | 443 | 50020 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:16.351864100 CET | 443 | 50020 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:16.351917028 CET | 50020 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:16.352346897 CET | 50020 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:16.355803967 CET | 50019 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:16.357058048 CET | 50021 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:16.361881018 CET | 80 | 50019 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:16.361896992 CET | 80 | 50021 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:16.361953974 CET | 50019 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:16.361993074 CET | 50021 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:16.362076998 CET | 50021 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:16.366801023 CET | 80 | 50021 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:17.080642939 CET | 80 | 50021 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:17.082160950 CET | 50022 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:17.082207918 CET | 443 | 50022 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:17.082279921 CET | 50022 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:17.082617998 CET | 50022 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:17.082627058 CET | 443 | 50022 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:17.121737003 CET | 50021 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:17.694645882 CET | 443 | 50022 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:17.696610928 CET | 50022 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:17.696641922 CET | 443 | 50022 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:17.696715117 CET | 50022 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:17.696722984 CET | 443 | 50022 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:17.916883945 CET | 443 | 50022 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:17.916958094 CET | 443 | 50022 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:17.917144060 CET | 50022 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:17.917773008 CET | 50022 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:17.921134949 CET | 50021 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:17.922359943 CET | 50023 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:17.926340103 CET | 80 | 50021 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:17.926433086 CET | 50021 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:17.927247047 CET | 80 | 50023 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:17.927350044 CET | 50023 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:17.927453995 CET | 50023 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:17.932291031 CET | 80 | 50023 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:20.382468939 CET | 80 | 50023 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:20.384061098 CET | 50024 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:20.384120941 CET | 443 | 50024 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:20.384197950 CET | 50024 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:20.384545088 CET | 50024 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:20.384567022 CET | 443 | 50024 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:20.434408903 CET | 50023 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:20.992873907 CET | 443 | 50024 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:20.994704008 CET | 50024 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:20.994775057 CET | 443 | 50024 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:20.994856119 CET | 50024 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:20.994880915 CET | 443 | 50024 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:21.217087984 CET | 443 | 50024 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:21.217168093 CET | 443 | 50024 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:21.217225075 CET | 50024 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:21.217767000 CET | 50024 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:21.220927954 CET | 50023 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:21.221966982 CET | 50025 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:21.225860119 CET | 80 | 50023 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:21.225934982 CET | 50023 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:21.226809025 CET | 80 | 50025 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:21.226885080 CET | 50025 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:21.226994991 CET | 50025 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:21.231781006 CET | 80 | 50025 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:23.261779070 CET | 80 | 50025 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:23.263534069 CET | 50026 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:23.263586998 CET | 443 | 50026 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:23.263668060 CET | 50026 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:23.264039993 CET | 50026 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:23.264050007 CET | 443 | 50026 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:23.309338093 CET | 50025 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:23.888890982 CET | 443 | 50026 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:23.891207933 CET | 50026 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:23.891242027 CET | 443 | 50026 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:23.891304016 CET | 50026 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:23.891310930 CET | 443 | 50026 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:24.193463087 CET | 443 | 50026 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:24.193538904 CET | 443 | 50026 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:24.193627119 CET | 50026 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:24.194386005 CET | 50026 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:24.197644949 CET | 50025 