Edit tour
Windows
Analysis Report
LrBF2Z930N.exe
Overview
General Information
| Sample name: | LrBF2Z930N.exe (renamed file extension from none to exe, renamed because original name is a hash value) |
| Original sample name: | 4e8d586a950492c30147b7d56bcfad49cd577966 |
| Analysis ID: | 1590918 |
| MD5: | 25eec63edf7c0eb8628a89712b5cb363 |
| SHA1: | 4e8d586a950492c30147b7d56bcfad49cd577966 |
| SHA256: | e075807417590255de4d395fa3dfbc336e88c96bbab8afca1d5e5d5abbac0237 |
| Infos: |   |
 | |
Detection
Remcos, GuLoader
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Detected Remcos RAT
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Remcos
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected Remcos RAT
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Deletes itself after installation
Installs a global keyboard hook
Maps a DLL or memory area into another process
Sigma detected: New RUN Key Pointing to Suspicious Folder
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Instant Messenger accounts or passwords
Tries to steal Mail credentials (via file / registry access)
Tries to steal Mail credentials (via file registry)
Yara detected WebBrowserPassView password recovery tool
Abnormal high CPU Usage
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Sleep loop found (likely to delay execution)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
LrBF2Z930N.exe (PID: 6456 cmdline: "C:\Users\ user\Deskt op\LrBF2Z9 30N.exe" MD5: 25EEC63EDF7C0EB8628A89712B5CB363) - LrBF2Z930N.exe (PID: 516 cmdline:
"C:\Users\ user\Deskt op\LrBF2Z9 30N.exe" MD5: 25EEC63EDF7C0EB8628A89712B5CB363) - LrBF2Z930N.exe (PID: 1016 cmdline:
C:\Users\u ser\Deskto p\LrBF2Z93 0N.exe /st ext "C:\Us ers\user\A ppData\Loc al\Temp\rl dkxktiiyi" MD5: 25EEC63EDF7C0EB8628A89712B5CB363) - LrBF2Z930N.exe (PID: 6816 cmdline:
C:\Users\u ser\Deskto p\LrBF2Z93 0N.exe /st ext "C:\Us ers\user\A ppData\Loc al\Temp\tg icxdejwgaf ity" MD5: 25EEC63EDF7C0EB8628A89712B5CB363) - LrBF2Z930N.exe (PID: 7004 cmdline:
C:\Users\u ser\Deskto p\LrBF2Z93 0N.exe /st ext "C:\Us ers\user\A ppData\Loc al\Temp\ei nnyvodjosk szmffx" MD5: 25EEC63EDF7C0EB8628A89712B5CB363) 
wscript.exe (PID: 4760 cmdline: "C:\Window s\System32 \WScript.e xe" "C:\Us ers\user\A ppData\Loc al\Temp\lw ze.vbs" MD5: FF00E0480075B095948000BDC66E81F0)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| Remcos, RemcosRAT | Remcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity. |
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
{"Host:Port:Password": ["linktreewealth.zapto.org:3980:0", "linktreewealth.zapto.org:3981:1", "linktreewealthy.zapto.org:3980:0"], "Assigned name": "Manifest", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Disable", "Hide file": "Disable", "Mutex": "Rmc-0B1XIG", "Keylog flag": "1", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "1", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "remcos"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
| JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
| JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
| JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
| JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
| Click to see the 7 entries | ||||
System Summary |   |
|---|
| Source: | Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: | ||
| Source: | Author: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): | ||
| Source: | Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: | ||
| Source: | Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: | ||
| Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): | ||
| Source: | Author: Michael Haag: | ||
Stealing of Sensitive Information | |
|---|
| Source: | Author: Joe Security: | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-14T15:32:12.746195+0100 | 2032776 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 61632 | 43.226.229.209 | 3980 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-14T15:32:14.153429+0100 | 2032777 | 1 | Malware Command and Control Activity Detected | 43.226.229.209 | 3980 | 192.168.2.5 | 61632 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-14T15:32:15.422525+0100 | 2803304 | 3 | Unknown Traffic | 192.168.2.5 | 61634 | 178.237.33.50 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-14T15:32:07.043325+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.5 | 61631 | 109.99.162.14 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Code function: | 5_2_00404423 | |
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_004069DF | |
| Source: | Code function: | 0_2_00405D8E | |
| Source: | Code function: | 0_2_00402910 | |
| Source: | Code function: | 4_2_378610F1 | |
| Source: | Code function: | 4_2_37866580 | |
| Source: | Code function: | 5_2_0040AE51 | |
| Source: | Code function: | 6_2_00407EF8 | |
| Source: | Code function: | 7_2_00407898 | |
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
Key, Mouse, Clipboard, Microphone and Screen Capturing | |
|---|
| Source: | Windows user hook set: | Jump to behavior | ||
| Source: | Code function: | 0_2_00405846 | |
| Source: | Code function: | 5_2_0040987A | |
| Source: | Code function: | 5_2_004098E2 | |
| Source: | Code function: | 6_2_00406DFC | |
| Source: | Code function: | 6_2_00406E9F | |
| Source: | Code function: | 7_2_004068B5 | |
| Source: | Code function: | 7_2_004072B5 | |
E-Banking Fraud | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Process Stats: | ||
| Source: | Code function: | 5_2_0040DD85 | |
| Source: | Code function: | 5_2_00401806 | |
| Source: | Code function: | 5_2_004018C0 | |
| Source: | Code function: | 6_2_004016FD | |
| Source: | Code function: | 6_2_004017B7 | |
| Source: | Code function: | 7_2_00402CAC | |
| Source: | Code function: | 7_2_00402D66 | |
| Source: | Code function: | 0_2_00403645 | |
| Source: | Code function: | 0_2_00406DA0 | |
| Source: | Code function: | 0_2_6E391BFF | |
| Source: | Code function: | 4_2_37877194 | |
| Source: | Code function: | 4_2_3786B5C1 | |
| Source: | Code function: | 5_2_0044B040 | |
| Source: | Code function: | 5_2_0043610D | |
| Source: | Code function: | 5_2_00447310 | |
| Source: | Code function: | 5_2_0044A490 | |
| Source: | Code function: | 5_2_0040755A | |
| Source: | Code function: | 5_2_0043C560 | |
| Source: | Code function: | 5_2_0044B610 | |
| Source: | Code function: | 5_2_0044D6C0 | |
| Source: | Code function: | 5_2_004476F0 | |
| Source: | Code function: | 5_2_0044B870 | |
| Source: | Code function: | 5_2_0044081D | |
| Source: | Code function: | 5_2_00414957 | |
| Source: | Code function: | 5_2_004079EE | |
| Source: | Code function: | 5_2_00407AEB | |
| Source: | Code function: | 5_2_0044AA80 | |
| Source: | Code function: | 5_2_00412AA9 | |
| Source: | Code function: | 5_2_00404B74 | |
| Source: | Code function: | 5_2_00404B03 | |
| Source: | Code function: | 5_2_0044BBD8 | |
| Source: | Code function: | 5_2_00404BE5 | |
| Source: | Code function: | 5_2_00404C76 | |
| Source: | Code function: | 5_2_00415CFE | |
| Source: | Code function: | 5_2_00416D72 | |
| Source: | Code function: | 5_2_00446D30 | |
| Source: | Code function: | 5_2_00446D8B | |
| Source: | Code function: | 5_2_00406E8F | |
| Source: | Code function: | 6_2_00405038 | |
| Source: | Code function: | 6_2_0041208C | |
| Source: | Code function: | 6_2_004050A9 | |
| Source: | Code function: | 6_2_0040511A | |
| Source: | Code function: | 6_2_0043C13A | |
| Source: | Code function: | 6_2_004051AB | |
| Source: | Code function: | 6_2_00449300 | |
| Source: | Code function: | 6_2_0040D322 | |
| Source: | Code function: | 6_2_0044A4F0 | |
| Source: | Code function: | 6_2_0043A5AB | |
| Source: | Code function: | 6_2_00413631 | |
| Source: | Code function: | 6_2_00446690 | |
| Source: | Code function: | 6_2_0044A730 | |
| Source: | Code function: | 6_2_004398D8 | |
| Source: | Code function: | 6_2_004498E0 | |
| Source: | Code function: | 6_2_0044A886 | |
| Source: | Code function: | 6_2_0043DA09 | |
| Source: | Code function: | 6_2_00438D5E | |
| Source: | Code function: | 6_2_00449ED0 | |
| Source: | Code function: | 6_2_0041FE83 | |
| Source: | Code function: | 6_2_00430F54 | |
| Source: | Code function: | 7_2_004050C2 | |
| Source: | Code function: | 7_2_004014AB | |
| Source: | Code function: | 7_2_00405133 | |
| Source: | Code function: | 7_2_004051A4 | |
| Source: | Code function: | 7_2_00401246 | |
| Source: | Code function: | 7_2_0040CA46 | |
| Source: | Code function: | 7_2_00405235 | |
| Source: | Code function: | 7_2_004032C8 | |
| Source: | Code function: | 7_2_004222D9 | |
| Source: | Code function: | 7_2_00401689 | |
| Source: | Code function: | 7_2_00402F60 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 5_2_004182CE | |
| Source: | Code function: | 0_2_00403645 | |
| Source: | Code function: | 7_2_00410DE1 | |
| Source: | Code function: | 0_2_00404AF2 | |
| Source: | Code function: | 5_2_00413D4C | |
| Source: | Code function: | 0_2_004021AF | |
| Source: | Code function: | 5_2_0040B58D | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Process created: | ||
| Source: | Static PE information: | ||
| Source: | System information queried: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Evasive API call chain: | graph_6-33208 | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | File written: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Unpacked PE file: | ||
| Source: | Unpacked PE file: | ||
| Source: | File source: | ||
| Source: | Code function: | 0_2_6E391BFF | |
| Source: | Code function: | 0_2_6E3930EE | |
| Source: | Code function: | 4_2_3787121A | |
| Source: | Code function: | 4_2_37862819 | |
| Source: | Code function: | 5_2_0044694D | |
| Source: | Code function: | 5_2_0044DB84 | |
| Source: | Code function: | 5_2_0044DBAC | |
| Source: | Code function: | 5_2_00451D61 | |
| Source: | Code function: | 6_2_0044B0A4 | |
| Source: | Code function: | 6_2_0044B0CC | |
| Source: | Code function: | 6_2_00451D41 | |
| Source: | Code function: | 6_2_00444E81 | |
| Source: | Code function: | 7_2_00414074 | |
| Source: | Code function: | 7_2_0041409C | |
| Source: | Code function: | 7_2_00414049 | |
| Source: | Code function: | 7_2_004165C4 | |
| Source: | Code function: | 7_2_004165C4 | |
| Source: | Code function: | 7_2_004165C4 | |
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
Hooking and other Techniques for Hiding and Protection | |
|---|
| Source: | File deleted: | Jump to behavior | ||
| Source: | Code function: | 6_2_004047CB | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Code function: | 5_2_0040DD85 | |
| Source: | Window found: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | API coverage: | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Code function: | 0_2_004069DF | |
| Source: | Code function: | 0_2_00405D8E | |
| Source: | Code function: | 0_2_00402910 | |
| Source: | Code function: | 4_2_378610F1 | |
| Source: | Code function: | 4_2_37866580 | |
| Source: | Code function: | 5_2_0040AE51 | |
| Source: | Code function: | 6_2_00407EF8 | |
| Source: | Code function: | 7_2_00407898 | |
| Source: | Code function: | 5_2_00418981 | |
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-4367 | ||
| Source: | API call chain: | graph_0-4596 | ||
| Source: | API call chain: | graph_6-34112 | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_00403645 | |
| Source: | Code function: | 4_2_37862639 | |
| Source: | Code function: | 5_2_0040DD85 | |
| Source: | Code function: | 0_2_6E391BFF | |
| Source: | Code function: | 4_2_37864AB4 | |
| Source: | Code function: | 4_2_3786724E | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Code function: | 4_2_37862B1C | |
| Source: | Code function: | 4_2_37862639 | |
| Source: | Code function: | 4_2_378660E2 | |
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 4_2_37862933 | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 4_2_37862264 | |
| Source: | Code function: | 6_2_004082CD | |
| Source: | Code function: | 0_2_00403645 | |
| Source: | Key value queried: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Code function: | 6_2_004033F0 | |
| Source: | Code function: | 6_2_00402DB3 | |
| Source: | Code function: | 6_2_00402DB3 | |
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | Mutex created: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | 11 Scripting | Valid Accounts | 11 Native API | 11 Scripting | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | 1 OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 Access Token Manipulation | 2 Obfuscated Files or Information | 11 Input Capture | 1 Account Discovery | Remote Desktop Protocol | 1 Data from Local System | 21 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | 1 Registry Run Keys / Startup Folder | 112 Process Injection | 1 Software Packing | 2 Credentials in Registry | 4 File and Directory Discovery | SMB/Windows Admin Shares | 1 Email Collection | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | 1 Credentials In Files | 228 System Information Discovery | Distributed Component Object Model | 11 Input Capture | 1 Remote Access Software | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 File Deletion | LSA Secrets | 331 Security Software Discovery | SSH | 2 Clipboard Data | 2 Non-Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 11 Masquerading | Cached Domain Credentials | 2 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | 113 Application Layer Protocol | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Virtualization/Sandbox Evasion | DCSync | 4 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 Access Token Manipulation | Proc Filesystem | 1 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
| Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 112 Process Injection | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 35% | Virustotal | Browse | ||
| 26% | ReversingLabs |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 26% | ReversingLabs | |||
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| linktreewealth.zapto.org | 43.226.229.209 | true | true | unknown | |
| geoplugin.net | 178.237.33.50 | true | false | high | |
| teldrum.ro | 109.99.162.14 | true | false | unknown | |
| 198.187.3.20.in-addr.arpa | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false |
| unknown | |
| true |
| unknown | |
| true |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 43.226.229.209 | linktreewealth.zapto.org | Hong Kong | 36351 | SOFTLAYERUS | true | |
| 109.99.162.14 | teldrum.ro | Romania | 9050 | RTDBucharestRomaniaRO | false | |
| 178.237.33.50 | geoplugin.net | Netherlands | 8455 | ATOM86-ASATOM86NL | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1590918 |
| Start date and time: | 2025-01-14 15:28:45 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 10m 19s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 9 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | LrBF2Z930N.exe (renamed file extension from none to exe, renamed because original name is a hash value) |