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:24.198990107 CET | 50027 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:24.202584028 CET | 80 | 50025 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:24.202675104 CET | 50025 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:24.204303980 CET | 80 | 50027 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:24.204392910 CET | 50027 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:24.204605103 CET | 50027 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:24.209333897 CET | 80 | 50027 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:26.059494972 CET | 80 | 50027 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:26.061218023 CET | 50028 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:26.061285973 CET | 443 | 50028 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:26.061404943 CET | 50028 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:26.061815977 CET | 50028 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:26.061851025 CET | 443 | 50028 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:26.106314898 CET | 50027 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:26.667332888 CET | 443 | 50028 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:26.669328928 CET | 50028 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:26.669406891 CET | 443 | 50028 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:26.669492006 CET | 50028 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:26.669507027 CET | 443 | 50028 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:27.018300056 CET | 443 | 50028 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:27.018476009 CET | 443 | 50028 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:27.018560886 CET | 50028 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:27.018974066 CET | 50028 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:27.022820950 CET | 50027 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:27.023886919 CET | 50029 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:27.028770924 CET | 80 | 50027 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:27.028862953 CET | 50027 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:27.029578924 CET | 80 | 50029 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:27.029675961 CET | 50029 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:27.029798031 CET | 50029 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:27.035805941 CET | 80 | 50029 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:28.210283995 CET | 80 | 50029 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:28.214818001 CET | 50030 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:28.214931011 CET | 443 | 50030 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:28.215146065 CET | 50030 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:28.215442896 CET | 50030 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:28.215485096 CET | 443 | 50030 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:28.262521029 CET | 50029 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:28.841892004 CET | 443 | 50030 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:28.843874931 CET | 50030 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:28.843914032 CET | 443 | 50030 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:28.843964100 CET | 50030 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:28.843975067 CET | 443 | 50030 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:29.166703939 CET | 443 | 50030 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:29.166794062 CET | 443 | 50030 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:29.166867018 CET | 50030 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:29.167392015 CET | 50030 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:29.173394918 CET | 50029 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:29.174402952 CET | 50031 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:29.178386927 CET | 80 | 50029 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:29.178432941 CET | 50029 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:29.179223061 CET | 80 | 50031 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:29.179289103 CET | 50031 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:29.179406881 CET | 50031 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:29.184104919 CET | 80 | 50031 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:30.668837070 CET | 80 | 50031 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:30.670599937 CET | 50032 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:30.670710087 CET | 443 | 50032 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:30.670815945 CET | 50032 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:30.671149015 CET | 50032 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:30.671164036 CET | 443 | 50032 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:30.715610981 CET | 50031 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:31.309509039 CET | 443 | 50032 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:31.356206894 CET | 50032 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:33.255340099 CET | 50032 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:33.255420923 CET | 443 | 50032 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:33.255486965 CET | 50032 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:33.255506992 CET | 443 | 50032 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:33.677009106 CET | 443 | 50032 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:33.677084923 CET | 443 | 50032 | 149.154.167.220 | 192.168.2.4 |
| Jan 11, 2025 07:32:33.677238941 CET | 50032 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:33.677661896 CET | 50032 | 443 | 192.168.2.4 | 149.154.167.220 |
| Jan 11, 2025 07:32:33.679944038 CET | 50031 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:33.680788040 CET | 50033 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:33.685666084 CET | 80 | 50033 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:33.685774088 CET | 50033 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:33.685843945 CET | 50033 | 80 | 192.168.2.4 | 193.122.6.168 |
| Jan 11, 2025 07:32:33.689273119 CET | 80 | 50031 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:33.690742016 CET | 80 | 50033 | 193.122.6.168 | 192.168.2.4 |
| Jan 11, 2025 07:32:33.690804958 CET | 50031 | 80 | 192.168.2.4 | 193.122.6.168 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 11, 2025 07:31:45.357455969 CET | 54838 | 53 | 192.168.2.4 | 1.1.1.1 |
| Jan 11, 2025 07:31:45.364461899 CET | 53 | 54838 | 1.1.1.1 | 192.168.2.4 |
| Jan 11, 2025 07:31:46.481794119 CET | 61084 | 53 | 192.168.2.4 | 1.1.1.1 |
| Jan 11, 2025 07:31:46.488658905 CET | 53 | 61084 | 1.1.1.1 | 192.168.2.4 |
| Jan 11, 2025 07:31:50.704898119 CET | 64467 | 53 | 192.168.2.4 | 1.1.1.1 |
| Jan 11, 2025 07:31:50.712007999 CET | 53 | 64467 | 1.1.1.1 | 192.168.2.4 |
| Jan 11, 2025 07:31:53.389915943 CET | 61756 | 53 | 192.168.2.4 | 1.1.1.1 |
| Jan 11, 2025 07:31:53.397526979 CET | 53 | 61756 | 1.1.1.1 | 192.168.2.4 |
| Jan 11, 2025 07:32:02.375968933 CET | 54564 | 53 | 192.168.2.4 | 1.1.1.1 |
| Jan 11, 2025 07:32:02.383502007 CET | 53 | 54564 | 1.1.1.1 | 192.168.2.4 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Jan 11, 2025 07:31:45.357455969 CET | 192.168.2.4 | 1.1.1.1 | 0xec00 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 11, 2025 07:31:46.481794119 CET | 192.168.2.4 | 1.1.1.1 | 0xeaa | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 11, 2025 07:31:50.704898119 CET | 192.168.2.4 | 1.1.1.1 | 0x2c9c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 11, 2025 07:31:53.389915943 CET | 192.168.2.4 | 1.1.1.1 | 0xa71b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 11, 2025 07:32:02.375968933 CET | 192.168.2.4 | 1.1.1.1 | 0xead6 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Jan 11, 2025 07:31:45.364461899 CET | 1.1.1.1 | 192.168.2.4 | 0xec00 | No error (0) | 142.250.186.142 | A (IP address) | IN (0x0001) | false | ||
| Jan 11, 2025 07:31:46.488658905 CET | 1.1.1.1 | 192.168.2.4 | 0xeaa | No error (0) | 142.250.185.129 | A (IP address) | IN (0x0001) | false | ||
| Jan 11, 2025 07:31:50.712007999 CET | 1.1.1.1 | 192.168.2.4 | 0x2c9c | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Jan 11, 2025 07:31:50.712007999 CET | 1.1.1.1 | 192.168.2.4 | 0x2c9c | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Jan 11, 2025 07:31:50.712007999 CET | 1.1.1.1 | 192.168.2.4 | 0x2c9c | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
| Jan 11, 2025 07:31:50.712007999 CET | 1.1.1.1 | 192.168.2.4 | 0x2c9c | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Jan 11, 2025 07:31:50.712007999 CET | 1.1.1.1 | 192.168.2.4 | 0x2c9c | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Jan 11, 2025 07:31:50.712007999 CET | 1.1.1.1 | 192.168.2.4 | 0x2c9c | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
| Jan 11, 2025 07:31:53.397526979 CET | 1.1.1.1 | 192.168.2.4 | 0xa71b | No error (0) | 104.21.16.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 11, 2025 07:31:53.397526979 CET | 1.1.1.1 | 192.168.2.4 | 0xa71b | No error (0) | 104.21.80.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 11, 2025 07:31:53.397526979 CET | 1.1.1.1 | 192.168.2.4 | 0xa71b | No error (0) | 104.21.64.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 11, 2025 07:31:53.397526979 CET | 1.1.1.1 | 192.168.2.4 | 0xa71b | No error (0) | 104.21.48.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 11, 2025 07:31:53.397526979 CET | 1.1.1.1 | 192.168.2.4 | 0xa71b | No error (0) | 104.21.32.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 11, 2025 07:31:53.397526979 CET | 1.1.1.1 | 192.168.2.4 | 0xa71b | No error (0) | 104.21.96.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 11, 2025 07:31:53.397526979 CET | 1.1.1.1 | 192.168.2.4 | 0xa71b | No error (0) | 104.21.112.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 11, 2025 07:32:02.383502007 CET | 1.1.1.1 | 192.168.2.4 | 0xead6 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49892 | 193.122.6.168 | 80 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 11, 2025 07:31:50.721364021 CET | 151 | OUT | |
| Jan 11, 2025 07:31:52.440203905 CET | 273 | IN | |
| Jan 11, 2025 07:31:52.449141026 CET | 127 | OUT | |
| Jan 11, 2025 07:31:52.636622906 CET | 273 | IN | |
| Jan 11, 2025 07:32:02.021337986 CET | 127 | OUT | |
| Jan 11, 2025 07:32:02.256493092 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49978 | 193.122.6.168 | 80 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 11, 2025 07:32:03.716248989 CET | 127 | OUT | |
| Jan 11, 2025 07:32:04.342973948 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 49991 | 193.122.6.168 | 80 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 11, 2025 07:32:05.447618008 CET | 127 | OUT | |
| Jan 11, 2025 07:32:06.082190990 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.4 | 50003 | 193.122.6.168 | 80 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 11, 2025 07:32:07.016571045 CET | 151 | OUT | |
| Jan 11, 2025 07:32:07.642252922 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.4 | 50012 | 193.122.6.168 | 80 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 11, 2025 07:32:08.535211086 CET | 151 | OUT | |
| Jan 11, 2025 07:32:10.405659914 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.4 | 50017 | 193.122.6.168 | 80 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 11, 2025 07:32:11.394243956 CET | 151 | OUT | |
| Jan 11, 2025 07:32:12.024065971 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.4 | 50019 | 193.122.6.168 | 80 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 11, 2025 07:32:12.930804014 CET | 151 | OUT | |
| Jan 11, 2025 07:32:15.351646900 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.4 | 50021 | 193.122.6.168 | 80 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 11, 2025 07:32:16.362076998 CET | 151 | OUT | |
| Jan 11, 2025 07:32:17.080642939 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.4 | 50023 | 193.122.6.168 | 80 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 11, 2025 07:32:17.927453995 CET | 151 | OUT | |
| Jan 11, 2025 07:32:20.382468939 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.4 | 50025 | 193.122.6.168 | 80 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 11, 2025 07:32:21.226994991 CET | 151 | OUT | |