| Original Sample Name: | 4e8d586a950492c30147b7d56bcfad49cd577966 |
| Detection: | MAL |
| Classification: | mal100.phis.troj.spyw.evad.winEXE@11/14@4/3 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded IPs from analysis (whitelisted): 13.107.253.45, 20.12.23.50, 20.3.187.198
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 09:32:44 | API Interceptor | |
| 15:32:05 | Autostart | |
| 15:32:13 | Autostart |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 43.226.229.209 | Get hash | malicious | Remcos, GuLoader | Browse | ||
| 109.99.162.14 | Get hash | malicious | Remcos, GuLoader | Browse | ||
| Get hash | malicious | Remcos | Browse | |||
| Get hash | malicious | Remcos, GuLoader | Browse | |||
| Get hash | malicious | Remcos, GuLoader | Browse | |||
| Get hash | malicious | AgentTesla | Browse | |||
| Get hash | malicious | AgentTesla | Browse | |||
| Get hash | malicious | AgentTesla | Browse | |||
| 178.237.33.50 | Get hash | malicious | Remcos, GuLoader | Browse |
| |
| Get hash | malicious | Remcos, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Cobalt Strike, Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| teldrum.ro | Get hash | malicious | Remcos, GuLoader | Browse |
| |
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| linktreewealth.zapto.org | Get hash | malicious | Remcos, GuLoader | Browse |
| |
| geoplugin.net | Get hash | malicious | Remcos, GuLoader | Browse |
| |
| Get hash | malicious | Remcos, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Cobalt Strike, Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| RTDBucharestRomaniaRO | Get hash | malicious | Mirai | Browse |
| |
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| ATOM86-ASATOM86NL | Get hash | malicious | Remcos, GuLoader | Browse |
| |
| Get hash | malicious | Remcos, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Cobalt Strike, Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| SOFTLAYERUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Remcos, GuLoader | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | DanaBot, Vidar | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | Nitol | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nsk82C6.tmp\System.dll | Get hash | malicious | Remcos, GuLoader | Browse | ||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | FormBook, GuLoader | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | FormBook, GuLoader | Browse | |||
| Get hash | malicious | FormBook, GuLoader | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader | Browse |
| Process: | C:\Users\user\Desktop\LrBF2Z930N.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 296 |
| Entropy (8bit): | 3.419730426607857 |
| Encrypted: | false |
| SSDEEP: | 6:Mls4NUlP5YcIeeDAlOWAAe5q1gWA7DxbN2fBMMm0v:t4Glnec0WFe5BWItN25MMl |
| MD5: | 2C06EFAFA2291D8E9A89DD1B9F799E8B |
| SHA1: | 9438FF19F69B026520CC960CEE6DBB6FBB728BA9 |
| SHA-256: | D69C37335708204BC28C08E13CF1447DDD075844BC5466E7811877A3932D5602 |
| SHA-512: | F7867D5C0E02BF78BACB9A0512EC6277F1EF9DE9FC30E17013E95D1BECD6D0EE2BA9F84CA52F508E7FE5CF6CDB47F1D7FC7040C4A76965F6F9CD39460EF7B979 |
| Malicious: | true |
| Yara Hits: |
|
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\LrBF2Z930N.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 963 |
| Entropy (8bit): | 5.018722888793802 |
| Encrypted: | false |
| SSDEEP: | 12:tkluWJmnd6CsGkMyGWKyGXPVGArwY307f7aZHI7GZArpv/mOAaNO+ao9W7iN5zz2:qlupdRNuKyGX85jvXhNlT3/7XcV7Wro |
| MD5: | 267F9EC6CC4E12E1C5709DF015F4696F |
| SHA1: | D9A4A1DB44DB5776CA5821E37206665999BFC558 |
| SHA-256: | 8DB7063EB28EBF372CB46CDE7B85DCC719076BDD3A2DCA3CCF7E3881355AED3A |
| SHA-512: | 0907B58486F974BCD909ECA874F0A93E33DB534DEAA32EA3F332752C3D8CF284901187D642B22FE6718A8D98087D39BEE91317989AA62B3D1B0EA20D0CC8630A |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\LrBF2Z930N.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 25 |
| Entropy (8bit): | 4.0536606896881855 |
| Encrypted: | false |
| SSDEEP: | 3:8+dB4WYiTNvn:8AbYiTNvn |
| MD5: | 08CA75DA54EB4810D18796C97F510A55 |
| SHA1: | 3D9B020193D16E7D0F5392EF7693A6C5C6D2531D |
| SHA-256: | E628D2EE9FE054256B42FFDEC449254437949DEB45B13354D515579CE3E0618E |
| SHA-512: | 46D71D69FDCBF9069E74C1176080637A1356E747FA1A1C852172CF0BB36F44ED7D741EB6DF029F333D690E500462DFC9EDEB8B4EB7BB9642C907B792F30DED9A |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\LrBF2Z930N.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 17301504 |
| Entropy (8bit): | 0.8035057105868495 |
| Encrypted: | false |
| SSDEEP: | 6144:CdfjZb5aXEY2waXEY24URlWe4APXAP5APzAPwbndOO8pHAP6JnTJnTbnSotnBQ++:QVQ4e81ySaKKjirONseWs |
| MD5: | BB728BFAF44C3F68CBF27B712B6E762C |
| SHA1: | B7D541F6085C09B35F833782585A6CB1C6C0F7F0 |
| SHA-256: | 343EE207FF7E05C7C8F745FBE4BB8BB66AB43D1CEE7A46A2E2254BD788B94C5C |
| SHA-512: | F62C49194470D1533F75AE4548C59D0E1683FA91A5D21CE8538E74A49A34AABB74507BF7CA0713A56320AED38CD2E8C0A371B1D38C7463DFC4D761E124FDB884 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\LrBF2Z930N.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 550217 |
| Entropy (8bit): | 7.712228071105721 |
| Encrypted: | false |
| SSDEEP: | 6144:UnPdudwDCVOCg2G4A+uxXCpzna3MSzy99s5sbro5kd+B4hJ1QQsSGuhkrpzOUlec:UnPdMg2H8SpzaThHy7mzOUlvnVMs3e+ |
| MD5: | 25EEC63EDF7C0EB8628A89712B5CB363 |
| SHA1: | 4E8D586A950492C30147B7D56BCFAD49CD577966 |
| SHA-256: | E075807417590255DE4D395FA3DFBC336E88C96BBAB8AFCA1D5E5D5ABBAC0237 |
| SHA-512: | 086FEB119E2A02F2FD7AFC45C422F9B472F049EB2E79F83769F25254D88A84086275D2CFF1E891D360EA57978292CD0CAF958E4000CD659AC532165E1F881DFB |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\LrBF2Z930N.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 472 |
| Entropy (8bit): | 3.5294821709177473 |
| Encrypted: | false |
| SSDEEP: | 12:xQ4lA2++ugypjBQMPURoFgQ3DxFg9Hz/0aimi:7a2+SDhQTU9Aait |
| MD5: | 924A0F06DBF7BB208285CF7B75A793CE |
| SHA1: | B8F4C230F4DD6E8AF65BDC73D5183D2327F8DEE5 |
| SHA-256: | 57793763924E8B7FC8EDFBD405CEA9FFAEAF05BD282EDA83C47D7B474B7A14E7 |
| SHA-512: | 3FA9F4C35238E7419160D0779A9781C0343A29E999E7C622277011F9863A98590D322775191C6441C5B5918E006A9186BA2C8D01912BE001745115A93FEACE63 |
| Malicious: | true |
| Preview: |
| Process: | C:\Users\user\Desktop\LrBF2Z930N.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1091527 |
| Entropy (8bit): | 3.7883797592579986 |
| Encrypted: | false |
| SSDEEP: | 12288:qvZYo2Z5DAmaghhFm2YqtP4lIxgBVLpadBoS9CR:8YdJagOWP4EeVLeOF |
| MD5: | 714AB9E19CCDB0A431DB45B3EFD1D462 |
| SHA1: | C61D1E403FDF00B6FC47481D1C56BE7368A496E7 |
| SHA-256: | 2B9B7C3E4EA530F8AE338734ED61B365F0A124687EE88BEAE57E07259B0DCE66 |
| SHA-512: | A6E108B4787A8EA44BC6187960FBEC6B5C7954ED6695060C4BE8A88B579928CA31E4E30501374F9F896DEF92438EE1A04C2DBDA6CD4255E24587DE4741595F0B |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\LrBF2Z930N.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 5.805604762622714 |
| Encrypted: | false |
| SSDEEP: | 192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr |
| MD5: | 4ADD245D4BA34B04F213409BFE504C07 |
| SHA1: | EF756D6581D70E87D58CC4982E3F4D18E0EA5B09 |
| SHA-256: | 9111099EFE9D5C9B391DC132B2FAF0A3851A760D4106D5368E30AC744EB42706 |
| SHA-512: | 1BD260CABE5EA3CEFBBC675162F30092AB157893510F45A1B571489E03EBB2903C55F64F89812754D3FE03C8F10012B8078D1261A7E73AC1F87C82F714BCE03D |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\LrBF2Z930N.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2 |
| Entropy (8bit): | 1.0 |
| Encrypted: | false |
| SSDEEP: | 3:Qn:Qn |
| MD5: | F3B25701FE362EC84616A93A45CE9998 |
| SHA1: | D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB |
| SHA-256: | B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209 |
| SHA-512: | 98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\LrBF2Z930N.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 267655 |
| Entropy (8bit): | 1.2559804952290619 |
| Encrypted: | false |
| SSDEEP: | 768:HbUhrUe+zlum+LaFrAX40edupFSsZVfeTkVhbbCGx6+ZOoJrrSVlRM9k8rZgQWze:ICFg/VP97pb14sZg |
| MD5: | F6A4342C9271CFFEF29695EEA330941E |
| SHA1: | 291ABCFA507BA730832511E5F47EAA2CB4DFABBD |
| SHA-256: | 605B31C886C5989625152D1CD58BCACF2827DE36CC67B5D94D6B425955CEDBA6 |
| SHA-512: | D839DD8E3D74B7500F32318403BEAC3BA2DA83C48EF21555E78D368AA0404AC750DB1DD7EB8A7196DA32FBE3D880B66ED3166A39F17D8D0D13C9C4B19435530C |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\LrBF2Z930N.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 114454 |
| Entropy (8bit): | 1.2519787240577294 |
| Encrypted: | false |
| SSDEEP: | 768:RRDt23AKhN87PfNufvVxTfdx5U5Flf6VAETw:YEevVx2h |
| MD5: | F85E20AA1A28EEFFC89F744F6B6B67B3 |
| SHA1: | B61AEF131017C5605647983CE2D55769914BB104 |
| SHA-256: | C388ED22B7E44C0C3FDD6D064DD070DCA64CEA1E83D6151566641E7438C346ED |
| SHA-512: | EA89503F496B30DA5EAA74BB479007BB6B93463B775F16810A4391E79389A219398AC81DCCDD79C3F60E85DF77AA985E405BDF7B477C8F3217ECC3B7460BEE6A |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\LrBF2Z930N.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 310550 |
| Entropy (8bit): | 1.2527719188567612 |
| Encrypted: | false |
| SSDEEP: | 1536:CfvXvtPDO00Rz1DXs2sASdJwvyfnpZkL:klDO0MDRS9k |
| MD5: | 72FA348549D0BD9CE66E5F3EBA54DF3A |
| SHA1: | D5B4797D07374226CD8173964DF8753F4ABB9E6E |
| SHA-256: | 7F24A44B47D2C036AACE03D4F5EBEA053CED6ED06CE01ED70E6FD8AEE8211CC9 |
| SHA-512: | D375FC28BBA68A52E4C2CB97A9ADA416D38F29B21004F1853DC14ACF28CDE2A802D51FD66901D993DAA58E50D8C87FD2A8827482633B0B9874FF64F8442492B1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\LrBF2Z930N.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 83152 |
| Entropy (8bit): | 4.590487128538397 |
| Encrypted: | false |
| SSDEEP: | 1536:mPpv9Hyk6GJxFF88oQTFd5xzmxgxAVH3r2gnnAOpuIg:mPpvdys0xQT/5m9SJEuIg |
| MD5: | 3B9A97DDA581FFCEB29B192F228D66DF |
| SHA1: | A11D7ADCC7A283B75D217A27724324F53FB91540 |
| SHA-256: | F783B047374C53913141CAFDE79B94B7C0D3AEA69AE86EA4417D7C8EB7798529 |
| SHA-512: | 13BD775B3FF31F2127C28D26942DE8235EFE96AF4E2A921DBD82C813B53167E7B3E331A7F45178A77E65C2EF9CDA0D25DEAD6C775FFEC0F0E8CAD45DCB0DDF7E |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\LrBF2Z930N.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295959 |
| Entropy (8bit): | 7.608537202687179 |
| Encrypted: | false |
| SSDEEP: | 6144:WH4o5aBQ0lz5DJimagdvhT7lmfp8Fpzkc1PlKQl4ZPIxo4+V6GVS2paf:WYo2Z5DAmaghhFm2YqtP4lIxgBVLpaf |
| MD5: | 5B2D5C7C1482936796C2699166B34424 |
| SHA1: | 493E890B6548A54DDADB5D450797BBE68429502C |
| SHA-256: | A7C9A3BE29FACF27782B90B0E6EE7D6B645CD7F827C6475BFD19A6480D0890EA |
| SHA-512: | 3983BFC12B10AB6C26BF3D070CAA9960C6F6DF07D48BB27318C984BD2CA56CF310050E0ED40A8E11E284B70413B01773DF7F5178216953AF5A5E47E4F7A89368 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.712228071105721 |
| TrID: |
|
| File name: | LrBF2Z930N.exe |
| File size: | 550'217 bytes |
| MD5: | 25eec63edf7c0eb8628a89712b5cb363 |
| SHA1: | 4e8d586a950492c30147b7d56bcfad49cd577966 |
| SHA256: | e075807417590255de4d395fa3dfbc336e88c96bbab8afca1d5e5d5abbac0237 |
| SHA512: | 086feb119e2a02f2fd7afc45c422f9b472f049eb2e79f83769f25254d88a84086275d2cff1e891d360ea57978292cd0caf958e4000cd659ac532165e1f881dfb |
| SSDEEP: | 6144:UnPdudwDCVOCg2G4A+uxXCpzna3MSzy99s5sbro5kd+B4hJ1QQsSGuhkrpzOUlec:UnPdMg2H8SpzaThHy7mzOUlvnVMs3e+ |
| TLSH: | D9C4F1E4E210C1A7E25F5D38DAB169F11D80BC38D1E1087B43507EA9F4B2A2599EF91F |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN.*_...PN..PO.JPN.*_...PN..s~..PN..VH..PN.Rich.PN.........................PE..L...g..d.................h..."..... |
 | |
| Icon Hash: | 4571753721719a8d |
| Entrypoint: | 0x403645 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x64A0DC67 [Sun Jul 2 02:09:43 2023 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 9dda1a1d1f8a1d13ae0297b47046b26e |
| Instruction |
|---|
| sub esp, 000003F8h |
| push ebp |
| push esi |
| push edi |
| push 00000020h |
| pop edi |
| xor ebp, ebp |
| push 00008001h |
| mov dword ptr [esp+20h], ebp |
| mov dword ptr [esp+18h], 0040A230h |
| mov dword ptr [esp+14h], ebp |
| call dword ptr [004080A0h] |
| mov esi, dword ptr [004080A4h] |
| lea eax, dword ptr [esp+34h] |
| push eax |
| mov dword ptr [esp+4Ch], ebp |
| mov dword ptr [esp+0000014Ch], ebp |
| mov dword ptr [esp+00000150h], ebp |
| mov dword ptr [esp+38h], 0000011Ch |
| call esi |
| test eax, eax |
| jne 00007F30D0DF46AAh |
| lea eax, dword ptr [esp+34h] |
| mov dword ptr [esp+34h], 00000114h |
| push eax |
| call esi |
| mov ax, word ptr [esp+48h] |
| mov ecx, dword ptr [esp+62h] |
| sub ax, 00000053h |
| add ecx, FFFFFFD0h |
| neg ax |
| sbb eax, eax |
| mov byte ptr [esp+0000014Eh], 00000004h |
| not eax |
| and eax, ecx |
| mov word ptr [esp+00000148h], ax |
| cmp dword ptr [esp+38h], 0Ah |
| jnc 00007F30D0DF4678h |
| and word ptr [esp+42h], 0000h |
| mov eax, dword ptr [esp+40h] |
| movzx ecx, byte ptr [esp+3Ch] |
| mov dword ptr [00429B18h], eax |
| xor eax, eax |
| mov ah, byte ptr [esp+38h] |
| movzx eax, ax |
| or eax, ecx |
| xor ecx, ecx |
| mov ch, byte ptr [esp+00000148h] |
| movzx ecx, cx |
| shl eax, 10h |
| or eax, ecx |
| movzx ecx, byte ptr [esp+0000004Eh] |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x84fc | 0xa0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x4a000 | 0x18858 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2a8 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x66b7 | 0x6800 | e65344ac983813901119e185754ec24e | False | 0.6607196514423077 | data | 6.4378696011937135 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8000 | 0x1358 | 0x1400 | bd82d08a08da8783923a22b467699302 | False | 0.4431640625 | data | 5.103358601944578 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xa000 | 0x1fb78 | 0x600 | caa377d001cfc3215a3edff6d7702132 | False | 0.5091145833333334 | data | 4.126209888385862 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x2a000 | 0x20000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x4a000 | 0x18858 | 0x18a00 | 73bbe3fdd1585fbd610b24874590b455 | False | 0.22416322969543148 | data | 5.2980000367452575 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0x4a418 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | English | United States | 0.14908908079971608 |
| RT_ICON | 0x5ac40 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.27520746887966807 |
| RT_ICON | 0x5d1e8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.3553001876172608 |
| RT_ICON | 0x5e290 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2688 | English | United States | 0.48667377398720685 |
| RT_ICON | 0x5f138 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States | 0.43934426229508194 |
| RT_ICON | 0x5fac0 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1152 | English | United States | 0.569043321299639 |
| RT_ICON | 0x60368 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 672 | English | United States | 0.5552995391705069 |
| RT_ICON | 0x60a30 | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1536 | English | United States | 0.18841463414634146 |