| Jan 11, 2025 07:32:23.261779070 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.4 | 50027 | 193.122.6.168 | 80 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 11, 2025 07:32:24.204605103 CET | 151 | OUT | |
| Jan 11, 2025 07:32:26.059494972 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.4 | 50029 | 193.122.6.168 | 80 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 11, 2025 07:32:27.029798031 CET | 151 | OUT | |
| Jan 11, 2025 07:32:28.210283995 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.4 | 50031 | 193.122.6.168 | 80 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 11, 2025 07:32:29.179406881 CET | 151 | OUT | |
| Jan 11, 2025 07:32:30.668837070 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 13 | 192.168.2.4 | 50033 | 193.122.6.168 | 80 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 11, 2025 07:32:33.685843945 CET | 151 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49855 | 142.250.186.142 | 443 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-11 06:31:46 UTC | 216 | OUT | |
| 2025-01-11 06:31:46 UTC | 1920 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49866 | 142.250.185.129 | 443 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-11 06:31:47 UTC | 258 | OUT | |
| 2025-01-11 06:31:50 UTC | 4941 | IN | |
| 2025-01-11 06:31:50 UTC | 4941 | IN | |
| 2025-01-11 06:31:50 UTC | 4819 | IN | |
| 2025-01-11 06:31:50 UTC | 1320 | IN | |
| 2025-01-11 06:31:50 UTC | 1390 | IN | |
| 2025-01-11 06:31:50 UTC | 1390 | IN | |
| 2025-01-11 06:31:50 UTC | 1390 | IN | |
| 2025-01-11 06:31:50 UTC | 1390 | IN | |
| 2025-01-11 06:31:50 UTC | 1390 | IN | |
| 2025-01-11 06:31:50 UTC | 1390 | IN | |
| 2025-01-11 06:31:50 UTC | 1390 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 49913 | 104.21.16.1 | 443 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-11 06:31:53 UTC | 85 | OUT | |
| 2025-01-11 06:31:54 UTC | 855 | IN | |
| 2025-01-11 06:31:54 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.4 | 49968 | 149.154.167.220 | 443 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-11 06:32:03 UTC | 295 | OUT | |
| 2025-01-11 06:32:03 UTC | 1090 | OUT | |
| 2025-01-11 06:32:03 UTC | 388 | IN | |
| 2025-01-11 06:32:03 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.4 | 49983 | 149.154.167.220 | 443 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-11 06:32:04 UTC | 295 | OUT | |
| 2025-01-11 06:32:04 UTC | 1090 | OUT | |
| 2025-01-11 06:32:05 UTC | 388 | IN | |
| 2025-01-11 06:32:05 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.4 | 49996 | 149.154.167.220 | 443 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-11 06:32:06 UTC | 295 | OUT | |
| 2025-01-11 06:32:06 UTC | 1090 | OUT | |
| 2025-01-11 06:32:06 UTC | 388 | IN | |
| 2025-01-11 06:32:06 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.4 | 50007 | 149.154.167.220 | 443 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-11 06:32:08 UTC | 271 | OUT | |
| 2025-01-11 06:32:08 UTC | 1090 | OUT | |
| 2025-01-11 06:32:08 UTC | 388 | IN | |
| 2025-01-11 06:32:08 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.4 | 50016 | 149.154.167.220 | 443 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-11 06:32:11 UTC | 271 | OUT | |
| 2025-01-11 06:32:11 UTC | 1090 | OUT | |
| 2025-01-11 06:32:11 UTC | 388 | IN | |
| 2025-01-11 06:32:11 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.4 | 50018 | 149.154.167.220 | 443 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-11 06:32:12 UTC | 271 | OUT | |
| 2025-01-11 06:32:12 UTC | 1090 | OUT | |
| 2025-01-11 06:32:12 UTC | 388 | IN | |
| 2025-01-11 06:32:12 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.4 | 50020 | 149.154.167.220 | 443 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-11 06:32:15 UTC | 271 | OUT | |
| 2025-01-11 06:32:15 UTC | 1090 | OUT | |
| 2025-01-11 06:32:16 UTC | 388 | IN | |
| 2025-01-11 06:32:16 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.4 | 50022 | 149.154.167.220 | 443 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-11 06:32:17 UTC | 271 | OUT | |
| 2025-01-11 06:32:17 UTC | 1090 | OUT | |
| 2025-01-11 06:32:17 UTC | 388 | IN | |
| 2025-01-11 06:32:17 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.4 | 50024 | 149.154.167.220 | 443 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-11 06:32:20 UTC | 295 | OUT | |
| 2025-01-11 06:32:20 UTC | 1090 | OUT | |
| 2025-01-11 06:32:21 UTC | 388 | IN | |
| 2025-01-11 06:32:21 UTC | 536 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.4 | 50026 | 149.154.167.220 | 443 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-11 06:32:23 UTC | 295 | OUT | |
| 2025-01-11 06:32:23 UTC | 1090 | OUT | |
| 2025-01-11 06:32:24 UTC | 388 | IN | |
| 2025-01-11 06:32:24 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.4 | 50028 | 149.154.167.220 | 443 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-11 06:32:26 UTC | 295 | OUT | |
| 2025-01-11 06:32:26 UTC | 1090 | OUT | |
| 2025-01-11 06:32:27 UTC | 388 | IN | |
| 2025-01-11 06:32:27 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.4 | 50030 | 149.154.167.220 | 443 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-11 06:32:28 UTC | 295 | OUT | |
| 2025-01-11 06:32:28 UTC | 1090 | OUT | |
| 2025-01-11 06:32:29 UTC | 388 | IN | |
| 2025-01-11 06:32:29 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.4 | 50032 | 149.154.167.220 | 443 | 3052 | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-11 06:32:33 UTC | 295 | OUT | |
| 2025-01-11 06:32:33 UTC | 1090 | OUT | |
| 2025-01-11 06:32:33 UTC | 388 | IN | |
| 2025-01-11 06:32:33 UTC | 535 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 01:30:25 |
| Start date: | 11/01/2025 |
| Path: | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 1'011'570 bytes |
| MD5 hash: | DF41E72F1C096D443CEFD72755DF031F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 01:31:33 |
| Start date: | 11/01/2025 |
| Path: | C:\Users\user\Desktop\ZaRP7yvL1J.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 1'011'570 bytes |
| MD5 hash: | DF41E72F1C096D443CEFD72755DF031F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 19.7% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 19.6% |