| RT_ICON | 0x61098 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 320 | English | United States | 0.4869942196531792 |
| RT_ICON | 0x61600 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.598404255319149 |
| RT_ICON | 0x61a68 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | English | United States | 0.26344086021505375 |
| RT_ICON | 0x61d50 | 0x1e8 | Device independent bitmap graphic, 24 x 48 x 4, image size 384 | English | United States | 0.3094262295081967 |
| RT_ICON | 0x61f38 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | United States | 0.42905405405405406 |
| RT_DIALOG | 0x62060 | 0x100 | data | English | United States | 0.5234375 |
| RT_DIALOG | 0x62160 | 0x11c | data | English | United States | 0.6056338028169014 |
| RT_DIALOG | 0x62280 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0x622e0 | 0xbc | data | English | United States | 0.601063829787234 |
| RT_VERSION | 0x623a0 | 0x174 | data | English | United States | 0.5860215053763441 |
| RT_MANIFEST | 0x62518 | 0x33e | XML 1.0 document, ASCII text, with very long lines (830), with no line terminators | English | United States | 0.5542168674698795 |
| DLL | Import |
|---|---|
| ADVAPI32.dll | RegEnumValueW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegOpenKeyExW, RegCreateKeyExW |
| SHELL32.dll | SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW, ShellExecuteExW |
| ole32.dll | CoCreateInstance, OleUninitialize, OleInitialize, IIDFromString, CoTaskMemFree |
| COMCTL32.dll | ImageList_Destroy, ImageList_AddMasked, ImageList_Create |
| USER32.dll | MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, CreatePopupMenu, AppendMenuW, TrackPopupMenu, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, IsWindowEnabled, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CharPrevW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, CharNextA, wsprintfA, DispatchMessageW, CreateWindowExW, PeekMessageW, GetSystemMetrics |
| GDI32.dll | GetDeviceCaps, SetBkColor, SelectObject, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor |
| KERNEL32.dll | RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, WriteFile, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, Sleep, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, MulDiv, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, CopyFileW |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-14T15:32:07.043325+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.5 | 61631 | 109.99.162.14 | 443 | TCP |
| 2025-01-14T15:32:12.746195+0100 | 2032776 | ET MALWARE Remcos 3.x Unencrypted Checkin | 1 | 192.168.2.5 | 61632 | 43.226.229.209 | 3980 | TCP |
| 2025-01-14T15:32:14.153429+0100 | 2032777 | ET MALWARE Remcos 3.x Unencrypted Server Response | 1 | 43.226.229.209 | 3980 | 192.168.2.5 | 61632 | TCP |
| 2025-01-14T15:32:15.422525+0100 | 2803304 | ETPRO MALWARE Common Downloader Header Pattern HCa | 3 | 192.168.2.5 | 61634 | 178.237.33.50 | 80 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 14, 2025 15:30:12.246704102 CET | 61448 | 53 | 192.168.2.5 | 162.159.36.2 |
| Jan 14, 2025 15:30:12.251511097 CET | 53 | 61448 | 162.159.36.2 | 192.168.2.5 |
| Jan 14, 2025 15:30:12.251606941 CET | 61448 | 53 | 192.168.2.5 | 162.159.36.2 |
| Jan 14, 2025 15:30:12.256432056 CET | 53 | 61448 | 162.159.36.2 | 192.168.2.5 |
| Jan 14, 2025 15:30:12.696132898 CET | 61448 | 53 | 192.168.2.5 | 162.159.36.2 |
| Jan 14, 2025 15:30:12.701751947 CET | 53 | 61448 | 162.159.36.2 | 192.168.2.5 |
| Jan 14, 2025 15:30:12.701807976 CET | 61448 | 53 | 192.168.2.5 | 162.159.36.2 |
| Jan 14, 2025 15:32:05.825195074 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:05.825241089 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:05.825346947 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:05.836488008 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:05.836514950 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:06.759876013 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:06.760009050 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:06.809310913 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:06.809340954 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:06.809657097 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:06.809725046 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:06.812422991 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:06.859325886 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.043334961 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.043359041 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.043473959 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.043498039 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.043741941 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.164228916 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.164431095 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.164464951 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.164524078 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.166486979 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.166529894 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.166580915 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.166593075 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.166651011 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.289329052 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.289468050 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.289690971 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.289757013 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.290646076 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.290712118 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.290815115 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.290874958 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.291467905 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.291512966 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.291527033 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.291547060 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.291563034 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.291567087 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.291578054 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.291585922 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.291613102 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.291635990 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.406658888 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.406738997 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.406919956 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.406999111 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.407361031 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.407413960 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.407876968 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.407943964 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.408245087 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.408298969 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.408521891 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.408584118 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.409310102 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.409363031 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.409425974 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.409476995 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.493448019 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.493500948 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.493530989 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.493560076 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.493580103 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.493607044 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.493741989 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.493798018 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.494199038 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.494250059 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.494467974 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.494527102 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.494661093 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.494709015 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.494939089 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.494988918 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.527909994 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.528080940 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.528081894 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.528110981 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.528141022 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.528157949 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.528330088 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.528414965 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.528692961 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.528749943 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.528980970 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.529040098 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.529275894 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.529326916 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.529484987 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.529536963 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.532704115 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.532759905 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.532916069 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.532967091 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.547600985 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.547669888 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.580311060 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.580353975 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.580375910 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.580390930 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.580400944 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.580414057 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.580435038 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.580629110 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.580673933 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.580677032 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.580686092 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.580713987 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.580939054 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.581176996 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.614795923 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.614886045 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.614908934 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.614943981 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.614943981 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.614976883 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.615000010 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.615009069 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.615042925 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.615104914 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.615187883 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.615257978 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.615428925 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.615487099 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.615585089 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.615636110 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.615781069 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.615832090 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.615940094 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.615991116 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.616086006 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.616142035 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.666933060 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.666984081 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.667156935 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.667181969 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.667223930 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.667299032 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.667351007 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.667470932 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.667530060 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.667740107 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.667789936 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.667798996 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.667804003 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.667834997 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.667882919 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.667932034 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.701595068 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.701653004 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.701720953 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:07.701720953 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.701750040 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.701777935 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.702039003 CET | 61631 | 443 | 192.168.2.5 | 109.99.162.14 |
| Jan 14, 2025 15:32:07.702058077 CET | 443 | 61631 | 109.99.162.14 | 192.168.2.5 |
| Jan 14, 2025 15:32:12.739645958 CET | 61632 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:12.744501114 CET | 3980 | 61632 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:12.744714022 CET | 61632 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:12.746195078 CET | 61632 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:12.751002073 CET | 3980 | 61632 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:14.153429031 CET | 3980 | 61632 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:14.188469887 CET | 61632 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:14.193398952 CET | 3980 | 61632 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:14.669332027 CET | 3980 | 61632 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:14.689441919 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:14.694319010 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:14.694396973 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:14.694845915 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:14.699760914 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:14.720177889 CET | 61632 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:14.772214890 CET | 61634 | 80 | 192.168.2.5 | 178.237.33.50 |
| Jan 14, 2025 15:32:14.777086973 CET | 80 | 61634 | 178.237.33.50 | 192.168.2.5 |
| Jan 14, 2025 15:32:14.777162075 CET | 61634 | 80 | 192.168.2.5 | 178.237.33.50 |
| Jan 14, 2025 15:32:14.777337074 CET | 61634 | 80 | 192.168.2.5 | 178.237.33.50 |
| Jan 14, 2025 15:32:14.782114029 CET | 80 | 61634 | 178.237.33.50 | 192.168.2.5 |
| Jan 14, 2025 15:32:15.349201918 CET | 3980 | 61632 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:15.351736069 CET | 61632 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:15.356693029 CET | 3980 | 61632 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:15.422454119 CET | 80 | 61634 | 178.237.33.50 | 192.168.2.5 |
| Jan 14, 2025 15:32:15.422524929 CET | 61634 | 80 | 192.168.2.5 | 178.237.33.50 |
| Jan 14, 2025 15:32:15.474270105 CET | 61632 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:15.479173899 CET | 3980 | 61632 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.116988897 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.117007971 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.117019892 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.117029905 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.117042065 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.117053032 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.117064953 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.117074966 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.117086887 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.117090940 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:16.117096901 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.117135048 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:16.117135048 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:16.121982098 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.122004986 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.122072935 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:16.424583912 CET | 80 | 61634 | 178.237.33.50 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.424958944 CET | 61634 | 80 | 192.168.2.5 | 178.237.33.50 |
| Jan 14, 2025 15:32:16.566658974 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.566693068 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.566706896 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.566719055 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.566731930 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.566751957 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:16.566786051 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:16.567006111 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.567051888 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:16.567110062 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.567133904 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.567147017 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.567186117 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:16.567187071 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.567203999 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.567234039 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:16.568075895 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.568089962 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.568104982 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.568116903 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.568121910 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:16.568133116 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.568156004 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:16.568201065 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:16.568919897 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.568958998 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.568978071 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.568991899 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.569010973 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:16.569046974 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:16.569174051 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.610806942 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:16.653927088 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.653949022 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.653965950 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:16.654022932 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:16.704547882 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.035597086 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.035620928 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.035634995 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.035648108 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.035662889 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.035664082 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.035677910 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.035692930 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.035706043 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.035737038 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.036041975 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.036055088 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.036067009 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.036078930 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.036108017 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.036389112 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.036401987 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.036415100 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.036427975 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.036436081 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.036442995 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.036458969 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.036475897 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.036495924 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.037125111 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.037137985 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.037162066 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.037173033 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.037203074 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.037219048 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.037233114 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.037244081 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.037249088 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.037267923 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.038003922 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.038053989 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.038069010 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.038083076 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.038095951 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.038106918 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.038116932 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.038120031 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.038134098 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.038144112 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.038177013 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.038960934 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.038980961 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.038995981 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.039007902 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.039021969 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.039030075 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.039042950 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.039061069 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.039062977 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.039096117 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.039870977 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.039915085 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.039921045 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.039930105 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.039942980 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.039956093 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.039966106 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.039969921 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.039984941 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.040007114 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.040013075 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.040803909 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.040817976 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.040859938 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.122184038 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.122205019 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.122221947 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.122253895 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.173309088 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.505031109 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.505052090 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.505064964 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.505076885 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.505089045 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.505106926 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.505121946 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.505187988 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.505222082 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.505249023 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.505255938 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.505264044 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.505278111 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.505301952 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.505302906 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.505533934 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.505546093 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.505558968 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.505572081 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.505584002 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.505605936 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.505605936 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.505625010 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.505861044 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.505903006 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.505922079 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.505934000 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.505945921 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.505953074 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.505961895 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.505975008 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.505979061 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.505991936 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.506015062 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.506016970 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.506040096 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.506556988 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.506571054 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.506582022 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.506594896 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.506607056 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.506608963 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.506618977 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.506633043 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.506635904 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.506645918 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.506660938 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.506669044 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.506681919 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.506711006 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.506711006 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.507167101 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.507178068 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.507189989 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.507225037 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.507323980 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.507335901 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.507349014 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.507359982 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.507374048 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.507404089 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.507422924 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.507587910 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.507601023 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.507613897 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.507635117 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.507642984 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.507647991 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.507666111 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.507679939 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.507693052 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.507702112 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.507702112 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.507738113 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.508282900 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.508301973 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.508316040 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.508328915 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.508341074 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.508347034 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.508356094 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.508369923 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.508373976 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.508383989 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.508398056 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.508402109 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.508410931 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.508424044 