| Total number of Nodes: | 1592 |
| Total number of Limit Nodes: | 38 |
Graph
Function 004034A5 Relevance: 80.9, APIs: 32, Strings: 14, Instructions: 410stringfilecomCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404DCC Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405AFA Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406AF2 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403E86 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403AD8 Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402F30 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 203memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040640A Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 209stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406752 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004023E4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040591F Relevance: 6.0, APIs: 4, Instructions: 39COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004053C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004062B6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406F27 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407128 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406E3E Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406943 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406D91 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406EAF Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406DFB Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004032DE Relevance: 4.6, APIs: 3, Instructions: 101COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402032 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004031D6 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004015C1 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401E49 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405EDE Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040599C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6F952AAC Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040167B Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004027EF Relevance: 1.5, APIs: 1, Instructions: 28COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F61 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F90 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6F952993 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040345D Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404394 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6F95121B Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040558F Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404850 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6F951B5F Relevance: 20.1, APIs: 13, Instructions: 576stringlibrarymemoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402104 Relevance: 1.6, APIs: 1, Instructions: 129comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402868 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040451E Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406034 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004043C6 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404D1A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402DF3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6F952569 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404C0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402598 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6F9518D9 Relevance: 7.7, APIs: 5, Instructions: 194COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6F952394 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401DB9 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6F95161D Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405CBD Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405DC5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004059D1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6F9510E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405E43 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 11.9% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 2.2% |
| Total number of Nodes: | 271 |
| Total number of Limit Nodes: | 17 |
Graph
Function 000D5F90 Relevance: 6.7, Strings: 5, Instructions: 461COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D9048 Relevance: 3.4, Strings: 2, Instructions: 888COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D4328 Relevance: 2.7, Strings: 2, Instructions: 192COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 390EE7C8 Relevance: 2.0, Strings: 1, Instructions: 764COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387ABDF0 Relevance: 2.0, Strings: 1, Instructions: 758COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 390ED6C1 Relevance: 1.8, APIs: 1, Instructions: 329COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A8650 Relevance: .7, Instructions: 709COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3805C638 Relevance: .3, Instructions: 299COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 380503C4 Relevance: .3, Instructions: 265COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38050C1A Relevance: .2, Instructions: 233COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38050C28 Relevance: .2, Instructions: 220COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387AA360 Relevance: .2, Instructions: 219COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A9D10 Relevance: .2, Instructions: 219COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387AA9B0 Relevance: .2, Instructions: 218COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A96C8 Relevance: .2, Instructions: 218COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38050F6F Relevance: .2, Instructions: 202COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387ABA97 Relevance: .2, Instructions: 189COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A8640 Relevance: .2, Instructions: 169COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387AA9A0 Relevance: .2, Instructions: 162COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A96B8 Relevance: .2, Instructions: 162COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 390EF316 Relevance: .2, Instructions: 154COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A9D00 