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.508440018 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.508450985 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.508450985 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.508460045 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.508522034 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.510123014 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.510148048 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.510160923 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.510169983 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.510219097 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.510243893 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.510266066 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.510278940 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.510315895 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.510324955 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.510333061 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.510348082 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.510394096 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.510394096 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.510397911 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.510411978 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.510425091 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.510437012 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.510451078 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.510493040 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.510493040 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.511146069 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.511159897 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.511172056 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.511184931 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.511198044 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.511210918 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.511224985 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.511230946 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.511230946 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.511236906 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.511251926 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.511275053 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.511275053 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.511302948 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.591624975 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.591645002 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.591665030 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.591677904 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.591691017 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.591706038 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.591773033 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.591788054 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.591800928 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.591811895 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.591825962 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.591836929 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.591850996 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.591862917 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.591958046 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.591958046 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.974205971 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974242926 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974288940 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974301100 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974312067 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974324942 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974344015 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974355936 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974366903 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974381924 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974391937 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974405050 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974416971 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974431992 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974473953 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974484921 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.974576950 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974590063 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974608898 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974622965 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974627972 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.974627972 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.974639893 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974658966 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974670887 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974678040 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.974678040 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.974684954 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974699020 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974713087 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974725962 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974740028 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974741936 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.974741936 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.974777937 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974800110 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974814892 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974817991 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.974817991 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.974831104 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974852085 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974864960 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974875927 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974881887 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974889994 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974934101 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974953890 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974956036 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.974966049 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.974992037 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975003004 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.975003958 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.975033045 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975045919 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975083113 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975091934 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.975091934 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.975097895 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975112915 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975126982 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975172043 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.975172043 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.975210905 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975224018 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975236893 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975249052 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975260973 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975277901 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975287914 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.975287914 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.975300074 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975327015 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975330114 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.975342035 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975357056 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975400925 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.975400925 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.975409031 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975420952 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975451946 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975466967 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975467920 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.975481033 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975493908 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975507021 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975517988 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975532055 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.975532055 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.975569010 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.975759029 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975771904 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975785971 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975800991 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975831985 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.975847006 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.975934029 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975959063 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975977898 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.975981951 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.976016998 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976027012 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.976031065 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976054907 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976068020 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976082087 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976094007 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.976094007 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.976097107 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976157904 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976171017 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976190090 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.976191044 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976212978 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976213932 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.976229906 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976243973 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976253033 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.976259947 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976274014 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976291895 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976303101 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.976303101 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.976314068 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976326942 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976336002 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976341963 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976361036 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976383924 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.976383924 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.976454973 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976469040 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976483107 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976505041 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976511955 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.976525068 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976531982 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.976541996 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976555109 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976568937 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976593018 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.976614952 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.976644993 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976659060 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976671934 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976697922 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976712942 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976712942 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.976712942 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.976728916 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976752043 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976766109 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976768970 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.976803064 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976814032 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.976825953 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976840019 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976852894 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976867914 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976881027 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.976881027 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.976927996 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976967096 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.976984024 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.977005005 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.977005005 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.977016926 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.977030993 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.977045059 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.977058887 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.977101088 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.977101088 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.977111101 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.977124929 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.977138996 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.977154016 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.977168083 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.977169991 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:17.977191925 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:17.977206945 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.060982943 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061000109 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061021090 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061033964 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061047077 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061058044 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061072111 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061083078 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061094999 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061100960 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061150074 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061161995 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061172962 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061180115 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061181068 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.061211109 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061218023 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061223030 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.061227083 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061256886 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061270952 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061285019 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061290979 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.061311960 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061327934 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.061327934 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.061403990 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061428070 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061445951 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061458111 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061469078 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061481953 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061484098 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.061495066 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061510086 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061510086 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.061510086 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.061551094 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.061583996 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061595917 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061618090 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061629057 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061640978 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061655045 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061665058 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.061665058 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.061667919 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061706066 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.061706066 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.061733007 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061816931 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061827898 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061839104 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061850071 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061862946 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061882973 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061894894 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061899900 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.061899900 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.061908960 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061920881 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.061922073 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061937094 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.061966896 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061979055 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.061983109 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.061994076 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.062031984 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.062176943 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.062189102 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.062201977 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.062213898 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.062227011 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.062238932 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.062242031 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.062253952 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.062267065 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.062267065 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.062267065 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.062279940 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.062284946 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.062300920 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.062314034 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.062330961 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.062334061 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.062346935 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.062350035 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.062361002 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.062374115 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.062386036 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.062406063 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.062421083 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.062421083 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.062475920 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.062644005 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.062664032 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.062680960 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.062695980 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.062711000 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.062716961 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.062726974 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.062740088 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.062764883 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.062808037 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.443557024 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.443588972 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.443603039 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.443615913 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.443628073 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.443640947 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.443654060 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.443654060 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.443667889 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.443689108 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.443702936 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.443720102 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.443743944 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.443749905 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.443763018 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.443775892 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.443789959 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.443814993 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.443835974 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.443866014 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.443969011 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.443985939 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.443998098 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444010973 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444015026 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.444024086 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444040060 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.444045067 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444058895 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444071054 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444075108 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.444084883 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444097996 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444103003 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.444112062 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444123983 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.444137096 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444145918 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.444152117 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444164038 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444178104 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444191933 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444200039 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.444219112 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.444219112 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444232941 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444245100 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444257021 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444257975 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.444273949 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444283962 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.444308043 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.444344044 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444355965 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444367886 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444399118 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.444410086 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444422960 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444436073 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444454908 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444461107 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.444469929 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444483995 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.444483995 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444508076 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.444689035 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444701910 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444714069 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444725037 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444730997 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.444739103 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444751978 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444757938 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.444765091 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444780111 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.444806099 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.444813967 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444825888 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444837093 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444855928 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444861889 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444863081 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.444869995 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444876909 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444888115 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444896936 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444902897 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.444907904 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:18.444926977 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.444941044 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:18.444973946 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:21.386769056 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:21.391834974 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:21.391854048 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:21.391858101 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:21.391868114 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:21.391879082 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:21.391886950 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:21.391906023 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:21.391963959 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:21.391993999 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:21.391995907 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:21.392004967 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:21.392040968 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:21.396791935 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:21.396904945 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:21.396915913 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:21.397018909 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:21.397030115 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:21.397128105 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:21.397138119 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:21.479285955 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:21.484850883 CET | 3980 | 61633 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:21.484955072 CET | 61633 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:45.357743979 CET | 3980 | 61632 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:32:45.360258102 CET | 61632 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:32:45.365144968 CET | 3980 | 61632 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:33:15.365206957 CET | 3980 | 61632 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:33:15.367435932 CET | 61632 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:33:15.372184992 CET | 3980 | 61632 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:33:36.951356888 CET | 3980 | 61632 | 43.226.229.209 | 192.168.2.5 |
| Jan 14, 2025 15:33:37.095285892 CET | 61632 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:33:41.293220997 CET | 61632 | 3980 | 192.168.2.5 | 43.226.229.209 |
| Jan 14, 2025 15:33:41.293596029 CET | 61634 | 80 | 192.168.2.5 | 178.237.33.50 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 14, 2025 15:30:12.244343042 CET | 53 | 57990 | 162.159.36.2 | 192.168.2.5 |
| Jan 14, 2025 15:30:12.781863928 CET | 54120 | 53 | 192.168.2.5 | 1.1.1.1 |