Relevance: .1, Instructions: 114COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387AA352 Relevance: .1, Instructions: 106COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D66B8 Relevance: 10.5, Strings: 8, Instructions: 471COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 390E0970 Relevance: 6.1, APIs: 4, Instructions: 134threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 390E0980 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D7458 Relevance: 3.2, Strings: 2, Instructions: 701COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D4F00 Relevance: 2.8, Strings: 2, Instructions: 326COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D8D90 Relevance: 2.8, Strings: 2, Instructions: 308COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D5460 Relevance: 2.7, Strings: 2, Instructions: 229COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387AD548 Relevance: 2.7, Strings: 2, Instructions: 151COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D8BF0 Relevance: 2.6, Strings: 2, Instructions: 149COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D2C6A Relevance: 2.6, Strings: 2, Instructions: 121COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 390E0006 Relevance: 1.7, APIs: 1, Instructions: 220COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 390E0104 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 390E0110 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 390E1DC0 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 390E0BC0 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 390E0BC8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 390E2018 Relevance: 1.5, APIs: 1, Instructions: 48timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 390ED3E8 Relevance: 1.5, APIs: 1, Instructions: 48comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 390EC560 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 390EE700 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 390E2020 Relevance: 1.5, APIs: 1, Instructions: 44timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 390EE708 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D0B20 Relevance: 1.5, Strings: 1, Instructions: 205COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D0B30 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D9EB0 Relevance: 1.4, Strings: 1, Instructions: 118COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387AC175 Relevance: .3, Instructions: 322COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387AC173 Relevance: .3, Instructions: 319COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D89D0 Relevance: .2, Instructions: 228COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D6C98 Relevance: .2, Instructions: 201COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DAF90 Relevance: .2, Instructions: 197COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387AFAB0 Relevance: .2, Instructions: 189COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A7920 Relevance: .1, Instructions: 147COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387ACC28 Relevance: .1, Instructions: 145COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387AB896 Relevance: .1, Instructions: 143COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D3168 Relevance: .1, Instructions: 134COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D92C3 Relevance: .1, Instructions: 122COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D4620 Relevance: .1, Instructions: 101COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387ACF30 Relevance: .1, Instructions: 99COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DB1B7 Relevance: .1, Instructions: 94COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D6F30 Relevance: .1, Instructions: 89COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DFE12 Relevance: .1, Instructions: 88COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387ACF68 Relevance: .1, Instructions: 88COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D6F40 Relevance: .1, Instructions: 87COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387AFAA1 Relevance: .1, Instructions: 86COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D18C8 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D52C8 Relevance: .1, Instructions: 74COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A7922 Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD030 Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D324D Relevance: .1, Instructions: 68COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D4612 Relevance: .1, Instructions: 67COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DB2E0 Relevance: .1, Instructions: 67COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D8729 Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D0EC8 Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DFE60 Relevance: .1, Instructions: 62COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D17B8 Relevance: .1, Instructions: 61COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387AB9C8 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387AB9C7 Relevance: .1, Instructions: 54COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD02B Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387AF090 Relevance: .1, Instructions: 52COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D4E5F Relevance: .1, Instructions: 51COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387AE7F4 Relevance: .0, Instructions: 50COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DB2F0 Relevance: .0, Instructions: 49COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387ACE50 Relevance: .0, Instructions: 47COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DFC3E Relevance: .0, Instructions: 42COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387AEC1A Relevance: .0, Instructions: 42COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A95E8 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387ACE60 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387AD4C8 Relevance: .0, Instructions: 38COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A9608 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DB158 Relevance: .0, Instructions: 29COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DFFB0 Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387ABD98 Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D1877 Relevance: .0, Instructions: 23COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DFE20 Relevance: .0, Instructions: 23COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D1888 Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D7EC0 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DFF22 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D56FF Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D9F6D Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DFF30 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387AD095 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A95D8 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387ABD48 Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D5710 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A94B4 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DB2C2 Relevance: .0, Instructions: 7COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004034A5 Relevance: 75.7, APIs: 32, Strings: 11, Instructions: 410stringfilecomCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404DCC Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405AFA Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 148filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387AAFF8 Relevance: 11.7, Strings: 9, Instructions: 461COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387AAFF7 Relevance: 11.6, Strings: 9, Instructions: 359COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406AF2 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A7B4F Relevance: 1.9, Strings: 1, Instructions: 610COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3805BD88 Relevance: .3, Instructions: 271COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3805B930 Relevance: .3, Instructions: 270COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3805DA89 Relevance: .3, Instructions: 270COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3805E794 Relevance: .3, Instructions: 270COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3805F042 Relevance: .3, Instructions: 269COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A7070 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A1858 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A4820 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A2108 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A29B8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A3268 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A5208 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A5AB8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A6368 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A3B18 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A43C8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A6C18 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A1400 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A74C8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A1CB0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A2560 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A4DB0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A5660 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A2E10 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A36C0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A3F70 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A5F10 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A67C0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 387A0FA8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3805E33D Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3805DEE5 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3805B08A Relevance: .3, Instructions: 267COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3805C1F2 Relevance: .3, Instructions: 267COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3805EBF2 Relevance: .3, Instructions: 267COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3805B4EC Relevance: .3, Instructions: 265COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 390EF5D8 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040558F Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403E86 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403AD8 Relevance: 38.7, APIs: 13, Strings: 9, Instructions: 215stringregistryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040451E Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 204windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404850 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406034 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402F30 Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 203memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040640A Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 209stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004043C6 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404D1A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406752 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402DF3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404C0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401DB9 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040591F Relevance: 6.0, APIs: 4, Instructions: 39COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405DC5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004053C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004059D1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406F27 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407128 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406E3E Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406943 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406D91 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406EAF Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406DFB Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D1A40 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D58E8 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405E43 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|