| Jan 14, 2025 15:30:12.789113998 CET | 53 | 54120 | 1.1.1.1 | 192.168.2.5 |
| Jan 14, 2025 15:32:05.694335938 CET | 60629 | 53 | 192.168.2.5 | 1.1.1.1 |
| Jan 14, 2025 15:32:05.773442984 CET | 53 | 60629 | 1.1.1.1 | 192.168.2.5 |
| Jan 14, 2025 15:32:12.726346016 CET | 49616 | 53 | 192.168.2.5 | 1.1.1.1 |
| Jan 14, 2025 15:32:12.735357046 CET | 53 | 49616 | 1.1.1.1 | 192.168.2.5 |
| Jan 14, 2025 15:32:14.761765003 CET | 57170 | 53 | 192.168.2.5 | 1.1.1.1 |
| Jan 14, 2025 15:32:14.770092964 CET | 53 | 57170 | 1.1.1.1 | 192.168.2.5 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Jan 14, 2025 15:30:12.781863928 CET | 192.168.2.5 | 1.1.1.1 | 0x190a | Standard query (0) | PTR (Pointer record) | IN (0x0001) | false | |
| Jan 14, 2025 15:32:05.694335938 CET | 192.168.2.5 | 1.1.1.1 | 0x4811 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 14, 2025 15:32:12.726346016 CET | 192.168.2.5 | 1.1.1.1 | 0x34da | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 14, 2025 15:32:14.761765003 CET | 192.168.2.5 | 1.1.1.1 | 0x474d | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Jan 14, 2025 15:30:12.789113998 CET | 1.1.1.1 | 192.168.2.5 | 0x190a | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | false | |
| Jan 14, 2025 15:32:05.773442984 CET | 1.1.1.1 | 192.168.2.5 | 0x4811 | No error (0) | 109.99.162.14 | A (IP address) | IN (0x0001) | false | ||
| Jan 14, 2025 15:32:12.735357046 CET | 1.1.1.1 | 192.168.2.5 | 0x34da | No error (0) | 43.226.229.209 | A (IP address) | IN (0x0001) | false | ||
| Jan 14, 2025 15:32:14.770092964 CET | 1.1.1.1 | 192.168.2.5 | 0x474d | No error (0) | 178.237.33.50 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 61634 | 178.237.33.50 | 80 | 516 | C:\Users\user\Desktop\LrBF2Z930N.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 14, 2025 15:32:14.777337074 CET | 71 | OUT | |
| Jan 14, 2025 15:32:15.422454119 CET | 1171 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 61631 | 109.99.162.14 | 443 | 516 | C:\Users\user\Desktop\LrBF2Z930N.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-14 14:32:06 UTC | 173 | OUT | |
| 2025-01-14 14:32:07 UTC | 223 | IN | |
| 2025-01-14 14:32:07 UTC | 7969 | IN | |
| 2025-01-14 14:32:07 UTC | 8000 | IN | |
| 2025-01-14 14:32:07 UTC | 8000 | IN | |
| 2025-01-14 14:32:07 UTC | 8000 | IN | |
| 2025-01-14 14:32:07 UTC | 8000 | IN | |
| 2025-01-14 14:32:07 UTC | 8000 | IN | |
| 2025-01-14 14:32:07 UTC | 8000 | IN | |
| 2025-01-14 14:32:07 UTC | 8000 | IN | |
| 2025-01-14 14:32:07 UTC | 8000 | IN | |
| 2025-01-14 14:32:07 UTC | 8000 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 09:29:41 |
| Start date: | 14/01/2025 |
| Path: | C:\Users\user\Desktop\LrBF2Z930N.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 550'217 bytes |
| MD5 hash: | 25EEC63EDF7C0EB8628A89712B5CB363 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 09:31:50 |
| Start date: | 14/01/2025 |
| Path: | C:\Users\user\Desktop\LrBF2Z930N.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 550'217 bytes |
| MD5 hash: | 25EEC63EDF7C0EB8628A89712B5CB363 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 5 |
| Start time: | 09:32:17 |
| Start date: | 14/01/2025 |
| Path: | C:\Users\user\Desktop\LrBF2Z930N.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 550'217 bytes |
| MD5 hash: | 25EEC63EDF7C0EB8628A89712B5CB363 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 6 |
| Start time: | 09:32:17 |
| Start date: | 14/01/2025 |
| Path: | C:\Users\user\Desktop\LrBF2Z930N.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 550'217 bytes |
| MD5 hash: | 25EEC63EDF7C0EB8628A89712B5CB363 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 7 |
| Start time: | 09:32:17 |
| Start date: | 14/01/2025 |
| Path: | C:\Users\user\Desktop\LrBF2Z930N.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 550'217 bytes |
| MD5 hash: | 25EEC63EDF7C0EB8628A89712B5CB363 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 8 |
| Start time: | 09:33:36 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\SysWOW64\wscript.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xe60000 |
| File size: | 147'456 bytes |
| MD5 hash: | FF00E0480075B095948000BDC66E81F0 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 15.7% |
| Dynamic/Decrypted Code Coverage: | 13.4% |
| Signature Coverage: | 15.9% |
| Total number of Nodes: | 1606 |
| Total number of Limit Nodes: | 33 |
Graph
Function 00403645 Relevance: 88.0, APIs: 32, Strings: 18, Instructions: 464stringfilecomCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405D8E Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406DA0 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403D54 Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004030D5 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 204memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004066BF Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 204stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401774 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004026F1 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406A06 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401C48 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040248F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004071D5 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004073D6 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004070EC Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406BF1 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040703F Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040715D Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004070A9 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040347E Relevance: 4.6, APIs: 3, Instructions: 101COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004020DD Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403376 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405BD6 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405C65 Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406172 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405C30 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402896 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004023B7 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406224 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004061F5 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6E392A7F Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004023F9 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004035FD Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6E392B98 Relevance: 1.4, APIs: 1, Instructions: 143COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401FA9 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6E3912BB Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405846 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404AF2 Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6E391BFF Relevance: 20.1, APIs: 13, Instructions: 597stringlibrarymemoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402910 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040506E Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404102 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004047C0 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004062C8 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404668 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404FBC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402F98 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6E392655 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404EAE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6E391979 Relevance: 7.7, APIs: 5, Instructions: 194COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6E392480 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D86 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401E53 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6E3916BD Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F51 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6E3910E1 Relevance: 6.4, APIs: 5, Instructions: 145memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402643 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406059 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040567B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406550 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F9D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004060D7 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 2.7% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 1.3% |
| Total number of Nodes: | 1671 |
| Total number of Limit Nodes: | 5 |
Graph
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 378612EE Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 243stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3786C803 Relevance: 7.6, APIs: 5, Instructions: 54librarymemoryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3786724E Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 378659D6 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37861CCA Relevance: 13.6, APIs: 9, Instructions: 84fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37869492 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37868821 Relevance: 9.2, APIs: 6, Instructions: 216COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 378615DA Relevance: 9.1, APIs: 6, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37861000 Relevance: 9.1, APIs: 6, Instructions: 76stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37863856 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37864B39 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37867153 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37861E89 Relevance: 7.5, APIs: 5, Instructions: 41stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37865351 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 378686E4 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37865CE1 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 6.4% |
| Dynamic/Decrypted Code Coverage: | 9.2% |
| Signature Coverage: | 3.2% |
| Total number of Nodes: | 2000 |
| Total number of Limit Nodes: | 81 |
Graph
Function 0040DD85 Relevance: 33.5, APIs: 15, Strings: 4, Instructions: 212filenativeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00413D4C Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 142processlibraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404423 Relevance: 4.6, APIs: 3, Instructions: 51libraryencryptionloaderCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040AE51 Relevance: 3.0, APIs: 2, Instructions: 39fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00418981 Relevance: 3.0, APIs: 2, Instructions: 28COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B6EF Relevance: 30.1, APIs: 15, Strings: 2, Instructions: 388fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040E01E Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 120fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00413F4F Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 29libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00412465 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 88windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041837F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 140fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A804 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 40libraryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040BDB0 Relevance: 12.2, APIs: 8, Instructions: 151COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00414C2E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00413CA4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloadertimeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004087B3 Relevance: 7.7, APIs: 6, Instructions: 190COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004148B6 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040E4B2 Relevance: 4.6, APIs: 3, Instructions: 87fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00418758 Relevance: 4.6, APIs: 3, Instructions: 79COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004175ED Relevance: 4.5, APIs: 3, Instructions: 49fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00417570 Relevance: 4.5, APIs: 3, Instructions: 30COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00409A45 Relevance: 4.5, APIs: 3, Instructions: 26COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004175B7 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 24sleepCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004099F4 Relevance: 3.8, APIs: 3, Instructions: 38COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040CC26 Relevance: 3.1, APIs: 2, Instructions: 53COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041BC3B Relevance: 2.7, APIs: 2, Instructions: 195COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004104FB Relevance: 2.6, APIs: 2, Instructions: 140COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00418C63 Relevance: 2.6, APIs: 2, Instructions: 132COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004300E8 Relevance: 2.6, APIs: 2, Instructions: 103COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B1AB Relevance: 2.5, APIs: 2, Instructions: 14COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403988 Relevance: 1.6, APIs: 1, Instructions: 56timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004062A6 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00414561 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00444A54 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00413F27 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A2EF Relevance: 1.5, APIs: 1, Instructions: 13fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A30E Relevance: 1.5, APIs: 1, Instructions: 13fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00413D29 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004096C3 Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004096DC Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B04B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004135E0 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041493C Relevance: 1.5, APIs: 1, Instructions: 8COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044DEA5 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040AEBE Relevance: 1.5, APIs: 1, Instructions: 8COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00414592 Relevance: 1.5, APIs: 1, Instructions: 7registryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00409B98 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041BE52 Relevance: 1.3, APIs: 1, Instructions: 99COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004095D9 Relevance: 1.3, APIs: 1, Instructions: 66COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00415B2C Relevance: 1.3, APIs: 1, Instructions: 62COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00445403 Relevance: 1.3, APIs: 1, Instructions: 60COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004068BF Relevance: 1.3, APIs: 1, Instructions: 59COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406B90 Relevance: 1.3, APIs: 1, Instructions: 56COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406214 Relevance: 1.3, APIs: 1, Instructions: 39COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040AFCF Relevance: 1.3, APIs: 1, Instructions: 12COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B633 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040AA04 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00415308 Relevance: 1.3, APIs: 1, Instructions: 5COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004098E2 Relevance: 16.6, APIs: 11, Instructions: 59clipboardmemoryfileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004182CE Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401806 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004018C0 Relevance: 1.5, APIs: 1, Instructions: 6nativeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040C87B Relevance: 54.5, APIs: 27, Strings: 4, Instructions: 285stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004131DC Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 214windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401198 Relevance: 39.2, APIs: 26, Instructions: 185COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041352F Relevance: 33.3, APIs: 9, Strings: 10, Instructions: 41libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00411346 Relevance: 31.8, APIs: 13, Strings: 5, Instructions: 263windowregistryclipboardCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408560 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 182stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004138C1 Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 49libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041383D Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 44libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004111C1 Relevance: 18.1, APIs: 12, Instructions: 113COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040C084 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 110stringfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004060A4 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 97timewindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040D957 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 97windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040D2AB Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004082C7 Relevance: 15.2, APIs: 10, Instructions: 229COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00409F42 Relevance: 15.1, APIs: 10, Instructions: 103COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004044A4 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 52libraryloaderwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A661 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52librarywindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407E1E Relevance: 13.6, APIs: 9, Instructions: 115COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F4E Relevance: 12.1, APIs: 8, Instructions: 89windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041881C Relevance: 12.1, APIs: 8, Instructions: 70timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040D7A7 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A06C Relevance: 10.6, APIs: 7, Instructions: 63timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404363 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 59libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408F2F Relevance: 9.1, APIs: 6, Instructions: 119COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004185CA Relevance: 9.1, APIs: 6, Instructions: 78COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004174F5 Relevance: 9.1, APIs: 6, Instructions: 61COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040973C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040E946 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041748F Relevance: 7.6, APIs: 5, Instructions: 53COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040D441 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00445093 Relevance: 7.5, APIs: 5, Instructions: 46COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040E8E0 Relevance: 7.5, APIs: 5, Instructions: 41COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040E758 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401137 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00414E13 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041D893 Relevance: 6.3, APIs: 5, Instructions: 82COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00412A2A Relevance: 6.3, APIs: 5, Instructions: 50COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00410D9B Relevance: 6.2, APIs: 4, Instructions: 169windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00417FD5 Relevance: 6.1, APIs: 4, Instructions: 138fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00410C46 Relevance: 6.1, APIs: 4, Instructions: 106COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040AED2 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004144BB Relevance: 6.1, APIs: 4, Instructions: 55COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00414D8A Relevance: 6.1, APIs: 4, Instructions: 53COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00410FB4 Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00417434 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00409B32 Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00417B5E Relevance: 6.0, APIs: 4, Instructions: 45fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041437B Relevance: 6.0, APIs: 4, Instructions: 38COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A751 Relevance: 6.0, APIs: 4, Instructions: 34timeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004134C6 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00411D08 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 187windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00414B81 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 13libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042B9BD Relevance: 5.2, APIs: 4, Instructions: 181COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040E820 Relevance: 5.1, APIs: 4, Instructions: 70COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A8D0 Relevance: 5.1, APIs: 4, Instructions: 69COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B1D1 Relevance: 5.1, APIs: 4, Instructions: 67COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408ADC Relevance: 5.1, APIs: 4, Instructions: 63COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B0D1 Relevance: 5.1, APIs: 4, Instructions: 55stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004173E4 Relevance: 5.0, APIs: 4, Instructions: 41COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00409D1F Relevance: 5.0, APIs: 4, Instructions: 32COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 2.4% |
| Dynamic/Decrypted Code Coverage: | 19.9% |
| Signature Coverage: | 0.5% |
| Total number of Nodes: | 870 |
| Total number of Limit Nodes: | 22 |
Graph
Function 004082CD Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 145stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407EF8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58filestringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401E69 Relevance: 52.8, APIs: 19, Strings: 11, Instructions: 261stringregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403C16 Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 184libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040FB00 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 101registryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004442EA Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 97stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040F460 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 180registryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004037CA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 86stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040CCD7 Relevance: 9.1, APIs: 6, Instructions: 71windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004085D2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79registryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044B42B Relevance: 7.6, APIs: 5, Instructions: 54librarymemoryloaderCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00410DBB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00410C68 Relevance: 6.1, APIs: 4, Instructions: 58COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004109CF Relevance: 6.1, APIs: 4, Instructions: 52COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044B33B Relevance: 6.0, APIs: 4, Instructions: 25COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408D34 Relevance: 5.0, APIs: 4, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406F30 Relevance: 3.8, APIs: 3, Instructions: 38COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00410A6B Relevance: 1.5, APIs: 1, Instructions: 19COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404785 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406D1A Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004107F1 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00410CF3 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407F90 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00410A9C Relevance: 1.5, APIs: 1, Instructions: 7registryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406F81 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004047CB Relevance: 38.5, APIs: 11, Strings: 11, Instructions: 49libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004033F0 Relevance: 7.6, Strings: 6, Instructions: 61COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00410401 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 264stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401060 Relevance: 39.2, APIs: 26, Instructions: 186COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040F0CE Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 192stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040C3D0 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 111stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004445ED Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 202stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00410034 Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 48libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040F802 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 118registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040955A Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 86windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004045DB Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 41libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404235 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 100stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004100CC Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 81stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004019EA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 195stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403166 Relevance: 13.6, APIs: 1, Strings: 8, Instructions: 100stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004036E5 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 67stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004072D6 Relevance: 12.1, APIs: 8, Instructions: 72COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004093B2 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77windowstringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004076B7 Relevance: 10.6, APIs: 6, Strings: 1, Instructions: 62stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004101AF Relevance: 9.1, APIs: 6, Instructions: 143COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00444059 Relevance: 9.1, APIs: 6, Instructions: 96stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00443473 Relevance: 9.0, APIs: 6, Instructions: 46COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401694 Relevance: 9.0, APIs: 6, Instructions: 44COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004063B2 Relevance: 8.9, APIs: 7, Instructions: 157COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044493E Relevance: 8.9, APIs: 7, Instructions: 147stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040F6E2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 97stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004032B7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00444551 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 51registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004090B0 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B994 Relevance: 7.5, APIs: 5, Instructions: 44windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00410777 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040821D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040C26C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401000 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040759E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044338B Relevance: 6.3, APIs: 5, Instructions: 81COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404888 Relevance: 6.3, APIs: 5, Instructions: 77COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040D2A3 Relevance: 6.3, APIs: 5, Instructions: 50COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004257AA Relevance: 6.2, APIs: 4, Instructions: 181COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402624 Relevance: 6.1, APIs: 4, Instructions: 127COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040C8B8 Relevance: 6.1, APIs: 4, Instructions: 115windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B5E5 Relevance: 6.1, APIs: 4, Instructions: 114stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004113B2 Relevance: 6.1, APIs: 4, Instructions: 85stringCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00444462 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B903 Relevance: 6.0, APIs: 4, Instructions: 45windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00409070 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004097FF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042C821 Relevance: 5.2, APIs: 4, Instructions: 185COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040848B Relevance: 5.1, APIs: 4, Instructions: 104stringCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004161CB Relevance: 5.1, APIs: 4, Instructions: 70COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040998E Relevance: 5.1, APIs: 4, Instructions: 65COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040796E Relevance: 5.1, APIs: 4, Instructions: 63stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|